| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: shim-susesigned | Distribution: SUSE Linux Enterprise 15 |
| Version: 15+git47 | Vendor: SUSE LLC <https://www.suse.com/> |
| Release: 3.7.1 | Build date: Thu Oct 22 11:01:10 2020 |
| Group: System/Boot | Build host: sheep51 |
| Size: 1332909 | Source RPM: shim-susesigned-15+git47-3.7.1.src.rpm |
| Packager: https://www.suse.com/ | |
| Url: https://github.com/rhboot/shim | |
| Summary: UEFI shim loader | |
shim is a trivial EFI application that, when run, attempts to open and execute another application.
BSD-2-Clause
* Thu Oct 22 2020 glin@suse.com
- Add shim-bsc1177315-fix-buffer-use-after-free.patch to fix buffer
use-after-free at the end of the EKU verification (bsc#1177315)
* Fri Oct 16 2020 glin@suse.com
- Add shim-bsc1177789-fix-null-pointer-deref-AuthenticodeVerify.patch
to fix NULL pointer dereference in AuthenticodeVerify()
(bsc#1177789, CVE-2019-14584)
* Thu Oct 15 2020 glin@suse.com
- Rename package as shim-susesigned (bsc#1177315)
+ Only build SLES shim and drop MokManager and fallback
+ Drop debug packages
+ Make it conflict with the original shim package
+ Drop unused files
- openSUSE-UEFI-CA-Certificate.crt
- shim-install
- attach_signature.sh
- extract_signature.sh
- show_signatures.sh
- show_hash.sh
- strip_signature.sh
- timestamp.pl
- signature-opensuse.aarch64.asc
- signature-opensuse.x86_64.asc
- signature-sles.aarch64.asc
- signature-sles.x86_64.asc
- SIGNATURE_UPDATE.txt
* Wed Oct 14 2020 glin@suse.com
- Add shim-bsc1175509-tpm2-fixes.patch to fix the TPM2 measurement
(bsc#1175509)
- Add shim-VLogError-Avoid-Null-pointer-dereferences.patch to fix
VLogError crash in AArch64 (jsc#SLE-15824)
- Add shim-fix-verify-eku.patch to fix the potential crash at
verify_eku() (jsc#SLE-15824)
- Add shim-do-not-write-string-literals.patch to fix the potential
crash when accessing the DEFAULT_LOADER string (jsc#SLE-15824)
- Add shim-bsc1177404-fix-a-use-of-strlen.patch to launch the
program from the option data correctly (bsc#1177404)
- Add shim-bsc1175509-more-tpm-fixes.patch to fix the file path
in the tpm even log (bsc#1175509)
- Add shim-bsc1177315-verify-eku-codesign.patch to check CodeSign
in the signer's EKU (bsc#1177315)
* Mon Aug 24 2020 glin@suse.com
- shim-install: install MokManager to \EFI\boot to process the
pending MOK request (bsc#1175626, bsc#1175656)
* Thu Aug 06 2020 glin@suse.com
- Amend the check of %shim_enforce_ms_signature
* Fri Jul 31 2020 jsegitz@suse.com
- Updated SUSE signature
* Wed Jul 22 2020 glin@suse.com
- Update the path to grub-tpm.efi in shim-install (bsc#1174320)
* Fri Jul 10 2020 glin@suse.com
- Use vendor-dbx to block old SUSE/openSUSE signkeys (bsc#1168994)
+ Add dbx-cert.tar.xz which contains the certificates to block
and a script, generate-vendor-dbx.sh, to generate
vendor-dbx.bin
+ Add vendor-dbx.bin as the vendor dbx to block unwanted keys
- Drop shim-opensuse-signed.efi
+ We don't need it anymore
* Fri Jul 10 2020 glin@suse.com
- Add shim-bsc1173411-only-check-efi-var-on-sb.patch to only check
EFI variable copying when Secure Boot is enabled (bsc#1173411)
* Tue Mar 31 2020 glin@suse.com
- Use the full path of efibootmgr to avoid errors when invoking
shim-install from packagekitd (bsc#1168104)
* Mon Mar 30 2020 glin@suse.com
- Use "suse_version" instead of "sle_version" to avoid
shim_lib64_share_compat being set in Tumbleweed forever.
* Mon Mar 16 2020 glin@suse.com
- Add shim-fix-gnu-efi-3.0.11.patch to fix the build error caused
by the upgrade of gnu-efi
* Wed Nov 27 2019 mchang@suse.com
- shim-install: add check for btrfs is used as root file system to enable
relative path lookup for file. (bsc#1153953)
* Fri Aug 16 2019 glin@suse.com
- Fix a typo in shim-install (bsc#1145802)
* Fri Apr 19 2019 mliska@suse.cz
- Add gcc9-fix-warnings.patch (bsc#1121268).
* Mon Apr 15 2019 glin@suse.com
- Add shim-opensuse-signed.efi, the openSUSE shim-15+git47 binary
(bsc#1113225)
* Fri Apr 12 2019 glin@suse.com
- Disable AArch64 build (FATE#325971)
+ AArch64 machines don't use UEFI CA, at least for now.
* Thu Apr 11 2019 jsegitz@suse.com
- Updated shim signature: signature-sles.x86_64.asc (bsc#1120026)
* Thu Feb 14 2019 rw@suse.com
- Fix conditions for '/usr/share/efi'-move (FATE#326960)
* Mon Jan 28 2019 glin@suse.com
- Amend shim.spec to remove $RPM_BUILD_ROOT
* Thu Jan 17 2019 rw@suse.com
- Move 'efi'-executables to '/usr/share/efi' (FATE#326960)
(preparing the move to 'noarch' for this package)
* Mon Jan 14 2019 glin@suse.com
- Update shim-install to handle the partitioned MD devices
(bsc#1119762, bsc#1119763)
* Thu Dec 20 2018 glin@suse.com
- Update to 15+git47 (bsc#1120026, FATE#325971)
+ git commit: b3e4d1f7555aabbf5d54de5ea7cd7e839e7bd83d
- Retire the old openSUSE 4096 bit certificate
+ Those programs are already out of maintenance.
- Add shim-always-mirror-mok-variables.patch to mirror MOK
variables correctly
- Add shim-correct-license-in-headers.patch to correct the license
declaration
- Refresh patches:
+ shim-arch-independent-names.patch
+ shim-change-debug-file-path.patch
+ shim-bsc1092000-fallback-menu.patch
+ shim-opensuse-cert-prompt.patch
- Drop upstreamed patches:
+ shim-bsc1088585-handle-mok-allocations-better.patch
+ shim-httpboot-amend-device-path.patch
+ shim-httpboot-include-console.h.patch
+ shim-only-os-name.patch
+ shim-remove-cryptpem.patch
* Wed Dec 05 2018 glin@suse.com
- Update shim-install to specify the target for grub2-install and
change the boot efi file name according to the architecture
(bsc#1118363, FATE#325971)
* Tue Aug 21 2018 glin@suse.com
- Enable AArch64 build (FATE#325971)
+ Also add the aarch64 signature files and rename the x86_64
signature files
* Tue May 29 2018 glin@suse.com
- Add shim-bsc1092000-fallback-menu.patch to show a menu before
system reset ((bsc#1092000))
* Tue Apr 10 2018 glin@suse.com
- Add shim-bsc1088585-handle-mok-allocations-better.patch to avoid
double-freeing after enrolling a key from the disk (bsc#1088585)
+ Also refresh shim-opensuse-cert-prompt.patch due to the change
in MokManager.c
* Tue Apr 03 2018 glin@suse.com
- Install the certificates with a shim suffix to avoid conflicting
with other packages (bsc#1087847)
* Fri Mar 23 2018 glin@suse.com
- Add the missing leading backlash to the DEFAULT_LOADER
(bsc#1086589)
* Fri Jan 05 2018 glin@suse.com
- Add shim-httpboot-amend-device-path.patch to amend the device
path matching rule for httpboot (bsc#1065370)
* Thu Jan 04 2018 glin@suse.com
- Update to 14 (bsc#1054712)
- Adjust make commands in spec
- Drop upstreamed fixes
+ shim-add-fallback-verbose-print.patch
+ shim-back-to-openssl-1.0.2e.patch
+ shim-fallback-workaround-masked-ami-variables.patch
+ shim-fix-fallback-double-free.patch
+ shim-fix-httpboot-crash.patch
+ shim-fix-openssl-flags.patch
+ shim-more-tpm-measurement.patch
- Add shim-httpboot-include-console.h.patch to include console.h
in httpboot.c to avoid build failure
- Add shim-remove-cryptpem.patch to replace functions in CryptPem.c
with the null function
- Update SUSE/openSUSE specific patches
+ shim-only-os-name.patch
+ shim-arch-independent-names.patch
+ shim-change-debug-file-path.patch
+ shim-opensuse-cert-prompt.patch
* Fri Dec 29 2017 ngompa13@gmail.com
- Fix debuginfo + debugsource subpackage generation for RPM 4.14
- Set the RPM groups correctly for debug{info,source} subpackages
- Drop deprecated and out of date Authors information in description
* Wed Sep 13 2017 glin@suse.com
- Add shim-back-to-openssl-1.0.2e.patch to avoid rejecting some
legit certificates (bsc#1054712)
- Add the stderr mask back while compiling MokManager.efi since the
warnings in Cryptlib is back after reverting the openssl commits.
* Tue Aug 29 2017 glin@suse.com
- Add shim-add-fallback-verbose-print.patch to print the debug
messages in fallback.efi dynamically
- Refresh shim-fallback-workaround-masked-ami-variables.patch
- Add shim-more-tpm-measurement.patch to measure more components
and support TPM better
* Wed Aug 23 2017 glin@suse.com
- Add upstream fixes
+ shim-fix-httpboot-crash.patch
+ shim-fix-openssl-flags.patch
+ shim-fix-fallback-double-free.patch
+ shim-fallback-workaround-masked-ami-variables.patch
- Remove the stderr mask while compiling MokManager.efi since the
warnings in Cryptlib were fixed.
* Tue Aug 22 2017 glin@suse.com
- Add shim-arch-independent-names.patch to use the Arch-independent
names. (bsc#1054712)
- Refresh shim-change-debug-file-path.patch
- Disable shim-opensuse-cert-prompt.patch automatically in SLE
- Diable AArch64 until we have a real user and aarch64 signature
* Fri Jul 14 2017 bwiedemann@suse.com
- Make build reproducible by avoiding race between find and cp
* Thu Jun 22 2017 glin@suse.com
- Update to 12
- Rename the result EFI images due to the upstream name change
+ shimx64 -> shim
+ mmx64 -> MokManager
+ fbx64 -> fallback
- Refresh patches:
+ shim-only-os-name.patch
+ shim-change-debug-file-path.patch
+ shim-opensuse-cert-prompt.patch
- Drop upstreamed patches:
+ shim-httpboot-support.patch
+ shim-bsc973496-mokmanager-no-append-write.patch
+ shim-bsc991885-fix-sig-length.patch
+ shim-update-openssl-1.0.2g.patch
+ shim-update-openssl-1.0.2h.patch
* Tue May 23 2017 glin@suse.com
- Add the build flag to enable HTTPBoot
* Wed Mar 22 2017 mchang@suse.com
- shim-install: add option --suse-enable-tpm (fate#315831)
* Fri Jan 13 2017 mchang@suse.com
- Support %posttrans with marcos provided by update-bootloader-rpm-macros
package (bsc#997317)
* Fri Nov 18 2016 glin@suse.com
- Add SIGNATURE_UPDATE.txt to state the steps to update
signature-*.asc
- Update the comment of strip_signature.sh
* Wed Sep 21 2016 mchang@suse.com
- shim-install :
* add option --no-nvram (bsc#999818)
* improve removable media and fallback mode handling
* Fri Aug 19 2016 mchang@suse.com
- shim-install : fix regression of password prompt (bsc#993764)
* Fri Aug 05 2016 glin@suse.com
- Add shim-bsc991885-fix-sig-length.patch to fix the signature
length passed to Authenticode (bsc#991885)
* Wed Aug 03 2016 glin@suse.com
- Update shim-bsc973496-mokmanager-no-append-write.patch to try
append write first
* Tue Aug 02 2016 glin@suse.com
- Add shim-update-openssl-1.0.2h.patch to update openssl to 1.0.2h
- Bump the requirement of gnu-efi due to the HTTPBoot support
* Mon Aug 01 2016 glin@suse.com
- Add shim-httpboot-support.patch to support HTTPBoot
- Add shim-update-openssl-1.0.2g.patch to update openssl to 1.0.2g
and Cryptlib to 5e2318dd37a51948aaf845c7d920b11f47cdcfe6
- Drop patches since they are merged into
shim-update-openssl-1.0.2g.patch
+ shim-update-openssl-1.0.2d.patch
+ shim-gcc5.patch
+ shim-bsc950569-fix-cryptlib-va-functions.patch
+ shim-fix-aarch64.patch
- Refresh shim-change-debug-file-path.patch
- Add shim-bsc973496-mokmanager-no-append-write.patch to work
around the firmware that doesn't support APPEND_WRITE (bsc973496)
- shim-install : remove '\n' from the help message (bsc#991188)
- shim-install : print a message if there is no valid EFI partition
(bsc#991187)
* Mon May 09 2016 rw@suse.com
- shim-install : support simple MD RAID1 target devices (FATE#314829)
* Wed May 04 2016 agraf@suse.com
- Add shim-fix-aarch64.patch to fix compilation on AArch64 (bsc#978438)
* Wed Mar 09 2016 mchang@suse.com
- shim-install : fix typing ESC can escape to parent config which is
in command mode and cannot return back (bsc#966701)
- shim-install : fix no which command for JeOS (bsc#968264)
* Thu Dec 03 2015 jsegitz@novell.com
- acquired updated signature from Microsoft
* Mon Nov 09 2015 glin@suse.com
- Add shim-bsc950569-fix-cryptlib-va-functions.patch to fix the
definition of va functions to avoid the potential crash
(bsc#950569)
- Update shim-opensuse-cert-prompt.patch to avoid setting NULL to
MokListRT (bsc#950801)
- Drop shim-fix-mokmanager-sections.patch as we are using the
newer binutils now
- Refresh shim-change-debug-file-path.patch
* Thu Oct 08 2015 jsegitz@novell.com
- acquired updated signature from Microsoft
* Tue Sep 15 2015 mchang@suse.com
- shim-install : set default GRUB_DISTRIBUTOR from /etc/os-release
if it is empty or not set by user (bsc#942519)
* Thu Jul 16 2015 glin@suse.com
- Add shim-update-openssl-1.0.2d.patch to update openssl to 1.0.2d
- Refresh shim-gcc5.patch and add it back since we really need it
- Add shim-change-debug-file-path.patch to change the debug file
path in shim.efi
+ also add the debuginfo and debugsource subpackages
- Drop shim-fix-gnu-efi-30w.patch which is not necessary anymore
* Mon Jul 06 2015 glin@suse.com
- Update to 0.9
- Refresh patches
+ shim-fix-gnu-efi-30w.patch
+ shim-fix-mokmanager-sections.patch
+ shim-opensuse-cert-prompt.patch
- Drop upstreamed patches
+ shim-bsc920515-fix-fallback-buffer-length.patch
+ shim-mokx-support.patch
+ shim-update-cryptlib.patch
- Drop shim-bsc919675-uninstall-shim-protocols.patch since
upstream fixed the bug in another way.
- Drop shim-gcc5.patch which was fixed in another way
* Wed Apr 08 2015 glin@suse.com
- Fix tags in the spec file
* Tue Apr 07 2015 glin@suse.com
- Add shim-update-cryptlib.patch to update Cryptlib to r16559 and
openssl to 0.9.8zf
- Add shim-bsc919675-uninstall-shim-protocols.patch to uninstall
the shim protocols at Exit (bsc#919675)
- Add shim-bsc920515-fix-fallback-buffer-length.patch to adjust
the buffer size for the boot options (bsc#920515)
- Refresh shim-opensuse-cert-prompt.patch
* Thu Apr 02 2015 crrodriguez@opensuse.org
- shim-gcc5.patch: shim needs -std=gnu89 to build with GCC5
* Tue Feb 17 2015 mchang@suse.com
- shim-install : fix cryptodisk installation (boo#917427)
* Tue Nov 11 2014 glin@suse.com
- Add shim-fix-mokmanager-sections.patch to fix the objcopy
parameters for the EFI files
* Tue Oct 28 2014 glin@suse.com
- Update to 0.8
- Add shim-fix-gnu-efi-30w.patch to adapt the change in
gnu-efi-3.0w
- Merge shim-signed-unsigned-compares.patch,
shim-mokmanager-support-sha-family.patch and
shim-bnc863205-mokmanager-fix-hash-delete.patch into
shim-mokx-support.patch
- Refresh shim-opensuse-cert-prompt.patch
- Drop upstreamed patches: shim-update-openssl-0.9.8zb.patch,
bug-889332_shim-overflow.patch, and bug-889332_shim-mok-oob.patch
- Enable aarch64
* Mon Oct 13 2014 jsegitz@novell.com
- Fixed buffer overflow and OOB access in shim trusted code path
(bnc#889332, CVE-2014-3675, CVE-2014-3676, CVE-2014-3677)
* added bug-889332_shim-mok-oob.patch, bug-889332_shim-overflow.patch
- Added new certificate by Microsoft
/etc/uefi /etc/uefi/certs /etc/uefi/certs/BCA4E38E-shim.crt /usr/lib64/efi /usr/lib64/efi/shim-susesigned.efi /usr/share/doc/packages/shim-susesigned /usr/share/doc/packages/shim-susesigned/COPYRIGHT /usr/share/efi /usr/share/efi/x86_64 /usr/share/efi/x86_64/shim-susesigned.der /usr/share/efi/x86_64/shim-susesigned.efi
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Apr 9 15:02:03 2024