]>
Commit | Line | Data |
---|---|---|
b61b8af8 SM |
1 | shim (15.7-1) UNRELEASED; urgency=medium |
2 | ||
3 | * New upstream release fixing more bugs | |
4 | * Add a further patch from upstream: | |
5 | + Make sbat_var.S parse right with buggy gcc/binutils | |
65f161ee | 6 | * Switch to using gcc-12. Closes: #1022180 |
b61b8af8 SM |
7 | |
8 | -- Steve McIntyre <93sam@debian.org> Sun, 22 Jan 2023 13:12:14 +0000 | |
9 | ||
85e5473c | 10 | shim (15.6-1) unstable; urgency=medium |
84c2b7db SM |
11 | |
12 | * New upstream release fixing more bugs | |
13 | + Remove all our old patches, all now upstream: | |
14 | - fix-32b-format-strings.patch | |
15 | - fix-test-includes.patch | |
16 | ||
85e5473c | 17 | -- Steve McIntyre <93sam@debian.org> Thu, 21 Jul 2022 14:04:01 +0200 |
84c2b7db | 18 | |
7c81b875 SM |
19 | shim (15.5-1) UNRELEASED; urgency=medium |
20 | ||
21 | * New upstream release fixing more bugs | |
22 | + Remove all our old patches, all now upstream: | |
23 | - Don-t-call-QueryVariableInfo-on-EFI-1.10-machines.patch | |
24 | - MOK-BootServicesData.patch | |
25 | - fix-broken-ia32-reloc.patch | |
26 | - fix-import_one_mok_state.patch | |
27 | - fix_arm64_rela_sections.patch | |
28 | - relax_check_for_import_mok_state.patch | |
c8efa9ab | 29 | * Fix format strings for 32-bit builds |
b947ca6a | 30 | * Tweak setup for dh_auto_test so the tests work |
e4de7243 | 31 | * Add new build-dep on libefivar-dev for tests |
7c81b875 SM |
32 | |
33 | -- Steve McIntyre <93sam@debian.org> Wed, 27 Apr 2022 22:50:08 +0100 | |
34 | ||
39c311d6 SM |
35 | shim (15.4-7) unstable; urgency=high |
36 | ||
37 | * Tweak how we call grub-install; don't abort on error. Not ideal | |
38 | behaviour either, but don't break upgrades. Copy the behaviour | |
39 | from the grub packages here. Closes: #990966 | |
40 | ||
41 | -- Steve McIntyre <93sam@debian.org> Mon, 12 Jul 2021 08:53:54 +0100 | |
42 | ||
6699b2ef | 43 | shim (15.4-6) unstable; urgency=high |
9ace660b SM |
44 | |
45 | * Add arm64 patch to tweak section layout and stop crashing | |
46 | problems. Upstream issue #371. Closes: #990082, #990190 | |
ec8a172b SM |
47 | * In insecure mode, don't abort if we can't create the MokListXRT |
48 | variable. Upstream issue #372. Closes: #989962, #990158 | |
9ace660b | 49 | |
6699b2ef | 50 | -- Steve McIntyre <93sam@debian.org> Wed, 23 Jun 2021 19:03:54 +0100 |
9ace660b | 51 | |
45dce646 SM |
52 | shim (15.4-5) unstable; urgency=medium |
53 | ||
54 | * Add defensive code around calls to db_get. Don't fail if they | |
55 | return errors. | |
56 | ||
57 | -- Steve McIntyre <93sam@debian.org> Thu, 06 May 2021 00:37:49 +0100 | |
58 | ||
fca69056 SM |
59 | shim (15.4-4) unstable; urgency=medium |
60 | ||
61 | * Fix up those maintainer scripts - if we're not running on an EFI | |
62 | system then exit cleanly. | |
63 | ||
64 | -- Steve McIntyre <93sam@debian.org> Tue, 04 May 2021 17:53:21 +0100 | |
65 | ||
29f231fd SM |
66 | shim (15.4-3) unstable; urgency=medium |
67 | ||
68 | * Add maintainer scripts to the template packages to manage | |
69 | installing and removing fbXXX.efi and mmXXX.efi when we | |
70 | install/remove the shim-helpers-$arch-signed packages. | |
71 | Closes: #966845 | |
72 | ||
73 | -- Steve McIntyre <93sam@debian.org> Mon, 03 May 2021 20:48:49 +0100 | |
74 | ||
11e0f1da SM |
75 | shim (15.4-2) unstable; urgency=medium |
76 | ||
77 | * Add two further patches from upstream: | |
78 | + fix import_one_mok_state() after split | |
79 | + Don't call QueryVariableInfo() on EFI 1.10 machines (e.g. older | |
80 | Intel Mac machines) | |
81 | ||
82 | -- Steve McIntyre <93sam@debian.org> Wed, 21 Apr 2021 00:23:02 +0100 | |
83 | ||
2f7c6c8d | 84 | shim (15.4-1) unstable; urgency=medium |
b43a60b2 | 85 | |
8d2bea5a SM |
86 | * New upstream release fixing more bugs: SBAT and arm64 support |
87 | * Print sha256 checksums of the EFI binaries when the build is done | |
88 | * Add two patches from upstream: | |
89 | + fix i386 binary relocations | |
90 | + allocate MOK config table as BootServicesData | |
b43a60b2 | 91 | |
2f7c6c8d | 92 | -- Steve McIntyre <93sam@debian.org> Wed, 31 Mar 2021 18:25:00 +0100 |
b43a60b2 | 93 | |
90ce8849 SM |
94 | shim (15.3-3) unstable; urgency=medium |
95 | ||
96 | * Update the timestamp for the 15.3-2 upload. | |
97 | * Only include the upstream version in the Debian SBAT metadata, so | |
98 | we don't break reproducibility on every minor packaging change. | |
99 | ||
100 | -- Steve McIntyre <93sam@debian.org> Wed, 24 Mar 2021 13:21:05 +0000 | |
101 | ||
f1d23e72 SM |
102 | shim (15.3-2) unstable; urgency=medium |
103 | ||
104 | * Add missing build-dep on xxd for build-time unit tests | |
105 | ||
90ce8849 | 106 | -- Steve McIntyre <93sam@debian.org> Wed, 24 Mar 2021 02:21:53 +0000 |
f1d23e72 | 107 | |
85b40923 | 108 | shim (15.3-1) unstable; urgency=medium |
371ed906 SM |
109 | |
110 | [ Steve McIntyre ] | |
85b40923 | 111 | * Switch to much-newer release with many fixes |
371ed906 | 112 | + Particularly pulling in SBAT changes for better revocation support |
e105392d SM |
113 | + Remove all our old patches, no longer needed: |
114 | - avoid_null_vsprint.patch | |
115 | - check_null_sn_ln.patch | |
116 | - fixup_git.patch | |
117 | - uname.patch | |
118 | - use_compare_mem_gcc9.patch | |
85b40923 SM |
119 | + Now includes a vendor copy of gnu-efi with quite a few extra |
120 | fixes needed. | |
121 | + Update copyright file to cover these changes | |
334e9afa | 122 | * Switch to using gcc-10 rather than gcc-9. Closes: #978521 |
58195ca3 SM |
123 | * Add dbx entries for all our existing grub binaries |
124 | + They're insecure, let's break the chainloading hole. | |
2e0a83e1 SM |
125 | * Add Debian SBAT data |
126 | + Add a Debian SBAT template, and rules to use it | |
127 | + Adds a build-dep on dos2unix | |
371ed906 | 128 | |
85b40923 | 129 | -- Steve McIntyre <93sam@debian.org> Tue, 23 Mar 2021 23:39:48 +0000 |
371ed906 | 130 | |
379f0954 | 131 | shim (15+1533136590.3beb971-10) unstable; urgency=medium |
69a55e24 | 132 | |
07cb34b4 | 133 | [ Debian Janitor ] |
69a55e24 | 134 | * Trim trailing whitespace. |
1a8bb34c | 135 | * Use secure copyright file specification URI. |
e1df2a1d DJ |
136 | * debian/copyright: use spaces rather than tabs to start continuation |
137 | lines. | |
6ce7b6e0 | 138 | * Bump debhelper from old 11 to 12. |
7d69650c | 139 | * Set debhelper-compat version in Build-Depends. |
90f64dae | 140 | * Set upstream metadata fields: Bug-Database, Bug-Submit. |
434300fc | 141 | * Update standards version to 4.4.1, no changes needed. |
69a55e24 | 142 | |
07cb34b4 SM |
143 | [ Steve McIntyre ] |
144 | * Trivial changes to generating the inbuilt dbx if we're using it. | |
379f0954 | 145 | * Upload to pick up rotated Debian signing keys |
07cb34b4 SM |
146 | |
147 | -- Steve McIntyre <93sam@debian.org> Fri, 24 Jul 2020 01:22:46 +0100 | |
69a55e24 | 148 | |
a7788a21 SM |
149 | shim (15+1533136590.3beb971-9) unstable; urgency=medium |
150 | ||
151 | [ Steve McIntyre ] | |
a7788a21 SM |
152 | * In the -helpers-ARCH-signed packages, change the version |
153 | dependency on shim-unsigned to be >= and not =. This will allow | |
154 | for installation to still work in the window while we wait for the | |
155 | template package to do its second trip through the | |
156 | archive. Closes: #955356 | |
157 | ||
158 | -- Steve McIntyre <93sam@debian.org> Mon, 30 Mar 2020 15:19:08 +0100 | |
159 | ||
8e0de2bd | 160 | shim (15+1533136590.3beb971-8) unstable; urgency=medium |
3a1cdbfd SM |
161 | |
162 | [ Steve McIntyre ] | |
163 | * Use --padding when calling pesign to generate hashes for the dbx | |
164 | list, as recommended by Peter Jones. No actual changes needed in | |
165 | our list of hashes at this point - they work out the same either | |
166 | way. | |
10b051f3 SM |
167 | * Switch to using gcc-9 for builds, tweaking a patch from upstream |
168 | to fix a FTBFS. Closes: #925816 | |
f320bcac SM |
169 | * Update debhelper compat level to 11 for shim and the |
170 | signing-template | |
3a1cdbfd | 171 | |
10b051f3 | 172 | -- Steve McIntyre <93sam@debian.org> Tue, 24 Mar 2020 16:51:10 +0000 |
3a1cdbfd | 173 | |
ee2d7bb9 | 174 | shim (15+1533136590.3beb971-7) unstable; urgency=medium |
99879366 | 175 | |
cd186442 | 176 | [ Ansgar Burchardt ] |
99879366 AB |
177 | * debian/control: Update Vcs-* fields |
178 | ||
878d860c SM |
179 | [ Steve McIntyre ] |
180 | * Backport needed crash fixes: | |
181 | + VLogError(): Avoid NULL pointer dereferences in (V)Sprint calls | |
315e8767 | 182 | + Fix OBJ_create() to tolerate a NULL sn and ln |
e17b0af4 SM |
183 | * Build using gcc-7 to get better control of reproducibility during the |
184 | lifetime of Buster. | |
88a7a650 SM |
185 | * Build in a dbx list to blacklist binaries that we know to not be |
186 | secure. Build-depend on a new (bug-fixed) version of pesign to | |
187 | generate that list at build time, using a list of known bad hashes. | |
188 | * Initial list of known bad hashes is just my personal test binary. | |
878d860c | 189 | |
ee2d7bb9 | 190 | -- Steve McIntyre <93sam@debian.org> Wed, 08 May 2019 02:05:01 +0100 |
99879366 | 191 | |
cb7c0af0 | 192 | shim (15+1533136590.3beb971-6) unstable; urgency=medium |
6bb31652 SM |
193 | |
194 | [ Steve McIntyre ] | |
195 | * Add Provides: and Breaks: to shim-helpers-$arch-signed to fix | |
196 | clashes with the old shim-signed package for fbx64.efi.signed and | |
197 | mmx64.efi.signed. Closes: #924619 | |
198 | ||
aa19fc4d HG |
199 | [ Helmut Grohne ] |
200 | * Fix FTCBFS: Set CROSS_COMPILE. (Closes: #922152) | |
201 | ||
6bb31652 SM |
202 | -- Steve McIntyre <93sam@debian.org> Sat, 23 Mar 2019 18:19:13 +0000 |
203 | ||
6a35a720 | 204 | shim (15+1533136590.3beb971-5) unstable; urgency=medium |
424d859c SM |
205 | |
206 | [ Ansgar Burchardt ] | |
207 | * Correct maintainer address in signing template | |
208 | ||
14b8b20e SM |
209 | [ Steve McIntyre ] |
210 | * Remove Rules-Requires-Root in the signing template. We manually install | |
211 | things owned by root. There might be better ways to do this, but this | |
212 | will do for now. | |
213 | ||
6a35a720 | 214 | -- Steve McIntyre <93sam@debian.org> Tue, 12 Mar 2019 01:38:19 +0000 |
424d859c | 215 | |
208bd43b SM |
216 | shim (15+1533136590.3beb971-4) unstable; urgency=medium |
217 | ||
218 | [ Steve McIntyre ] | |
219 | * No-change sourceful upload to get rebuilds (and hence build logs) from | |
220 | the buildds. Hoping to get this version signed by Microsoft, so let's | |
221 | make our setup as clean as possible. | |
222 | ||
223 | -- Steve McIntyre <93sam@debian.org> Sat, 09 Mar 2019 22:24:23 +0000 | |
224 | ||
b197d74e | 225 | shim (15+1533136590.3beb971-3) unstable; urgency=medium |
4bb202a0 PH |
226 | |
227 | [ Philipp Hahn ] | |
228 | * debian/rules: fixing permissions no longer required | |
e914483c | 229 | * debian/rules: Disable ephemeral key on Debian. |
c2dbb9ef | 230 | * Rename binary package to 'shim-unsigned' |
f7add225 | 231 | * Add template for signing {mm,fb}$ARCH.efi. (Closes: #922228) |
4bb202a0 | 232 | |
8c00485c LB |
233 | [ Luca Boccassi ] |
234 | * Override lintian error about template rules file. | |
9bfbee89 | 235 | * Include /usr/share/dpkg/architecture.mk instead of shelling out. |
51b45b03 LB |
236 | * Add uname.patch to avoid embedding the kernel architecture in the |
237 | binary and to use a fixed string instead. | |
8c00485c | 238 | |
d71a71f4 SM |
239 | [ Steve McIntyre ] |
240 | * Change maintenance address to be the EFI team | |
241 | * Add me and vorlon to the Uploaders list | |
ba30131d | 242 | * Rename the helper binary packages to shim-helpers-$arch. |
90609be3 SM |
243 | * Update the signing-template JSON metadata to match new practice: |
244 | + Move all the data under a new top-level "packages" key | |
245 | + Add an empty "trusted_certs" key - the helper binaries do not do any | |
246 | further verification with an embedded key. | |
d71a71f4 | 247 | |
90609be3 | 248 | -- Steve McIntyre <93sam@debian.org> Fri, 08 Mar 2019 21:59:43 +0000 |
4bb202a0 | 249 | |
88190087 | 250 | shim (15+1533136590.3beb971-2) unstable; urgency=medium |
100e3b0c SL |
251 | |
252 | * Update debian/watch. | |
2fab563a | 253 | * Update VCS to point to salsa. |
cebae05a | 254 | * Fix debian/rules syntax for arm64 build. |
21efb35c | 255 | * Enable build for i386. |
1d945f76 | 256 | * Ensure DEB_HOST_ARCH is set even if not present in the environment. |
2b9acc73 | 257 | * Update Standards-Version. |
47660e67 | 258 | * Update debian/copyright (drop reference to file no longer in source) |
100e3b0c | 259 | |
88190087 | 260 | -- Steve Langasek <vorlon@debian.org> Mon, 11 Feb 2019 05:18:18 +0000 |
100e3b0c | 261 | |
ab4c731c | 262 | shim (15+1533136590.3beb971-1) unstable; urgency=medium |
fac86c74 | 263 | |
ab4c731c SL |
264 | * New upstream release. |
265 | - debian/patches/second-stage-path: dropped; the default loader path now | |
266 | includes an arch suffix. | |
267 | - debian/patches/sbsigntool-no-pesign: dropped; no longer needed. | |
268 | * Drop remaining patches that were not being applied. | |
269 | * Sync packaging from Ubuntu: | |
270 | - debian/copyright: Update upstream source location. | |
271 | - debian/control: add a Build-Depends on libelf-dev. | |
272 | - Enable arm64 build. | |
273 | - debian/patches/fixup_git.patch: don't run git in clean; we're not | |
274 | really in a git tree. | |
275 | - debian/rules, debian/shim.install: use the upstream install target as | |
276 | intended, and move files to the target directory using dh_install. | |
f42b58fc MTL |
277 | - define RELEASE and COMMIT_ID for the snapshot. |
278 | - Set ENABLE_HTTPBOOT to enable the HTTP Boot feature. | |
f841331c MTL |
279 | - Update dh_auto_build/dh_auto_clean/dh_auto_install for new upstream |
280 | options: set MAKELEVEL. | |
5d42729f MTL |
281 | - Define an EFI_ARCH variable, and use that for paths to shim. This |
282 | makes it possible to build a shim for other architectures than amd64. | |
ab4c731c | 283 | - Set EFIDIR=$distro for dh_auto_install; that will let files be installed |
3f5806e4 | 284 | in the "right" final directories, and makes boot.csv for us. |
661d3ea1 MTL |
285 | - Set ENABLE_SHIM_CERT, to keep using ephemeral self-signed certs built |
286 | at compile-time for MokManager and fallback. | |
402fafb4 MTL |
287 | - Set ENABLE_SBSIGN, to use sbsign instead of pesign for signing fallback |
288 | and MokManager. | |
11c5b79d | 289 | |
ab4c731c | 290 | -- Steve Langasek <vorlon@debian.org> Sat, 09 Feb 2019 07:23:19 +0000 |
bd98c8fd | 291 | |
c117735c JC |
292 | shim (0.9+1474479173.6c180c6-1) unstable; urgency=medium |
293 | ||
294 | [ Steve Langasek ] | |
295 | * Initial Debian upload. Closes: #820052. | |
296 | * Update Standards-Version. | |
297 | * Embed the newly-minted Debian CA certificate. | |
298 | * Vendorize debian/rules so that the same package can be used in both | |
299 | Debian and Ubuntu without modification. | |
300 | * Fix debian/copyright to match the spec (last match wins, not first) | |
301 | * Fix shim.efi to not be executable. | |
302 | * Add watchfile. | |
303 | * Support parallel builds, because eh why not | |
304 | * Update Vcs-Bzr. | |
305 | * Resync with Ubuntu, including patch to fix debian/copyright. | |
306 | ||
307 | [ Julien Cristau ] | |
308 | * Add some missing copyright holders in d/copyright, update | |
309 | Upstream-Contact. Thanks to Helen Koike for the help. | |
310 | ||
311 | -- Julien Cristau <jcristau@debian.org> Sat, 15 Oct 2016 15:17:34 +0200 | |
312 | ||
313 | shim (0.9+1474479173.6c180c6-0ubuntu1) UNRELEASED; urgency=medium | |
314 | ||
315 | [ Helen Koike ] | |
69a55e24 | 316 | * debian/copyright: add OpenSSL license |
c117735c JC |
317 | |
318 | [ Mathieu Trudel-Lapierre ] | |
319 | * New upstream release. | |
320 | * debian/copyright: patches should be BSD, like the rest of the upstream | |
321 | code. | |
322 | * debian/patches/unused-variable: dropped; applied upstream. | |
323 | * debian/patches/binutils-version-matching: dropped, fixed upstream. | |
324 | * debian/shim.install: built EFI binaries were renamed; update our install | |
325 | file to properly pick up shim (shim$arch), MokManager (mm$arch), and | |
326 | fallback (fb$arch). | |
327 | ||
328 | -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Wed, 21 Sep 2016 20:29:44 -0400 | |
329 | ||
330 | shim (0.9+1465500757.14a5905-0ubuntu1) yakkety; urgency=medium | |
331 | ||
332 | * New upstream release. | |
333 | - Better handle LoadOptions. (LP: #1581299) | |
334 | - Measure state and second stage in TPM. | |
335 | - Mirror MokSBState in runtime as MokSBStateRT. | |
336 | - Fix failure to build with GCC 5. (LP: #1429978) | |
337 | - Various bug fixes and other improvements. | |
338 | * Refreshed patches. | |
339 | - Remaining patches: | |
340 | + second-stage-path | |
69a55e24 | 341 | + sbsigntool-not-pesign |
c117735c JC |
342 | * debian/patches/unused-variable: remove unused variable size. |
343 | * debian/patches/binutils-version-matching: revert d9a4c912 to correctly | |
344 | match objcopy's version on Ubuntu. | |
345 | * debian/copyright: update copyright for patches. | |
346 | ||
347 | -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Tue, 26 Jul 2016 16:48:32 -0400 | |
348 | ||
349 | shim (0.8-0ubuntu2) wily; urgency=medium | |
350 | ||
351 | * No-change rebuild against gnu-efi 3.0v-5ubuntu1. | |
352 | ||
353 | -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 12 May 2015 17:48:30 +0000 | |
354 | ||
355 | shim (0.8-0ubuntu1) wily; urgency=medium | |
356 | ||
357 | * New upstream release. | |
358 | - Clarify meaning of insecure_mode. (LP: #1384973) | |
359 | * debian/patches/CVE-2014-3675.patch, debian/patches/CVE-2014-3677.patch, | |
360 | debian/patches/0001-Update-openssl-to-0.9.8za.patch: dropped, included | |
361 | in the upstream release. | |
362 | * debian/patches/sbsigntool-not-pesign,debian/patches/second-stage-path: | |
363 | refreshed. | |
364 | ||
365 | -- Mathieu Trudel-Lapierre <mathieu-tl@ubuntu.com> Mon, 11 May 2015 19:50:49 -0400 | |
366 | ||
367 | shim (0.7-0ubuntu4) utopic; urgency=medium | |
368 | ||
369 | * SECURITY UPDATE: heap overflow and out-of-bounds read access when | |
370 | parsing DHCPv6 information | |
371 | - debian/patches/CVE-2014-3675.patch: apply proper bounds checking | |
372 | when parsing data provided in DHCPv6 packets. | |
373 | - CVE-2014-3675 | |
374 | - CVE-2014-3676 | |
375 | * SECURITY UPDATE: memory corruption when processing user-provided key | |
376 | lists | |
377 | - debian/patches/CVE-2014-3677.patch: detect malformed machine owner | |
378 | key (MOK) lists and ignore them, avoiding possible memory corruption. | |
379 | - CVE-2014-3677 | |
380 | ||
381 | -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 08 Oct 2014 06:40:40 +0000 | |
382 | ||
383 | shim (0.7-0ubuntu2) utopic; urgency=medium | |
384 | ||
385 | * Restore debian/patches/prototypes, which still is needed on shim 0.7 | |
386 | but only detected on the buildds. | |
387 | * Update debian/patches/prototypes with some new declarations needed for | |
388 | openssl 0.9.8za update. | |
389 | ||
390 | -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 07 Oct 2014 16:20:08 -0700 | |
391 | ||
392 | shim (0.7-0ubuntu1) utopic; urgency=medium | |
393 | ||
394 | * New upstream release. | |
395 | - fix spurious error message when fallback.efi is not present, as will | |
396 | always be the case for removable media. LP: #1297069. | |
397 | - drop most patches, included upstream. | |
398 | * debian/patches/0001-Update-openssl-to-0.9.8za.patch: cherry-pick | |
399 | openssl 0.9.8za in via upstream. | |
400 | ||
401 | -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 07 Oct 2014 05:40:41 +0000 | |
402 | ||
403 | shim (0.4-0ubuntu5) utopic; urgency=low | |
404 | ||
405 | * Install fallback.efi.signed as well, to lay the groundwork for fallback | |
406 | handling (wanted when we have to move a drive between machines, or when | |
407 | the firmware loses its marbles^W nvram). | |
408 | ||
409 | -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 04 Aug 2014 12:11:13 +0200 | |
410 | ||
411 | shim (0.4-0ubuntu4) saucy; urgency=low | |
412 | ||
413 | * debian/patches/fix-tftp-prototype: pass the right arguments to | |
414 | EFI_PXE_BASE_CODE_TFTP_READ_FILE. | |
415 | * debian/patches/build-with-Werror: Build with -Werror to catch future | |
416 | prototype mismatches. | |
417 | * debian/patches/fix-compiler-warnings: Fix remaining compiler | |
418 | warnings in netboot.c. | |
419 | * debian/patches/tftp-proper-nul-termination: fix nul termination | |
420 | errors in filenames passed to tftp. | |
421 | * debian/patches/netboot-cleanup: roll-up of miscellaneous fixes to | |
422 | the netboot code. | |
423 | ||
424 | -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 23 Sep 2013 00:30:00 -0700 | |
425 | ||
426 | shim (0.4-0ubuntu3) saucy; urgency=low | |
427 | ||
428 | [ Steve Langasek ] | |
429 | * Install MokManager.efi.signed in the package. | |
430 | * debian/patches/no-output-by-default.patch: Don't print any | |
431 | informational messages. Closes LP: #1074302. | |
432 | ||
433 | [ Stéphane Graber ] | |
434 | * debian/patches/no-print-on-unsigned: Don't print an error message when | |
435 | validating an unsigned binary as that tends to hang Lenovo machines. | |
436 | (LP: #1087501) | |
437 | ||
438 | -- Stéphane Graber <stgraber@ubuntu.com> Thu, 08 Aug 2013 17:12:12 +0200 | |
439 | ||
440 | shim (0.4-0ubuntu2) saucy; urgency=low | |
441 | ||
442 | * Add missing build-dependency on openssl. | |
443 | ||
444 | -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 02 Jul 2013 20:30:43 +0000 | |
445 | ||
446 | shim (0.4-0ubuntu1) saucy; urgency=low | |
447 | ||
448 | * New upstream release. | |
449 | * Drop debian/patches/shim-before-loadimage; upstream has changed this to | |
450 | not call loadimage at all. | |
451 | * debian/patches/sbsigntool-not-pesign: Sign MokManager with | |
452 | sbsigntool instead of pesign. | |
453 | * Add a versioned build-dependency on gnu-efi. | |
454 | ||
455 | -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 02 Jul 2013 12:53:24 -0700 | |
456 | ||
457 | shim (0~20120906.bcd0a4e8-0ubuntu4) quantal-proposed; urgency=low | |
458 | ||
459 | * debian/patches/shim-before-loadimage: Use direct verification first | |
460 | before LoadImage. Addresses an issue where Lenovo's SecureBoot | |
461 | implementation pops an error message on any verification failure - avoid | |
462 | calling LoadImage at all unless we have to. | |
463 | ||
464 | -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 10 Oct 2012 15:28:40 -0700 | |
465 | ||
466 | shim (0~20120906.bcd0a4e8-0ubuntu3) quantal; urgency=low | |
467 | ||
468 | * debian/patches/second-stage-path: Chainload grubx64.efi, not | |
469 | grub.efi. | |
470 | ||
471 | -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 05 Oct 2012 11:20:58 -0700 | |
472 | ||
473 | shim (0~20120906.bcd0a4e8-0ubuntu2) quantal; urgency=low | |
474 | ||
475 | * debian/patches/prototypes: Include missing prototypes, and disable | |
476 | use of BIO_new_file. | |
477 | * Only build the package for amd64; we're not signing an i386 shim at this | |
478 | stage so there's no point in building it. | |
479 | ||
480 | -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 04 Oct 2012 17:47:04 +0000 | |
481 | ||
482 | shim (0~20120906.bcd0a4e8-0ubuntu1) quantal; urgency=low | |
483 | ||
484 | * Initial release. | |
485 | * Include the Canonical Secure Boot master CA. | |
486 | ||
487 | -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 04 Oct 2012 00:01:06 -0700 |