Change log for shim package in Ubuntu
1 → 28 of 28 results | First • Previous • Next • Last |
shim (15.8-0ubuntu1) mantic; urgency=medium * New upstream version 15.8 (LP: #2051151): - pe: Align section size up to page size for mem attrs (LP: #2036604) - SBAT level: shim,4 - SBAT policy: - Latest: "shim,4\ngrub,3\ngrub.debian,4\n" - Automatic: "shim,2\ngrub,3\ngrub.debian,4\n" - Note that this does not yet revoke pre NTFS CVE fix GRUB binaries. * SECURITY UPDATE: a bug in an error message [LP: #2051151] - mok: fix LogError() invocation - CVE-2023-40546 * SECURITY UPDATE: out-of-bounds write and UEFI Secure Boot bypass when booting via HTTP [LP: #2051151] - avoid incorrectly trusting HTTP headers - CVE-2023-40547 * SECURITY UPDATE: out-of-bounds write and possible bug [LP: #2051151] - Fix integer overflow on SBAT section size on 32-bit system - CVE-2023-40548 * SECURITY UPDATE: out-of-bounds read and possible bug [LP: #2051151] - Authenticode: verify that the signature header is in bounds. - CVE-2023-40549 * SECURITY UPDATE: out-of-bounds read and possible bug [LP: #2051151] - pe: Fix an out-of-bound read in verify_buffer_sbat() - CVE-2023-40550 * SECURITY UPDATE: out-of-bounds read and possible bug [LP: #2051151] - pe-relocate: Fix bounds check for MZ binaries - CVE-2023-40551 * debian/rules: Update COMMIT_ID -- Mate Kukri <email address hidden> Thu, 25 Jan 2024 08:55:28 +0000
Available diffs
Superseded in noble-release |
Published in focal-security |
Published in jammy-security |
Published in bionic-updates |
Published in mantic-release |
Published in focal-updates |
Published in lunar-release |
Deleted in lunar-proposed (Reason: Moved to lunar) |
Deleted in lunar-release (Reason: breaks secureboot for cloud images because kernels haven'...) |
Deleted in lunar-proposed (Reason: Moved to lunar) |
Deleted in lunar-release (Reason: breaks secureboot for cloud images because kernels haven'...) |
Deleted in lunar-proposed (Reason: Moved to lunar) |
Deleted in lunar-release (Reason: breaks secureboot for cloud images because kernels haven'...) |
Deleted in focal-updates (Reason: Shim packages released too early, focal apparently not re...) |
Published in jammy-updates |
Obsolete in kinetic-updates |
Deleted in lunar-proposed (Reason: Moved to lunar) |
Deleted in bionic-proposed (Reason: moved to -updates) |
Deleted in focal-proposed (Reason: moved to -updates) |
Deleted in jammy-proposed (Reason: moved to -updates) |
Deleted in kinetic-proposed (Reason: moved to -updates) |
Deleted in lunar-release (Reason: No compatible kernels yet LP: #1996503) |
Deleted in lunar-proposed (Reason: Moved to lunar) |
shim (15.7-0ubuntu1) kinetic; urgency=medium * New upstream version 15.7 (LP: #1996503), highlights: - Enable TDX measurements (LP: #1995852) - Flush the memory region from i-cache before execution (LP: #1987541) - Introspectable SBAT payload for TPM resealing efforts - Don't measure MokListTrusted to PCR7 - SBAT level: shim,3 - SBAT policy bumped to for grub,2 in previous and grub,3 in latest: SBAT policy: latest="shim,2\ngrub,3\n" previous="grub,2\n" Note that shim requirement was not bumped as shim,2 shims are not commonly available yet. * SECURITY FIX: Buffer overflow when loading crafted EFI images. - CVE-2022-28737 * Rebase patches, only ubuntu-no-addend-vendor-dbx.patch remains * Import 20221103 Canonical vendor dbx. This vendor dbx revokes all certificates that have been used so far. - CN = Canonical Ltd. Secure Boot Signing - CN = Canonical Ltd. Secure Boot Signing (2017) - CN = Canonical Ltd. Secure Boot Signing (ESM 2018) - CN = Canonical Ltd. Secure Boot Signing (2019) - CN = Canonical Ltd. Secure Boot Signing (Ubuntu Core 2019) - CN = Canonical Ltd. Secure Boot Signing (2021 v1) - CN = Canonical Ltd. Secure Boot Signing (2021 v2) - CN = Canonical Ltd. Secure Boot Signing (2021 v3) * Build-Depend on libefivar-dev * debian/rules: Update COMMIT_ID -- Julian Andres Klode <email address hidden> Fri, 18 Nov 2022 16:00:39 +0100
Available diffs
Superseded in lunar-release |
Superseded in lunar-release |
Superseded in lunar-release |
Superseded in lunar-release |
Superseded in focal-security |
Published in bionic-security |
Superseded in lunar-release |
Obsolete in kinetic-release |
Published in jammy-release |
Superseded in bionic-updates |
Obsolete in hirsute-updates |
Deleted in bionic-proposed (Reason: moved to -updates) |
Deleted in hirsute-proposed (Reason: moved to -updates) |
Superseded in focal-updates |
Obsolete in impish-release |
Deleted in focal-proposed (Reason: moved to -updates) |
Deleted in impish-proposed (Reason: Moved to impish) |
shim (15.4-0ubuntu9) hirsute; urgency=medium * Fix booting installer media on some machines (LP: #1937115) - Always fallback to the default loader (PR #393) - Dump load options parsed (PR #393) - Disable load option parsing on removable media path (PR #399) * trivial: Fix a minor overflow in the mok importing code (PR #365) * Fix fall back loader to find the correct boot entry, avoiding potential corruption of firmware (PR #396). -- Julian Andres Klode <email address hidden> Fri, 06 Aug 2021 13:16:33 +0200
Available diffs
- diff from 15.7-0ubuntu1 to 15.4-0ubuntu9 (115.4 KiB)
- diff from 15+1533136590.3beb971-0ubuntu1 (in ~canonical-foundations/ubuntu/shim) to 15.4-0ubuntu9 (1.4 MiB)
- diff from 15+1552672080.a4a1fbe-0ubuntu2 to 15.4-0ubuntu9 (1.4 MiB)
- diff from 0.9+1474479173.6c180c6-1 (in Debian) to 15.4-0ubuntu9 (552.2 KiB)
- diff from 15.4-0ubuntu7 to 15.4-0ubuntu9 (4.5 KiB)
- diff from 15.4-0ubuntu8 to 15.4-0ubuntu9 (1.3 KiB)
Superseded in bionic-updates |
Published in xenial-updates |
Superseded in focal-updates |
Deleted in hirsute-security (Reason: Whoops, we don't need it in security.) |
Superseded in hirsute-updates |
Deleted in xenial-proposed (Reason: moved to -updates) |
Superseded in bionic-proposed |
Deleted in focal-proposed (Reason: moved to -updates) |
Deleted in hirsute-proposed (Reason: moved to -updates) |
Superseded in impish-release |
Deleted in impish-proposed (Reason: Moved to impish) |
shim (15.4-0ubuntu7) hirsute; urgency=medium * Fix load option parsing, and thus fwupd execution (LP: #1929471) (PR #379) * Fix occasional crashes in _relocate() on arm64 (LP: #1928010) (PR #383) * Fix accidental deletion of RT variables (LP: #1934506) (PR #387) * mok: relax the maximum variable size check (LP: #1934780) (PR #369) -- Julian Andres Klode <email address hidden> Wed, 07 Jul 2021 10:57:35 +0200
Available diffs
Superseded in hirsute-updates |
Superseded in focal-proposed |
Superseded in xenial-proposed |
Deleted in hirsute-proposed (Reason: moved to -updates) |
Superseded in impish-release |
Deleted in impish-proposed (Reason: Moved to impish) |
shim (15.4-0ubuntu5) hirsute; urgency=medium * Rebuild in hirsute to get a more stable target to keep shim reproducible for a longer time.
Available diffs
Superseded in xenial-proposed |
Superseded in hirsute-updates |
Deleted in hirsute-proposed (Reason: moved to -updates) |
Superseded in impish-release |
Deleted in impish-proposed (Reason: Moved to impish) |
shim (15.4-0ubuntu2) hirsute; urgency=medium [ Balint Reczey ] * Fix boot on EFI 1.10 machines, for example on some MacBooks (LP: #1925010) [ Dimitri John Ledkov ] * Fix kernel warning when allocating MOK table (LP: #1925139) * Fix booting with shim SBState disabled (LP: #1925140) -- Dimitri John Ledkov <email address hidden> Tue, 20 Apr 2021 15:24:29 +0100
Available diffs
Superseded in impish-release |
Obsolete in hirsute-release |
Deleted in hirsute-proposed (Reason: Moved to hirsute) |
shim (15.4-0ubuntu1) hirsute; urgency=medium [ Dimitri John Ledkov ] * New upstream release 15.4 LP: #1921134 - Update the commit hash in debian/rules * debian/rules: add request to sign EFI binaries with archive signing key. * debian/rules: stop using ENABLE_SHIM_CERT=1. * debian/rules: add canonical 2021 DBX. * deiban/rules: start using DISABLE_EBS_PROTECTION=1 to allow chainloading shim to shim, and shim to kernel.efi. * Add shim-dbg package, skip stripping files. * Update watch file, now uscan can generate new upstream tarballs. * Upgrade to debhelper 12. * Drop gnu-efi build-dep, now vendored upstream. * Add debian/rules target to generate gnu-efi components. * Do not clean gnu-efi Makefile.orig * Remove fallback 5s delay with TPM. LP: #1922581 * Add xxd build-dep to run unittests. [ Chris Coulson ] * Drop patches that are fixed upstream: - debian/patches/Fix-OBJ_create-to-tolerate-a-NULL-sn-and-ln.patch - debian/patches/MokManager-avoid-unaligned.patch - debian/patches/tpm-correctness-1.patch - debian/patches/tpm-correctness-2.patch - debian/patches/tpm-correctness-3.patch - debian/patches/MokManager-hidpi-support.patch - debian/patches/fix-path-checks.patch * Drop the ENABLE_HTTPBOOT option - this is always built now. - update debian/rules * Add vendor SBAT metadata to shim. - add debian/sbat.ubuntu.csv.in - update debian/rules * Add vendor dbx esl to include-binaries * Build-depend on dos2unix - update debian/control -- Dimitri John Ledkov <email address hidden> Wed, 24 Mar 2021 11:32:25 +0000
Available diffs
Superseded in hirsute-release |
Superseded in xenial-updates |
Superseded in bionic-updates |
Superseded in focal-updates |
Deleted in xenial-proposed (Reason: moved to -updates) |
Deleted in bionic-proposed (Reason: moved to -updates) |
Deleted in focal-proposed (Reason: moved to -updates) |
Obsolete in groovy-release |
Deleted in groovy-proposed (Reason: moved to Release) |
shim (15+1552672080.a4a1fbe-0ubuntu2) focal; urgency=medium * d/patches/fix-path-checks.patch: Cherry-pick upstream fix for regression in loading fwupd, or anything else specified as an argument (LP: #1864223) -- Julian Andres Klode <email address hidden> Fri, 20 Mar 2020 16:19:14 +0100
Available diffs
- diff from 15+1552672080.a4a1fbe-0ubuntu1 to 15+1552672080.a4a1fbe-0ubuntu2 (979 bytes)
- diff from 15+1533136590.3beb971-0ubuntu1 (in ~canonical-foundations/ubuntu/shim) to 15+1552672080.a4a1fbe-0ubuntu2 (25.1 KiB)
- diff from 15+1552672080.a4a1fbe-0ubuntu2~uefi1 to 15+1552672080.a4a1fbe-0ubuntu2 (455 bytes)
Deleted in focal-proposed (Reason: Removing to make way for an SRU with lower version) |
Deleted in focal-release (Reason: upload causes regressions, reverting) |
Deleted in focal-proposed (Reason: moved to Release) |
shim (15+1552672080.a4a1fbe-0ubuntu1) eoan; urgency=medium * New upstream snapshot 15+1552672080.a4a1fbe. * debian/patches/VLogError-Avoid-NULL-pointer-dereferences-in-V-Sprin.patch, debian/patches/fixup_git.patch: drop patches included in upstream. * debian/patches/MokManager-avoid-unaligned.patch: Fix compilation with GCC9: avoid -Werror=address-of-packed-member errors in MokManager. * debian/patches/tpm-correctness-1.patch, debian/patches/tpm-correctness-2.patch: fix issues in TPM calls to ensure the measurements are consistent with what is entered in the TPM event log. * debian/patches/tpm-correctness-3.patch: Don't log duplicate identical TPM events. * debian/patches/MokManager-hidpi-support.patch: Do a little bit more to try to get a more usable screen resolution for MokManager when running on HiDPI screens; by trying to detect such cases and switching to mode 0. * debian/rules: update COMMIT_ID explicitly for this new snapshot. -- Mathieu Trudel-Lapierre <email address hidden> Fri, 11 Oct 2019 16:32:32 -0400
Superseded in groovy-release |
Published in focal-release |
Superseded in focal-release |
Obsolete in eoan-release |
Superseded in xenial-updates |
Deleted in xenial-updates (Reason: revert SRU) |
Obsolete in disco-release |
Superseded in bionic-updates |
Deleted in bionic-proposed (Reason: moved to -updates) |
Deleted in bionic-updates (Reason: Rolling back an SRU) |
Deleted in xenial-proposed (Reason: moved to -updates) |
Deleted in bionic-proposed (Reason: moved to -updates) |
Obsolete in cosmic-release |
Deleted in cosmic-proposed (Reason: moved to release) |
shim (15+1533136590.3beb971-0ubuntu1) cosmic; urgency=medium [ Steve Langasek ] * Fix Vcs link. [ dann frazier ] * Enable arm64 build. [ Mathieu Trudel-Lapierre ] * New upstream snapshot. * debian/patches/abort_abort_abort.patch: dropped patch, included upstream. * debian/rules: - define RELEASE and COMMIT_ID for the snapshot. - Set ENABLE_HTTPBOOT to enable the HTTP Boot feature. * debian/patches/fixup_git.patch: don't run git in clean; we're not really in a git tree. -- Mathieu Trudel-Lapierre <email address hidden> Wed, 22 Aug 2018 10:52:10 -0400
Superseded in xenial-updates |
Published in trusty-updates |
Deleted in trusty-proposed (Reason: moved to -updates) |
Superseded in cosmic-release |
Superseded in xenial-updates |
Obsolete in artful-updates |
Deleted in xenial-proposed (Reason: moved to -updates) |
Deleted in artful-proposed (Reason: moved to -updates) |
Published in bionic-release |
Deleted in bionic-proposed (Reason: moved to release) |
shim (13-0ubuntu2) bionic; urgency=medium * debian/patches/abort_abort_abort.patch: signtool.exe isn't happy with some of the structure of our binary, partly because abort() is thought to be an external symbol, which causes some relocalisations to appear. -- Mathieu Trudel-Lapierre <email address hidden> Tue, 07 Nov 2017 10:19:04 -0500
Available diffs
- diff from 15+1533136590.3beb971-0ubuntu1 to 13-0ubuntu2 (1.1 MiB)
- diff from 0.4-0ubuntu4.1 to 13-0ubuntu2 (pending)
- diff from 13-0ubuntu1 to 13-0ubuntu2 (4.3 KiB)
- diff from 0.9+1474479173.6c180c6-1ubuntu1 to 13-0ubuntu2 (130.3 KiB)
Superseded in bionic-release |
Superseded in trusty-updates |
Deleted in trusty-proposed (Reason: moved to -updates) |
Obsolete in artful-release |
Superseded in xenial-updates |
Obsolete in yakkety-updates |
Deleted in yakkety-proposed (Reason: moved to -updates) |
Deleted in xenial-proposed (Reason: moved to -updates) |
Obsolete in zesty-release |
Deleted in zesty-proposed (Reason: moved to release) |
shim (0.9+1474479173.6c180c6-1ubuntu1) zesty; urgency=medium [ Steve Langasek ] * Merge (not yet NEW cleared) changes from Debian branch. [ Mathieu Trudel-Lapierre ] * debian/patches/0001-shim-fix-the-mirroring-MokSBState-fail.patch: guard against errors in mirroring MokSBState to MokSBStateRT. Thanks to Ivan Hu for the patch. This will fix issues updating MokSBStateRT if the variable already exists with different attributes. (LP: #1644806) -- Mathieu Trudel-Lapierre <email address hidden> Thu, 01 Dec 2016 16:55:50 -0500
Superseded in zesty-release |
Obsolete in yakkety-release |
Deleted in yakkety-proposed (Reason: moved to release) |
shim (0.9+1465500757.14a5905.is.0.8-0ubuntu3) vivid; urgency=medium * Ship a prebuilt MokManager.efi.signed from debian/, since for the revert files need to match a one-time signing key, and shim-signed ships shim 0.8 with a specific key we can't reproduce here. -- Mathieu Trudel-Lapierre <email address hidden> Thu, 06 Oct 2016 16:59:26 -0400
Available diffs
shim (0.9+1465500757.14a5905.is.0.8-0ubuntu2) wily; urgency=medium * Revert to shim 0.8 for now; which at least doesn't crash if fallback.efi is absent. (LP: #1624096) - This effectively reverts shim to 0.8-0ubuntu2. -- Mathieu Trudel-Lapierre <email address hidden> Mon, 03 Oct 2016 14:32:28 -0400
Available diffs
Deleted in xenial-proposed (Reason: verification-failed: LP: #1581299) |
Deleted in trusty-proposed (Reason: verification-failed: LP: #1581299) |
Deleted in yakkety-proposed (Reason: verification-failed: LP: #1581299) |
Superseded in zesty-release |
Deleted in zesty-proposed (Reason: moved to release) |
shim (0.9+1474479173.6c180c6-0ubuntu1) yakkety; urgency=medium [ Helen Koike ] * debian/copyright: add OpenSSL license [ Mathieu Trudel-Lapierre ] * New upstream release. (LP: #1624096) * debian/copyright: patches should be BSD, like the rest of the upstream code. * debian/patches/unused-variable: dropped; applied upstream. * debian/patches/binutils-version-matching: dropped, fixed upstream. * debian/shim.install: built EFI binaries were renamed; update our install file to properly pick up shim (shim$arch), MokManager (mm$arch), and fallback (fb$arch). -- Mathieu Trudel-Lapierre <email address hidden> Thu, 22 Sep 2016 15:02:20 -0400
Available diffs
- diff from 0.8-0ubuntu2 to 0.9+1474479173.6c180c6-0ubuntu1 (1.9 MiB)
- diff from 0.9+1465500757.14a5905-0ubuntu1~cy3 (in ~cyphermox/ubuntu/efi) to 0.9+1474479173.6c180c6-0ubuntu1 (117.1 KiB)
- diff from 0.9+1465500757.14a5905.is.0.8-0ubuntu3 to 0.9+1474479173.6c180c6-0ubuntu1 (1.9 MiB)
- diff from 0.9+1474479173.6c180c6-0ubuntu1~mtrudel1 to 0.9+1474479173.6c180c6-0ubuntu1 (581 bytes)
shim (0.9+1465500757.14a5905-0ubuntu1) yakkety; urgency=medium * New upstream release. - Better handle LoadOptions. (LP: #1581299) - Measure state and second stage in TPM. - Mirror MokSBState in runtime as MokSBStateRT. - Fix failure to build with GCC 5. (LP: #1429978) - Various bug fixes and other improvements. * Refreshed patches. - Remaining patches: + second-stage-path + sbsigntool-not-pesign * debian/patches/unused-variable: remove unused variable size. * debian/patches/binutils-version-matching: revert d9a4c912 to correctly match objcopy's version on Ubuntu. * debian/copyright: update copyright for patches. -- Mathieu Trudel-Lapierre <email address hidden> Tue, 26 Jul 2016 16:48:32 -0400
Available diffs
Superseded in yakkety-release |
Published in xenial-release |
Obsolete in vivid-updates |
Superseded in trusty-updates |
Published in precise-updates |
Deleted in vivid-proposed (Reason: moved to -updates) |
Obsolete in utopic-proposed |
Deleted in trusty-proposed (Reason: moved to -updates) |
Deleted in precise-proposed (Reason: moved to -updates) |
Obsolete in wily-release |
Deleted in wily-proposed (Reason: moved to release) |
shim (0.8-0ubuntu2) wily; urgency=medium * No-change rebuild against gnu-efi 3.0v-5ubuntu1.
Available diffs
Deleted in wily-proposed (Reason: superseded by version in shim staging ppa) |
shim (0.8-0ubuntu1) wily; urgency=medium * New upstream release. - Clarify meaning of insecure_mode. (LP: #1384973) * debian/patches/CVE-2014-3675.patch, debian/patches/CVE-2014-3677.patch, debian/patches/0001-Update-openssl-to-0.9.8za.patch: dropped, included in the upstream release. * debian/patches/sbsigntool-not-pesign,debian/patches/second-stage-path: refreshed. -- Mathieu Trudel-Lapierre <email address hidden> Mon, 11 May 2015 19:50:49 -0400
Available diffs
Superseded in wily-release |
Obsolete in vivid-release |
Obsolete in utopic-release |
Deleted in utopic-proposed (Reason: moved to release) |
shim (0.7-0ubuntu4) utopic; urgency=medium * SECURITY UPDATE: heap overflow and out-of-bounds read access when parsing DHCPv6 information - debian/patches/CVE-2014-3675.patch: apply proper bounds checking when parsing data provided in DHCPv6 packets. - CVE-2014-3675 - CVE-2014-3676 * SECURITY UPDATE: memory corruption when processing user-provided key lists - debian/patches/CVE-2014-3677.patch: detect malformed machine owner key (MOK) lists and ignore them, avoiding possible memory corruption. - CVE-2014-3677
Available diffs
- diff from 0.7-0ubuntu3 to 0.7-0ubuntu4 (279 bytes)
- diff from 0.4-0ubuntu5 (in Ubuntu) to 0.7-0ubuntu4 (130.1 KiB)
- diff from 0.4-0ubuntu4 (in Ubuntu) to 0.7-0ubuntu4 (130.3 KiB)
Deleted in utopic-proposed (Reason: Need to remove shim to unblock d-i and the kernel) |
shim (0.4-0ubuntu5) utopic; urgency=low * Install fallback.efi.signed as well, to lay the groundwork for fallback handling (wanted when we have to move a drive between machines, or when the firmware loses its marbles^W nvram). -- Steve Langasek <email address hidden> Mon, 04 Aug 2014 12:11:13 +0200
Available diffs
- diff from 0.4-0ubuntu4 to 0.4-0ubuntu5 (515 bytes)
Superseded in utopic-release |
Obsolete in raring-updates |
Obsolete in quantal-updates |
Superseded in precise-updates |
Published in trusty-release |
Deleted in precise-proposed (Reason: moved to -updates) |
Deleted in raring-proposed (Reason: moved to -updates) |
Deleted in quantal-proposed (Reason: moved to -updates) |
Obsolete in saucy-release |
Deleted in saucy-proposed (Reason: moved to release) |
shim (0.4-0ubuntu4) saucy; urgency=low * debian/patches/fix-tftp-prototype: pass the right arguments to EFI_PXE_BASE_CODE_TFTP_READ_FILE. * debian/patches/build-with-Werror: Build with -Werror to catch future prototype mismatches. * debian/patches/fix-compiler-warnings: Fix remaining compiler warnings in netboot.c. * debian/patches/tftp-proper-nul-termination: fix nul termination errors in filenames passed to tftp. * debian/patches/netboot-cleanup: roll-up of miscellaneous fixes to the netboot code. -- Steve Langasek <email address hidden> Mon, 23 Sep 2013 00:30:00 -0700
Available diffs
shim (0.4-0ubuntu3) saucy; urgency=low [ Steve Langasek ] * Install MokManager.efi.signed in the package. * debian/patches/no-output-by-default.patch: Don't print any informational messages. Closes LP: #1074302. [ Stéphane Graber ] * debian/patches/no-print-on-unsigned: Don't print an error message when validating an unsigned binary as that tends to hang Lenovo machines. (LP: #1087501) -- Stephane Graber <email address hidden> Thu, 08 Aug 2013 17:12:12 +0200
Available diffs
- diff from 0.4-0ubuntu2 to 0.4-0ubuntu3 (1.5 KiB)
shim (0.4-0ubuntu2) saucy; urgency=low * Add missing build-dependency on openssl. -- Steve Langasek <email address hidden> Tue, 02 Jul 2013 20:30:43 +0000
Available diffs
- diff from 0~20120906.bcd0a4e8-0ubuntu4 to 0.4-0ubuntu2 (36.2 KiB)
- diff from 0.4-0ubuntu1 to 0.4-0ubuntu2 (515 bytes)
Superseded in saucy-proposed |
shim (0.4-0ubuntu1) saucy; urgency=low * New upstream release. * Drop debian/patches/shim-before-loadimage; upstream has changed this to not call loadimage at all. * debian/patches/sbsigntool-not-pesign: Sign MokManager with sbsigntool instead of pesign. * Add a versioned build-dependency on gnu-efi. -- Steve Langasek <email address hidden> Tue, 02 Jul 2013 12:53:24 -0700
Available diffs
Superseded in saucy-release |
Superseded in precise-updates |
Deleted in precise-proposed (Reason: moved to -updates) |
Superseded in precise-proposed |
Obsolete in raring-release |
Obsolete in quantal-release |
Deleted in quantal-proposed (Reason: moved to release) |
shim (0~20120906.bcd0a4e8-0ubuntu4) quantal-proposed; urgency=low * debian/patches/shim-before-loadimage: Use direct verification first before LoadImage. Addresses an issue where Lenovo's SecureBoot implementation pops an error message on any verification failure - avoid calling LoadImage at all unless we have to. -- Steve Langasek <email address hidden> Wed, 10 Oct 2012 15:28:40 -0700
Available diffs
shim (0~20120906.bcd0a4e8-0ubuntu3) quantal; urgency=low * debian/patches/second-stage-path: Chainload grubx64.efi, not grub.efi. -- Steve Langasek <email address hidden> Fri, 05 Oct 2012 11:20:58 -0700
Available diffs
Superseded in quantal-release |
shim (0~20120906.bcd0a4e8-0ubuntu2) quantal; urgency=low * debian/patches/prototypes: Include missing prototypes, and disable use of BIO_new_file. * Only build the package for amd64; we're not signing an i386 shim at this stage so there's no point in building it. -- Steve Langasek <email address hidden> Thu, 04 Oct 2012 17:47:04 +0000
Available diffs
Superseded in quantal-release |
shim (0~20120906.bcd0a4e8-0ubuntu1) quantal; urgency=low * Initial release. * Include the Canonical Secure Boot master CA. -- Steve Langasek <email address hidden> Thu, 04 Oct 2012 00:01:06 -0700
1 → 28 of 28 results | First • Previous • Next • Last |