diff -Nru shim-signed-1.34.1/debian/changelog shim-signed-1.34.3/debian/changelog
--- shim-signed-1.34.1/debian/changelog	2018-04-19 21:56:50.000000000 +0000
+++ shim-signed-1.34.3/debian/changelog	2018-04-21 08:14:12.000000000 +0000
@@ -1,3 +1,16 @@
+shim-signed (1.34.3) bionic; urgency=medium
+
+  * Only take the first 31 bytes of the hostname.  LP: #1765905.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Sat, 21 Apr 2018 01:14:12 -0700
+
+shim-signed (1.34.2) bionic; urgency=medium
+
+  * Handle the case of multiple .kos per dkms module and .kos whose name
+    does not match the dkms package name.  LP: #1765647.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Sat, 21 Apr 2018 01:01:56 -0700
+
 shim-signed (1.34.1) bionic; urgency=medium
 
   * update-secureboot-policy: don't skip creating a MOK if Secure Boot is not
diff -Nru shim-signed-1.34.1/debian/shim-signed.postinst shim-signed-1.34.3/debian/shim-signed.postinst
--- shim-signed-1.34.1/debian/shim-signed.postinst	2018-04-19 20:51:14.000000000 +0000
+++ shim-signed-1.34.3/debian/shim-signed.postinst	2018-04-21 08:14:12.000000000 +0000
@@ -46,7 +46,7 @@
 
 	# Upgrade case, migrate all existing kernels/dkms module combinations
 	# to self-signed modules.
-	if dpkg --compare-versions "$2" lt "1.34" \
+	if dpkg --compare-versions "$2" lt "1.34.3" \
 	   && [ -d /var/lib/dkms ]
 	then
 		SHIM_NOTRIGGER=y update-secureboot-policy --new-key
@@ -55,10 +55,13 @@
 			for dkms in `dkms status -k $(uname -r) | grep 'installed' | awk -F,\  '{print $1"/"$2}'`;
 			do
 				dkms uninstall "${dkms}"
-				kmodsign sha512 \
-					/var/lib/shim-signed/mok/MOK.priv \
-					/var/lib/shim-signed/mok/MOK.der \
-					/var/lib/dkms/${dkms}/${kern}/$(uname -m)/module/${dkms%%/*}.ko
+				for mod in /var/lib/dkms/${dkms}/${kern}/$(uname -m)/module/*.ko
+				do
+					kmodsign sha512 \
+						/var/lib/shim-signed/mok/MOK.priv \
+						/var/lib/shim-signed/mok/MOK.der \
+						$mod
+				done
 				dkms install "${dkms}"
 			done
 		done
diff -Nru shim-signed-1.34.1/update-secureboot-policy shim-signed-1.34.3/update-secureboot-policy
--- shim-signed-1.34.1/update-secureboot-policy	2018-04-19 21:53:29.000000000 +0000
+++ shim-signed-1.34.3/update-secureboot-policy	2018-04-21 08:13:55.000000000 +0000
@@ -216,7 +216,7 @@
 
     echo "Generating a new Secure Boot signing key:"
     openssl req -config /usr/lib/shim/mok/openssl.cnf \
-        -subj "/CN=`hostname -s` Secure Boot Module Signature key" \
+        -subj "/CN=`hostname -s | cut -b1-31` Secure Boot Module Signature key" \
         -new -x509 -newkey rsa:2048 \
         -nodes -days 36500 -outform DER \
         -keyout "$SB_PRIV" \