SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for shim-15.4-4.7.1.x86_64.rpm :

* Thu Jul 15 2021 jsegitzAATTsuse.com- Update the SLE signatures
* Thu Jul 01 2021 glinAATTsuse.com- Add shim-bsc1187696-avoid-deleting-rt-variables.patch to avoid deleting the mirrored RT variables (bsc#1187696)
* Mon Jun 21 2021 glinAATTsuse.com- Split the keys in vendor-dbx.bin to vendor-dbx-sles and vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce the size of MokListXRT (bsc#1185261) + Also update generate-vendor-dbx.sh in dbx-cert.tar.xz- Add shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch to handle ignore_db and user_insecure_mode correctly (bsc#1185441, bsc#1187071)- Add shim-bsc1185621-relax-max-var-sz-check.patch to relax the maximum variable size check for u-boot (bsc#1185621) + Also drop AArch64 suse-signed shim since we merged this patch- Add shim-bsc1185261-relax-import_mok_state-check.patch to relax the check for import_mok_state() when Secure Boot is off. (bsc#1185261)- Add shim-bsc1185232-relax-loadoptions-length-check.patch to ignore the odd LoadOptions length (bsc#1185232)- shim-install: reset def_shim_efi to \"shim.efi\" if the given file doesn\'t exist- Add shim-fix-aa64-relsz.patch to fix the size of rela sections for AArch64 Fix: https://github.com/rhboot/shim/issues/371- Add shim-disable-export-vendor-dbx.patch to disable exporting vendor-dbx to MokListXRT since writing a large RT variable could crash some machines (bsc#1185261)- Add shim-bsc1187260-fix-efi-1.10-machines.patch to avoid the potential crash when calling QueryVariableInfo in EFI 1.10 machines (bsc#1187260)- Add shim-bsc1185232-fix-config-table-copying.patch to avoid buffer overflow when copying data to the MOK config table (bsc#1185232)
* Thu May 20 2021 glinAATTsuse.com- shim-install: instead of assuming \"removable\" for Azure, remove fallback.efi from \\EFI\\Boot and copy grub.efi/cfg to \\EFI\\Boot to make \\EFI\\Boot bootable and keep the boot option created by efibootmgr (bsc#1185464, bsc#1185961)
* Fri May 07 2021 glinAATTsuse.com- shim-install: always assume \"removable\" for Azure to avoid the endless reset loop (bsc#1185464)
* Thu May 06 2021 glinAATTsuse.com- Include suse-signed shim for AArch64 (bsc#1185621)
* Thu Apr 22 2021 glinAATTsuse.com- Enable the AArch64 signature check for SLE
* Wed Apr 21 2021 jsegitzAATTsuse.com- Update the SLE signatures
* Thu Apr 08 2021 glinAATTsuse.com- Add shim-bsc1184454-allocate-mok-config-table-BS.patch to avoid the error message during linux system boot (bsc#1184454)
* Wed Apr 07 2021 jsegitzAATTsuse.com- Add remove_build_id.patch to prevent the build id being added to the binary. That can cause issues with the signature
* Wed Mar 31 2021 glinAATTsuse.com- Update to 15.4 (bsc#1182057) + Rename the SBAT variable and fix the self-check of SBAT + sbat: add more dprint() + arm/aa64: Swizzle some sections to make old sbsign happier + arm/aa64 targets: put .rel
* and .dyn
* in .rodata- Drop upstreamed patch: + shim-bsc1182057-sbat-variable-enhancement.patch
* Mon Mar 29 2021 glinAATTsuse.com- Add shim-bsc1182057-sbat-variable-enhancement.patch to change the SBAT variable name and enhance the handling of SBAT (bsc#1182057)
* Wed Mar 24 2021 glinAATTsuse.com- Update to 15.3 for SBAT support (bsc#1182057) + Drop gnu-efi from BuildRequires since upstream pull it into the tar ball.- Generate vender-specific SBAT metadata + Add dos2unix to BuildRequires since Makefile requires it for vendor SBAT- Update dbx-cert.tar.xz and vendor-dbx.bin to block the following sign keys: + SLES-UEFI-SIGN-Certificate-2020-07.crt + openSUSE-UEFI-SIGN-Certificate-2020-07.crt- Refresh patches + shim-arch-independent-names.patch + shim-change-debug-file-path.patch + shim-bsc1177315-verify-eku-codesign.patch - Unified with shim-bsc1177315-fix-buffer-use-after-free.patch- Drop upstreamed fixes + shim-correct-license-in-headers.patch + shim-always-mirror-mok-variables.patch + shim-bsc1175509-more-tpm-fixes.patch + shim-bsc1173411-only-check-efi-var-on-sb.patch + shim-fix-verify-eku.patch + gcc9-fix-warnings.patch + shim-fix-gnu-efi-3.0.11.patch + shim-bsc1177404-fix-a-use-of-strlen.patch + shim-do-not-write-string-literals.patch + shim-VLogError-Avoid-Null-pointer-dereferences.patch + shim-bsc1092000-fallback-menu.patch + shim-bsc1175509-tpm2-fixes.patch + shim-bsc1174512-correct-license-in-headers.patch + shim-bsc1182776-fix-crash-at-exit.patch- Drop shim-opensuse-cert-prompt.patch + All newly released openSUSE kernels enable kernel lockdown and signature verification, so there is no need to add the prompt anymore.
* Thu Mar 11 2021 glinAATTsuse.com- Refresh shim-bsc1182776-fix-crash-at-exit.patch to do the cleanup also when Secure Boot is disabled (bsc#1183213, bsc#1182776)- Merged linker-version.pl into timestamp.pl and add the linker version to signature files accordingly
* Mon Mar 08 2021 glinAATTsuse.com- Add shim-bsc1182776-fix-crash-at-exit.patch to fix the potential crash at Exit() (bsc#1182776)
* Fri Jan 22 2021 glinAATTsuse.com- Update the SLE signature- Exclude some patches from x86_64 to avoid breaking the signature- Add shim-correct-license-in-headers.patch back for x86_64 to match the SLE signature- Add linker-version.pl to modify the EFI/PE header to match the SLE signature
* Wed Nov 04 2020 glinAATTsuse.com- Disable the signature attachment for AArch64 temporarily until we get a real one.
* Mon Nov 02 2020 glinAATTsuse.com- Add shim-bsc1177315-verify-eku-codesign.patch to check CodeSign in the signer\'s EKU (bsc#1177315)- Add shim-bsc1177789-fix-null-pointer-deref-AuthenticodeVerify.patch to fix NULL pointer dereference in AuthenticodeVerify() (bsc#1177789, CVE-2019-14584)- shim-install: Support changing default shim efi binary in /usr/etc/default/shim and /etc/default/shim (bsc#1177315)- Add shim-bsc1177315-fix-buffer-use-after-free.patch to fix buffer use-after-free at the end of the EKU verification (bsc#1177315)
* Wed Oct 14 2020 glinAATTsuse.com- Add shim-bsc1177404-fix-a-use-of-strlen.patch to fix the length of the option data string to launch the program correctly (bsc#1177404)- Add shim-bsc1175509-more-tpm-fixes.patch to fix the file path in the tpm even log (bsc#1175509)
* Mon Sep 14 2020 glinAATTsuse.com- Add shim-VLogError-Avoid-Null-pointer-dereferences.patch to fix VLogError crash in AArch64 (jsc#SLE-15824)- Add shim-fix-verify-eku.patch to fix the potential crash at verify_eku() (jsc#SLE-15824)- Add shim-do-not-write-string-literals.patch to fix the potential crash when accessing the DEFAULT_LOADER string (jsc#SLE-15824)
* Fri Sep 04 2020 guillaume.gardetAATTopensuse.org- Enable build on aarch64
* Mon Aug 24 2020 glinAATTsuse.com- shim-install: install MokManager to \\EFI\\boot to process the pending MOK request (bsc#1175626, bsc#1175656)
* Fri Aug 21 2020 glinAATTsuse.com- Add shim-bsc1175509-tpm2-fixes.patch to fix the TPM2 measurement (bsc#1175509)
* Thu Aug 06 2020 glinAATTsuse.com- Amend the check of %shim_enforce_ms_signature
* Fri Jul 31 2020 jsegitzAATTsuse.com- Updated openSUSE signature
* Mon Jul 27 2020 glinAATTsuse.com- Replace shim-correct-license-in-headers.patch with the upstream commit: shim-bsc1174512-correct-license-in-headers.patch (bsc#1174512)
* Wed Jul 22 2020 glinAATTsuse.com- Update the path to grub-tpm.efi in shim-install (bsc#1174320)
* Fri Jul 10 2020 glinAATTsuse.com- Use vendor-dbx to block old SUSE/openSUSE signkeys (bsc#1168994) + Add dbx-cert.tar.xz which contains the certificates to block and a script, generate-vendor-dbx.sh, to generate vendor-dbx.bin + Add vendor-dbx.bin as the vendor dbx to block unwanted keys- Drop shim-opensuse-signed.efi + We don\'t need it anymore
* Fri Jul 10 2020 glinAATTsuse.com- Add shim-bsc1173411-only-check-efi-var-on-sb.patch to only check EFI variable copying when Secure Boot is enabled (bsc#1173411)
* Tue Mar 31 2020 glinAATTsuse.com- Use the full path of efibootmgr to avoid errors when invoking shim-install from packagekitd (bsc#1168104)
* Mon Mar 30 2020 glinAATTsuse.com- Use \"suse_version\" instead of \"sle_version\" to avoid shim_lib64_share_compat being set in Tumbleweed forever.
* Mon Mar 16 2020 glinAATTsuse.com- Add shim-fix-gnu-efi-3.0.11.patch to fix the build error caused by the upgrade of gnu-efi
* Wed Nov 27 2019 mchangAATTsuse.com- shim-install: add check for btrfs is used as root file system to enable relative path lookup for file. (bsc#1153953)
* Fri Aug 16 2019 glinAATTsuse.com- Fix a typo in shim-install (bsc#1145802)
* Fri Apr 19 2019 mliskaAATTsuse.cz- Add gcc9-fix-warnings.patch (bsc#1121268).
* Mon Apr 15 2019 glinAATTsuse.com- Add shim-opensuse-signed.efi, the openSUSE shim-15+git47 binary (bsc#1113225)
* Fri Apr 12 2019 glinAATTsuse.com- Disable AArch64 build (FATE#325971) + AArch64 machines don\'t use UEFI CA, at least for now.
* Thu Apr 11 2019 jsegitzAATTsuse.com- Updated shim signature: signature-sles.x86_64.asc (bsc#1120026)
* Thu Feb 14 2019 rwAATTsuse.com- Fix conditions for \'/usr/share/efi\'-move (FATE#326960)
* Mon Jan 28 2019 glinAATTsuse.com- Amend shim.spec to remove $RPM_BUILD_ROOT
* Thu Jan 17 2019 rwAATTsuse.com- Move \'efi\'-executables to \'/usr/share/efi\' (FATE#326960) (preparing the move to \'noarch\' for this package)
* Mon Jan 14 2019 glinAATTsuse.com- Update shim-install to handle the partitioned MD devices (bsc#1119762, bsc#1119763)
* Thu Dec 20 2018 glinAATTsuse.com- Update to 15+git47 (bsc#1120026, FATE#325971) + git commit: b3e4d1f7555aabbf5d54de5ea7cd7e839e7bd83d- Retire the old openSUSE 4096 bit certificate + Those programs are already out of maintenance.- Add shim-always-mirror-mok-variables.patch to mirror MOK variables correctly- Add shim-correct-license-in-headers.patch to correct the license declaration- Refresh patches: + shim-arch-independent-names.patch + shim-change-debug-file-path.patch + shim-bsc1092000-fallback-menu.patch + shim-opensuse-cert-prompt.patch- Drop upstreamed patches: + shim-bsc1088585-handle-mok-allocations-better.patch + shim-httpboot-amend-device-path.patch + shim-httpboot-include-console.h.patch + shim-only-os-name.patch + shim-remove-cryptpem.patch
* Wed Dec 05 2018 glinAATTsuse.com- Update shim-install to specify the target for grub2-install and change the boot efi file name according to the architecture (bsc#1118363, FATE#325971)
* Tue Aug 21 2018 glinAATTsuse.com- Enable AArch64 build (FATE#325971) + Also add the aarch64 signature files and rename the x86_64 signature files
* Tue May 29 2018 glinAATTsuse.com- Add shim-bsc1092000-fallback-menu.patch to show a menu before system reset ((bsc#1092000))
* Tue Apr 10 2018 glinAATTsuse.com- Add shim-bsc1088585-handle-mok-allocations-better.patch to avoid double-freeing after enrolling a key from the disk (bsc#1088585) + Also refresh shim-opensuse-cert-prompt.patch due to the change in MokManager.c
* Tue Apr 03 2018 glinAATTsuse.com- Install the certificates with a shim suffix to avoid conflicting with other packages (bsc#1087847)
* Fri Mar 23 2018 glinAATTsuse.com- Add the missing leading backlash to the DEFAULT_LOADER (bsc#1086589)
* Fri Jan 05 2018 glinAATTsuse.com- Add shim-httpboot-amend-device-path.patch to amend the device path matching rule for httpboot (bsc#1065370)
* Thu Jan 04 2018 glinAATTsuse.com- Update to 14 (bsc#1054712)- Adjust make commands in spec- Drop upstreamed fixes + shim-add-fallback-verbose-print.patch + shim-back-to-openssl-1.0.2e.patch + shim-fallback-workaround-masked-ami-variables.patch + shim-fix-fallback-double-free.patch + shim-fix-httpboot-crash.patch + shim-fix-openssl-flags.patch + shim-more-tpm-measurement.patch- Add shim-httpboot-include-console.h.patch to include console.h in httpboot.c to avoid build failure- Add shim-remove-cryptpem.patch to replace functions in CryptPem.c with the null function- Update SUSE/openSUSE specific patches + shim-only-os-name.patch + shim-arch-independent-names.patch + shim-change-debug-file-path.patch + shim-opensuse-cert-prompt.patch
* Fri Dec 29 2017 ngompa13AATTgmail.com- Fix debuginfo + debugsource subpackage generation for RPM 4.14- Set the RPM groups correctly for debug{info,source} subpackages- Drop deprecated and out of date Authors information in description
* Wed Sep 13 2017 glinAATTsuse.com- Add shim-back-to-openssl-1.0.2e.patch to avoid rejecting some legit certificates (bsc#1054712)- Add the stderr mask back while compiling MokManager.efi since the warnings in Cryptlib is back after reverting the openssl commits.
* Tue Aug 29 2017 glinAATTsuse.com- Add shim-add-fallback-verbose-print.patch to print the debug messages in fallback.efi dynamically- Refresh shim-fallback-workaround-masked-ami-variables.patch- Add shim-more-tpm-measurement.patch to measure more components and support TPM better
* Wed Aug 23 2017 glinAATTsuse.com- Add upstream fixes + shim-fix-httpboot-crash.patch + shim-fix-openssl-flags.patch + shim-fix-fallback-double-free.patch + shim-fallback-workaround-masked-ami-variables.patch- Remove the stderr mask while compiling MokManager.efi since the warnings in Cryptlib were fixed.
* Tue Aug 22 2017 glinAATTsuse.com- Add shim-arch-independent-names.patch to use the Arch-independent names. (bsc#1054712)- Refresh shim-change-debug-file-path.patch- Disable shim-opensuse-cert-prompt.patch automatically in SLE- Diable AArch64 until we have a real user and aarch64 signature
* Fri Jul 14 2017 bwiedemannAATTsuse.com- Make build reproducible by avoiding race between find and cp
* Thu Jun 22 2017 glinAATTsuse.com- Update to 12- Rename the result EFI images due to the upstream name change + shimx64 -> shim + mmx64 -> MokManager + fbx64 -> fallback- Refresh patches: + shim-only-os-name.patch + shim-change-debug-file-path.patch + shim-opensuse-cert-prompt.patch- Drop upstreamed patches: + shim-httpboot-support.patch + shim-bsc973496-mokmanager-no-append-write.patch + shim-bsc991885-fix-sig-length.patch + shim-update-openssl-1.0.2g.patch + shim-update-openssl-1.0.2h.patch
* Tue May 23 2017 glinAATTsuse.com- Add the build flag to enable HTTPBoot
* Wed Mar 22 2017 mchangAATTsuse.com- shim-install: add option --suse-enable-tpm (fate#315831)
* Fri Jan 13 2017 mchangAATTsuse.com- Support %posttrans with marcos provided by update-bootloader-rpm-macros package (bsc#997317)
* Fri Nov 18 2016 glinAATTsuse.com- Add SIGNATURE_UPDATE.txt to state the steps to update signature-
*.asc- Update the comment of strip_signature.sh
* Wed Sep 21 2016 mchangAATTsuse.com- shim-install :
* add option --no-nvram (bsc#999818)
* improve removable media and fallback mode handling
* Fri Aug 19 2016 mchangAATTsuse.com- shim-install : fix regression of password prompt (bsc#993764)
* Fri Aug 05 2016 glinAATTsuse.com- Add shim-bsc991885-fix-sig-length.patch to fix the signature length passed to Authenticode (bsc#991885)
* Wed Aug 03 2016 glinAATTsuse.com- Update shim-bsc973496-mokmanager-no-append-write.patch to try append write first
* Tue Aug 02 2016 glinAATTsuse.com- Add shim-update-openssl-1.0.2h.patch to update openssl to 1.0.2h- Bump the requirement of gnu-efi due to the HTTPBoot support
* Mon Aug 01 2016 glinAATTsuse.com- Add shim-httpboot-support.patch to support HTTPBoot- Add shim-update-openssl-1.0.2g.patch to update openssl to 1.0.2g and Cryptlib to 5e2318dd37a51948aaf845c7d920b11f47cdcfe6- Drop patches since they are merged into shim-update-openssl-1.0.2g.patch + shim-update-openssl-1.0.2d.patch + shim-gcc5.patch + shim-bsc950569-fix-cryptlib-va-functions.patch + shim-fix-aarch64.patch- Refresh shim-change-debug-file-path.patch- Add shim-bsc973496-mokmanager-no-append-write.patch to work around the firmware that doesn\'t support APPEND_WRITE (bsc973496)- shim-install : remove \'\
\' from the help message (bsc#991188)- shim-install : print a message if there is no valid EFI partition (bsc#991187)
* Mon May 09 2016 rwAATTsuse.com- shim-install : support simple MD RAID1 target devices (FATE#314829)
* Wed May 04 2016 agrafAATTsuse.com- Add shim-fix-aarch64.patch to fix compilation on AArch64 (bsc#978438)
* Wed Mar 09 2016 mchangAATTsuse.com- shim-install : fix typing ESC can escape to parent config which is in command mode and cannot return back (bsc#966701)- shim-install : fix no which command for JeOS (bsc#968264)
* Thu Dec 03 2015 jsegitzAATTnovell.com- acquired updated signature from Microsoft
* Mon Nov 09 2015 glinAATTsuse.com- Add shim-bsc950569-fix-cryptlib-va-functions.patch to fix the definition of va functions to avoid the potential crash (bsc#950569)- Update shim-opensuse-cert-prompt.patch to avoid setting NULL to MokListRT (bsc#950801)- Drop shim-fix-mokmanager-sections.patch as we are using the newer binutils now- Refresh shim-change-debug-file-path.patch
* Thu Oct 08 2015 jsegitzAATTnovell.com- acquired updated signature from Microsoft
* Tue Sep 15 2015 mchangAATTsuse.com- shim-install : set default GRUB_DISTRIBUTOR from /etc/os-release if it is empty or not set by user (bsc#942519)
* Thu Jul 16 2015 glinAATTsuse.com- Add shim-update-openssl-1.0.2d.patch to update openssl to 1.0.2d- Refresh shim-gcc5.patch and add it back since we really need it- Add shim-change-debug-file-path.patch to change the debug file path in shim.efi + also add the debuginfo and debugsource subpackages- Drop shim-fix-gnu-efi-30w.patch which is not necessary anymore
* Mon Jul 06 2015 glinAATTsuse.com- Update to 0.9- Refresh patches + shim-fix-gnu-efi-30w.patch + shim-fix-mokmanager-sections.patch + shim-opensuse-cert-prompt.patch- Drop upstreamed patches + shim-bsc920515-fix-fallback-buffer-length.patch + shim-mokx-support.patch + shim-update-cryptlib.patch- Drop shim-bsc919675-uninstall-shim-protocols.patch since upstream fixed the bug in another way.- Drop shim-gcc5.patch which was fixed in another way
* Wed Apr 08 2015 glinAATTsuse.com- Fix tags in the spec file
* Tue Apr 07 2015 glinAATTsuse.com- Add shim-update-cryptlib.patch to update Cryptlib to r16559 and openssl to 0.9.8zf- Add shim-bsc919675-uninstall-shim-protocols.patch to uninstall the shim protocols at Exit (bsc#919675)- Add shim-bsc920515-fix-fallback-buffer-length.patch to adjust the buffer size for the boot options (bsc#920515)- Refresh shim-opensuse-cert-prompt.patch
* Thu Apr 02 2015 crrodriguezAATTopensuse.org- shim-gcc5.patch: shim needs -std=gnu89 to build with GCC5
* Tue Feb 17 2015 mchangAATTsuse.com- shim-install : fix cryptodisk installation (boo#917427)
* Tue Nov 11 2014 glinAATTsuse.com- Add shim-fix-mokmanager-sections.patch to fix the objcopy parameters for the EFI files
* Tue Oct 28 2014 glinAATTsuse.com- Update to 0.8- Add shim-fix-gnu-efi-30w.patch to adapt the change in gnu-efi-3.0w- Merge shim-signed-unsigned-compares.patch, shim-mokmanager-support-sha-family.patch and shim-bnc863205-mokmanager-fix-hash-delete.patch into shim-mokx-support.patch- Refresh shim-opensuse-cert-prompt.patch- Drop upstreamed patches: shim-update-openssl-0.9.8zb.patch, bug-889332_shim-overflow.patch, and bug-889332_shim-mok-oob.patch- Enable aarch64
* Mon Oct 13 2014 jsegitzAATTnovell.com- Fixed buffer overflow and OOB access in shim trusted code path (bnc#889332, CVE-2014-3675, CVE-2014-3676, CVE-2014-3677)
* added bug-889332_shim-mok-oob.patch, bug-889332_shim-overflow.patch- Added new certificate by Microsoft
  
ICM