]>
Commit | Line | Data |
---|---|---|
1854cb28 MTL |
1 | shim (0.9+1465500757.14a5905-0ubuntu1) UNRELEASED; urgency=medium |
2 | ||
3 | * New upstream release. | |
110c669f MTL |
4 | - Better handle LoadOptions. |
5 | - Measure state and second stage in TPM. | |
6 | - Mirror MokSBState in runtime as MokSBStateRT. | |
7 | - Various bug fixes and other improvements. | |
8 | * Refreshed patches. | |
9 | - Remaining patches: | |
10 | + second-stage-path | |
11 | + sbsigntool-not-pesign | |
c2f285a9 | 12 | |
1854cb28 | 13 | -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Tue, 26 Jul 2016 12:02:21 -0400 |
d6f876b8 | 14 | |
8fa98d6d SL |
15 | shim (0.8-0ubuntu2) wily; urgency=medium |
16 | ||
17 | * No-change rebuild against gnu-efi 3.0v-5ubuntu1. | |
18 | ||
19 | -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 12 May 2015 17:48:30 +0000 | |
20 | ||
acd2cc1e | 21 | shim (0.8-0ubuntu1) wily; urgency=medium |
4c03444e MTL |
22 | |
23 | * New upstream release. | |
37358ddb | 24 | - Clarify meaning of insecure_mode. (LP: #1384973) |
e42efbd9 MTL |
25 | * debian/patches/CVE-2014-3675.patch, debian/patches/CVE-2014-3677.patch, |
26 | debian/patches/0001-Update-openssl-to-0.9.8za.patch: dropped, included | |
27 | in the upstream release. | |
28da53af MTL |
28 | * debian/patches/sbsigntool-not-pesign,debian/patches/second-stage-path: |
29 | refreshed. | |
4c03444e | 30 | |
acd2cc1e | 31 | -- Mathieu Trudel-Lapierre <mathieu-tl@ubuntu.com> Mon, 11 May 2015 19:50:49 -0400 |
4c03444e | 32 | |
8b0389dd | 33 | shim (0.7-0ubuntu4) utopic; urgency=medium |
3586772f SL |
34 | |
35 | * SECURITY UPDATE: heap overflow and out-of-bounds read access when | |
36 | parsing DHCPv6 information | |
37 | - debian/patches/CVE-2014-3675.patch: apply proper bounds checking | |
38 | when parsing data provided in DHCPv6 packets. | |
39 | - CVE-2014-3675 | |
40 | - CVE-2014-3676 | |
41 | * SECURITY UPDATE: memory corruption when processing user-provided key | |
42 | lists | |
43 | - debian/patches/CVE-2014-3677.patch: detect malformed machine owner | |
44 | key (MOK) lists and ignore them, avoiding possible memory corruption. | |
45 | - CVE-2014-3677 | |
46 | ||
e82e7706 | 47 | -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 08 Oct 2014 06:40:40 +0000 |
3586772f | 48 | |
bc9b5d63 | 49 | shim (0.7-0ubuntu2) utopic; urgency=medium |
172647da SL |
50 | |
51 | * Restore debian/patches/prototypes, which still is needed on shim 0.7 | |
4960f358 SL |
52 | but only detected on the buildds. |
53 | * Update debian/patches/prototypes with some new declarations needed for | |
54 | openssl 0.9.8za update. | |
172647da | 55 | |
bc9b5d63 | 56 | -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 07 Oct 2014 16:20:08 -0700 |
172647da | 57 | |
db8383ad | 58 | shim (0.7-0ubuntu1) utopic; urgency=medium |
59945b25 SL |
59 | |
60 | * New upstream release. | |
61 | - fix spurious error message when fallback.efi is not present, as will | |
62 | always be the case for removable media. LP: #1297069. | |
c61b06bc | 63 | - drop most patches, included upstream. |
1e963007 SL |
64 | * debian/patches/0001-Update-openssl-to-0.9.8za.patch: cherry-pick |
65 | openssl 0.9.8za in via upstream. | |
59945b25 | 66 | |
db8383ad | 67 | -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 07 Oct 2014 05:40:41 +0000 |
59945b25 | 68 | |
5fc0e7f6 | 69 | shim (0.4-0ubuntu5) utopic; urgency=low |
d53fb652 SL |
70 | |
71 | * Install fallback.efi.signed as well, to lay the groundwork for fallback | |
72 | handling (wanted when we have to move a drive between machines, or when | |
73 | the firmware loses its marbles^W nvram). | |
74 | ||
5fc0e7f6 | 75 | -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 04 Aug 2014 12:11:13 +0200 |
d53fb652 | 76 | |
eb32f5ba | 77 | shim (0.4-0ubuntu4) saucy; urgency=low |
50ab550a SL |
78 | |
79 | * debian/patches/fix-tftp-prototype: pass the right arguments to | |
80 | EFI_PXE_BASE_CODE_TFTP_READ_FILE. | |
c43e3c7c SL |
81 | * debian/patches/build-with-Werror: Build with -Werror to catch future |
82 | prototype mismatches. | |
83 | * debian/patches/fix-compiler-warnings: Fix remaining compiler | |
84 | warnings in netboot.c. | |
0c74470d SL |
85 | * debian/patches/tftp-proper-nul-termination: fix nul termination |
86 | errors in filenames passed to tftp. | |
84a3bbdf SL |
87 | * debian/patches/netboot-cleanup: roll-up of miscellaneous fixes to |
88 | the netboot code. | |
50ab550a | 89 | |
eb32f5ba | 90 | -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 23 Sep 2013 00:30:00 -0700 |
50ab550a | 91 | |
4c13d15a | 92 | shim (0.4-0ubuntu3) saucy; urgency=low |
0c50644a | 93 | |
0929c5e5 | 94 | [ Steve Langasek ] |
0c50644a | 95 | * Install MokManager.efi.signed in the package. |
44ecc6a3 SL |
96 | * debian/patches/no-output-by-default.patch: Don't print any |
97 | informational messages. Closes LP: #1074302. | |
0c50644a | 98 | |
0929c5e5 SG |
99 | [ Stéphane Graber ] |
100 | * debian/patches/no-print-on-unsigned: Don't print an error message when | |
101 | validating an unsigned binary as that tends to hang Lenovo machines. | |
102 | (LP: #1087501) | |
103 | ||
4c13d15a | 104 | -- Stéphane Graber <stgraber@ubuntu.com> Thu, 08 Aug 2013 17:12:12 +0200 |
0c50644a | 105 | |
6657ac38 | 106 | shim (0.4-0ubuntu2) saucy; urgency=low |
15d7c608 SL |
107 | |
108 | * Add missing build-dependency on openssl. | |
109 | ||
6657ac38 | 110 | -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 02 Jul 2013 20:30:43 +0000 |
15d7c608 | 111 | |
63eea134 | 112 | shim (0.4-0ubuntu1) saucy; urgency=low |
0565508e | 113 | |
1b5fb6c0 | 114 | * New upstream release. |
0565508e SL |
115 | * Drop debian/patches/shim-before-loadimage; upstream has changed this to |
116 | not call loadimage at all. | |
c37196e7 SL |
117 | * debian/patches/sbsigntool-not-pesign: Sign MokManager with |
118 | sbsigntool instead of pesign. | |
e77adb28 | 119 | * Add a versioned build-dependency on gnu-efi. |
0565508e | 120 | |
63eea134 | 121 | -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 02 Jul 2013 12:53:24 -0700 |
0565508e | 122 | |
3cd870ac | 123 | shim (0~20120906.bcd0a4e8-0ubuntu4) quantal-proposed; urgency=low |
3180a8dd SL |
124 | |
125 | * debian/patches/shim-before-loadimage: Use direct verification first | |
126 | before LoadImage. Addresses an issue where Lenovo's SecureBoot | |
127 | implementation pops an error message on any verification failure - avoid | |
128 | calling LoadImage at all unless we have to. | |
129 | ||
3cd870ac | 130 | -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 10 Oct 2012 15:28:40 -0700 |
3180a8dd | 131 | |
1d8992c5 | 132 | shim (0~20120906.bcd0a4e8-0ubuntu3) quantal; urgency=low |
5ea013bd SL |
133 | |
134 | * debian/patches/second-stage-path: Chainload grubx64.efi, not | |
135 | grub.efi. | |
136 | ||
1d8992c5 | 137 | -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 05 Oct 2012 11:20:58 -0700 |
5ea013bd | 138 | |
be30a850 | 139 | shim (0~20120906.bcd0a4e8-0ubuntu2) quantal; urgency=low |
76e675cb SL |
140 | |
141 | * debian/patches/prototypes: Include missing prototypes, and disable | |
142 | use of BIO_new_file. | |
63e313d7 SL |
143 | * Only build the package for amd64; we're not signing an i386 shim at this |
144 | stage so there's no point in building it. | |
76e675cb | 145 | |
be30a850 | 146 | -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 04 Oct 2012 17:47:04 +0000 |
76e675cb | 147 | |
b54fc10a | 148 | shim (0~20120906.bcd0a4e8-0ubuntu1) quantal; urgency=low |
c86d9dac SL |
149 | |
150 | * Initial release. | |
10d096d4 | 151 | * Include the Canonical Secure Boot master CA. |
c86d9dac | 152 | |
b54fc10a | 153 | -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 04 Oct 2012 00:01:06 -0700 |