Change log for shim package in Ubuntu

119 of 19 results
Published in eoan-release on 2019-04-18
Published in xenial-updates on 2019-01-21
Deleted in xenial-updates (Reason: revert SRU)
Published in disco-release on 2018-10-30
Published in bionic-updates on 2018-10-11
Deleted in bionic-proposed (Reason: moved to -updates)
Deleted in bionic-updates (Reason: Rolling back an SRU)
Deleted in xenial-proposed (Reason: moved to -updates)
Deleted in bionic-proposed (Reason: moved to -updates)
Published in cosmic-release on 2018-08-29
Deleted in cosmic-proposed (Reason: moved to release)
shim (15+1533136590.3beb971-0ubuntu1) cosmic; urgency=medium

  [ Steve Langasek ]
  * Fix Vcs link.

  [ dann frazier ]
  * Enable arm64 build.

  [ Mathieu Trudel-Lapierre ]
  * New upstream snapshot.
  * debian/patches/abort_abort_abort.patch: dropped patch, included upstream.
  * debian/rules:
    - define RELEASE and COMMIT_ID for the snapshot.
    - Set ENABLE_HTTPBOOT to enable the HTTP Boot feature.
  * debian/patches/fixup_git.patch: don't run git in clean; we're not really
    in a git tree.

 -- Mathieu Trudel-Lapierre <email address hidden>  Wed, 22 Aug 2018 10:52:10 -0400
Superseded in xenial-updates on 2019-01-21
Published in trusty-updates on 2018-09-13
Deleted in trusty-proposed (Reason: moved to -updates)
Superseded in cosmic-release on 2018-08-29
Superseded in xenial-updates on 2018-11-01
Published in artful-updates on 2018-02-05
Deleted in xenial-proposed (Reason: moved to -updates)
Deleted in artful-proposed (Reason: moved to -updates)
Published in bionic-release on 2018-01-15
Deleted in bionic-proposed (Reason: moved to release)
shim (13-0ubuntu2) bionic; urgency=medium

  * debian/patches/abort_abort_abort.patch: signtool.exe isn't happy with some
    of the structure of our binary, partly because abort() is thought to be an
    external symbol, which causes some relocalisations to appear.

 -- Mathieu Trudel-Lapierre <email address hidden>  Tue, 07 Nov 2017 10:19:04 -0500

Available diffs

Superseded in bionic-release on 2018-01-15
Superseded in trusty-updates on 2018-09-13
Deleted in trusty-proposed (Reason: moved to -updates)
Published in artful-release on 2017-04-20
Superseded in xenial-updates on 2018-02-05
Obsolete in yakkety-updates on 2018-01-23
Deleted in yakkety-proposed (Reason: moved to -updates)
Deleted in xenial-proposed (Reason: moved to -updates)
Obsolete in zesty-release on 2018-06-22
Deleted in zesty-proposed (Reason: moved to release)
shim (0.9+1474479173.6c180c6-1ubuntu1) zesty; urgency=medium

  [ Steve Langasek ]
  * Merge (not yet NEW cleared) changes from Debian branch.

  [ Mathieu Trudel-Lapierre ]
  * debian/patches/0001-shim-fix-the-mirroring-MokSBState-fail.patch: guard
    against errors in mirroring MokSBState to MokSBStateRT. Thanks to Ivan Hu
    for the patch. This will fix issues updating MokSBStateRT if the variable
    already exists with different attributes. (LP: #1644806)

 -- Mathieu Trudel-Lapierre <email address hidden>  Thu, 01 Dec 2016 16:55:50 -0500
Superseded in zesty-release on 2016-10-22
Obsolete in yakkety-release on 2018-01-23
Deleted in yakkety-proposed on 2018-01-23 (Reason: moved to release)
shim ( vivid; urgency=medium

  * Ship a prebuilt MokManager.efi.signed from debian/, since for the revert
    files need to match a one-time signing key, and shim-signed ships shim 0.8
    with a specific key we can't reproduce here.

 -- Mathieu Trudel-Lapierre <email address hidden>  Thu, 06 Oct 2016 16:59:26 -0400
Superseded in yakkety-release on 2016-10-07
Deleted in yakkety-proposed on 2016-10-08 (Reason: moved to release)
shim ( wily; urgency=medium

  * Revert to shim 0.8 for now; which at least doesn't crash if fallback.efi
    is absent. (LP: #1624096)
    - This effectively reverts shim to 0.8-0ubuntu2.

 -- Mathieu Trudel-Lapierre <email address hidden>  Mon, 03 Oct 2016 14:32:28 -0400
Deleted in xenial-proposed on 2017-03-23 (Reason: verification-failed: LP: #1581299)
Deleted in trusty-proposed on 2017-03-23 (Reason: verification-failed: LP: #1581299)
Deleted in yakkety-proposed on 2017-03-23 (Reason: verification-failed: LP: #1581299)
Superseded in zesty-release on 2017-03-22
Deleted in zesty-proposed on 2017-03-23 (Reason: moved to release)
shim (0.9+1474479173.6c180c6-0ubuntu1) yakkety; urgency=medium

  [ Helen Koike ]
  * debian/copyright: add OpenSSL license

  [ Mathieu Trudel-Lapierre ]
  * New upstream release. (LP: #1624096)
  * debian/copyright: patches should be BSD, like the rest of the upstream
  * debian/patches/unused-variable: dropped; applied upstream.
  * debian/patches/binutils-version-matching: dropped, fixed upstream.
  * debian/shim.install: built EFI binaries were renamed; update our install
    file to properly pick up shim (shim$arch), MokManager (mm$arch), and
    fallback (fb$arch).

 -- Mathieu Trudel-Lapierre <email address hidden>  Thu, 22 Sep 2016 15:02:20 -0400
Superseded in yakkety-release on 2016-10-04
Deleted in yakkety-proposed on 2016-10-06 (Reason: moved to release)
shim (0.9+1465500757.14a5905-0ubuntu1) yakkety; urgency=medium

  * New upstream release.
    - Better handle LoadOptions. (LP: #1581299)
    - Measure state and second stage in TPM.
    - Mirror MokSBState in runtime as MokSBStateRT.
    - Fix failure to build with GCC 5. (LP: #1429978)
    - Various bug fixes and other improvements.
  * Refreshed patches.
    - Remaining patches:
      + second-stage-path
      + sbsigntool-not-pesign
  * debian/patches/unused-variable: remove unused variable size.
  * debian/patches/binutils-version-matching: revert d9a4c912 to correctly
    match objcopy's version on Ubuntu.
  * debian/copyright: update copyright for patches.

 -- Mathieu Trudel-Lapierre <email address hidden>  Tue, 26 Jul 2016 16:48:32 -0400
Superseded in yakkety-release on 2016-08-08
Published in xenial-release on 2015-10-22
Obsolete in vivid-updates on 2018-01-18
Superseded in trusty-updates on 2017-08-28
Published in precise-updates on 2015-09-01
Deleted in vivid-proposed (Reason: moved to -updates)
Obsolete in utopic-proposed on 2016-11-03
Deleted in trusty-proposed (Reason: moved to -updates)
Deleted in precise-proposed (Reason: moved to -updates)
Obsolete in wily-release on 2018-01-22
Deleted in wily-proposed (Reason: moved to release)
shim (0.8-0ubuntu2) wily; urgency=medium

  * No-change rebuild against gnu-efi 3.0v-5ubuntu1.

Deleted in wily-proposed on 2015-05-15 (Reason: superseded by version in shim staging ppa)
shim (0.8-0ubuntu1) wily; urgency=medium

  * New upstream release.
    - Clarify meaning of insecure_mode. (LP: #1384973)
  * debian/patches/CVE-2014-3675.patch, debian/patches/CVE-2014-3677.patch,
    debian/patches/0001-Update-openssl-to-0.9.8za.patch: dropped, included
    in the upstream release.
  * debian/patches/sbsigntool-not-pesign,debian/patches/second-stage-path:

 -- Mathieu Trudel-Lapierre <email address hidden>  Mon, 11 May 2015 19:50:49 -0400
Superseded in wily-release on 2015-06-07
Obsolete in vivid-release on 2018-01-18
Obsolete in utopic-release on 2016-11-03
Deleted in utopic-proposed on 2018-01-19 (Reason: moved to release)
shim (0.7-0ubuntu4) utopic; urgency=medium

  * SECURITY UPDATE: heap overflow and out-of-bounds read access when
    parsing DHCPv6 information
    - debian/patches/CVE-2014-3675.patch: apply proper bounds checking
      when parsing data provided in DHCPv6 packets.
    - CVE-2014-3675
    - CVE-2014-3676
  * SECURITY UPDATE: memory corruption when processing user-provided key
    - debian/patches/CVE-2014-3677.patch: detect malformed machine owner
      key (MOK) lists and ignore them, avoiding possible memory corruption.
    - CVE-2014-3677

Deleted in utopic-proposed on 2014-08-11 (Reason: Need to remove shim to unblock d-i and the kernel)
shim (0.4-0ubuntu5) utopic; urgency=low

  * Install fallback.efi.signed as well, to lay the groundwork for fallback
    handling (wanted when we have to move a drive between machines, or when
    the firmware loses its marbles^W nvram).
 -- Steve Langasek <email address hidden>   Mon, 04 Aug 2014 12:11:13 +0200

Available diffs

Superseded in utopic-release on 2014-10-22
Obsolete in raring-updates on 2015-04-24
Obsolete in quantal-updates on 2015-04-24
Superseded in precise-updates on 2015-09-01
Published in trusty-release on 2013-10-18
Deleted in precise-proposed (Reason: moved to -updates)
Deleted in raring-proposed (Reason: moved to -updates)
Deleted in quantal-proposed (Reason: moved to -updates)
Obsolete in saucy-release on 2015-04-24
Deleted in saucy-proposed (Reason: moved to release)
shim (0.4-0ubuntu4) saucy; urgency=low

  * debian/patches/fix-tftp-prototype: pass the right arguments to
  * debian/patches/build-with-Werror: Build with -Werror to catch future
    prototype mismatches.
  * debian/patches/fix-compiler-warnings: Fix remaining compiler
    warnings in netboot.c.
  * debian/patches/tftp-proper-nul-termination: fix nul termination
    errors in filenames passed to tftp.
  * debian/patches/netboot-cleanup: roll-up of miscellaneous fixes to
    the netboot code.
 -- Steve Langasek <email address hidden>   Mon, 23 Sep 2013 00:30:00 -0700
Superseded in saucy-release on 2013-09-23
Deleted in saucy-proposed on 2013-09-24 (Reason: moved to release)
shim (0.4-0ubuntu3) saucy; urgency=low

  [ Steve Langasek ]
  * Install MokManager.efi.signed in the package.
  * debian/patches/no-output-by-default.patch: Don't print any
    informational messages.  Closes LP: #1074302.

  [ St├ęphane Graber ]
  * debian/patches/no-print-on-unsigned: Don't print an error message when
    validating an unsigned binary as that tends to hang Lenovo machines.
    (LP: #1087501)
 -- Stephane Graber <email address hidden>   Thu, 08 Aug 2013 17:12:12 +0200

Available diffs

Superseded in saucy-release on 2013-08-08
Deleted in saucy-proposed on 2013-08-09 (Reason: moved to release)
shim (0.4-0ubuntu2) saucy; urgency=low

  * Add missing build-dependency on openssl.
 -- Steve Langasek <email address hidden>   Tue, 02 Jul 2013 20:30:43 +0000
Superseded in saucy-proposed on 2013-07-02
shim (0.4-0ubuntu1) saucy; urgency=low

  * New upstream release.
  * Drop debian/patches/shim-before-loadimage; upstream has changed this to
    not call loadimage at all.
  * debian/patches/sbsigntool-not-pesign: Sign MokManager with
    sbsigntool instead of pesign.
  * Add a versioned build-dependency on gnu-efi.
 -- Steve Langasek <email address hidden>   Tue, 02 Jul 2013 12:53:24 -0700
Superseded in saucy-release on 2013-07-02
Superseded in precise-updates on 2013-11-07
Deleted in precise-proposed on 2015-05-01 (Reason: moved to -updates)
Superseded in precise-proposed on 2012-11-13
Obsolete in raring-release on 2015-04-24
Obsolete in quantal-release on 2015-04-24
Deleted in quantal-proposed on 2015-05-01 (Reason: moved to release)
shim (0~20120906.bcd0a4e8-0ubuntu4) quantal-proposed; urgency=low

  * debian/patches/shim-before-loadimage: Use direct verification first
    before LoadImage.  Addresses an issue where Lenovo's SecureBoot
    implementation pops an error message on any verification failure - avoid
    calling LoadImage at all unless we have to.
 -- Steve Langasek <email address hidden>   Wed, 10 Oct 2012 15:28:40 -0700
Superseded in quantal-release on 2012-10-12
Superseded in quantal-release on 2012-10-10
shim (0~20120906.bcd0a4e8-0ubuntu3) quantal; urgency=low

  * debian/patches/second-stage-path: Chainload grubx64.efi, not
 -- Steve Langasek <email address hidden>   Fri, 05 Oct 2012 11:20:58 -0700
Superseded in quantal-release on 2012-10-05
shim (0~20120906.bcd0a4e8-0ubuntu2) quantal; urgency=low

  * debian/patches/prototypes: Include missing prototypes, and disable
    use of BIO_new_file.
  * Only build the package for amd64; we're not signing an i386 shim at this
    stage so there's no point in building it.
 -- Steve Langasek <email address hidden>   Thu, 04 Oct 2012 17:47:04 +0000
Superseded in quantal-release on 2012-10-04
shim (0~20120906.bcd0a4e8-0ubuntu1) quantal; urgency=low

  * Initial release.
  * Include the Canonical Secure Boot master CA.
 -- Steve Langasek <email address hidden>   Thu, 04 Oct 2012 00:01:06 -0700
119 of 19 results