Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

shim-0.9-10.1 RPM for x86_64

From OpenSuSE leap updates for 42.1 / oss / x86_64

Name: shim Distribution: openSUSE Leap 42.1
Version: 0.9 Vendor: openSUSE
Release: 10.1 Build date: Tue Jun 14 15:22:33 2016
Group: System/Boot Build host: cloud131
Size: 2399633 Source RPM: shim-TW-0.9-10.1.src.rpm
Packager: http://bugs.opensuse.org
Summary: UEFI shim loader
shim is a trivial EFI application that, when run, attempts to open and
execute another application.

Provides

Requires

License

BSD-2-Clause

Changelog

* Tue Jun 14 2016 glin@suse.com
  - Update shim-install
    + support simple MD RAID1 target devices (FATE#314829)
    + shim-install : fix typing ESC can escape to parent config which
      is in command mode and cannot return back (bsc#966701)
    + shim-install : fix no which command for JeOS (bsc#968264,
      boo#984391)
* Mon Jan 04 2016 glin@suse.com
  - Specify the package name for %post script (boo#960529)
  - Add perl-bootloader to Requires of shim
* Thu Dec 03 2015 jsegitz@novell.com
  - acquired updated signature from Microsoft
* Mon Nov 09 2015 glin@suse.com
  - Add shim-bsc950569-fix-cryptlib-va-functions.patch to fix the
    definition of va functions to avoid the potential crash
    (bsc#950569)
  - Update shim-opensuse-cert-prompt.patch to avoid setting NULL to
    MokListRT (bsc#950801)
  - Drop shim-fix-mokmanager-sections.patch as we are using the
    newer binutils now
  - Refresh shim-change-debug-file-path.patch
* Fri Oct 09 2015 coolo@suse.com
  - add %post from the real shim.spec
* Thu Oct 08 2015 jsegitz@novell.com
  - acquired updated signature from Microsoft
* Tue Sep 15 2015 mchang@suse.com
  - shim-install : set default GRUB_DISTRIBUTOR from /etc/os-release
    if it is empty or not set by user (bsc#942519)
* Thu Jul 16 2015 glin@suse.com
  - Add shim-update-openssl-1.0.2d.patch to update openssl to 1.0.2d
  - Refresh shim-gcc5.patch and add it back since we really need it
  - Add shim-change-debug-file-path.patch to change the debug file
    path in shim.efi
    + also add the debuginfo and debugsource subpackages
  - Drop shim-fix-gnu-efi-30w.patch which is not necessary anymore
* Mon Jul 06 2015 glin@suse.com
  - Update to 0.9
  - Refresh patches
    + shim-fix-gnu-efi-30w.patch
    + shim-fix-mokmanager-sections.patch
    + shim-opensuse-cert-prompt.patch
  - Drop upstreamed patches
    + shim-bsc920515-fix-fallback-buffer-length.patch
    + shim-mokx-support.patch
    + shim-update-cryptlib.patch
  - Drop shim-bsc919675-uninstall-shim-protocols.patch since
    upstream fixed the bug in another way.
  - Drop shim-gcc5.patch which was fixed in another way
* Wed Apr 08 2015 glin@suse.com
  - Fix tags in the spec file
* Tue Apr 07 2015 glin@suse.com
  - Add shim-update-cryptlib.patch to update Cryptlib to r16559 and
    openssl to 0.9.8zf
  - Add shim-bsc919675-uninstall-shim-protocols.patch to uninstall
    the shim protocols at Exit (bsc#919675)
  - Add shim-bsc920515-fix-fallback-buffer-length.patch to adjust
    the buffer size for the boot options (bsc#920515)
  - Refresh shim-opensuse-cert-prompt.patch
* Thu Apr 02 2015 crrodriguez@opensuse.org
  - shim-gcc5.patch: shim needs -std=gnu89 to build with GCC5
* Tue Feb 17 2015 mchang@suse.com
  - shim-install : fix cryptodisk installation (boo#917427)
* Tue Nov 11 2014 glin@suse.com
  - Add shim-fix-mokmanager-sections.patch to fix the objcopy
    parameters for the EFI files
* Tue Oct 28 2014 glin@suse.com
  - Update to 0.8
  - Add shim-fix-gnu-efi-30w.patch to adapt the change in
    gnu-efi-3.0w
  - Merge shim-signed-unsigned-compares.patch,
    shim-mokmanager-support-sha-family.patch and
    shim-bnc863205-mokmanager-fix-hash-delete.patch into
    shim-mokx-support.patch
  - Refresh shim-opensuse-cert-prompt.patch
  - Drop upstreamed patches: shim-update-openssl-0.9.8zb.patch,
    bug-889332_shim-overflow.patch, and bug-889332_shim-mok-oob.patch
  - Enable aarch64
* Mon Oct 13 2014 jsegitz@novell.com
  - Fixed buffer overflow and OOB access in shim trusted code path
    (bnc#889332, CVE-2014-3675, CVE-2014-3676, CVE-2014-3677)
    * added bug-889332_shim-mok-oob.patch, bug-889332_shim-overflow.patch
  - Added new certificate by Microsoft
* Wed Sep 03 2014 lnussel@suse.de
  - re-introduce build failure if shim_enforce_ms_signature is defined. That way
    a project like openSUSE:Factory can decide whether or not shim needs a valid
    MS signature.
* Tue Aug 19 2014 glin@suse.com
  - Add shim-update-openssl-0.9.8zb.patch to update openssl to
    0.9.8zb
* Tue Aug 12 2014 jsegitz@suse.com
  - updated shim to new version (OpenSSL 0.9.8za) and requested a new
    certificate from Microsoft. Removed
    * shim-allow-fallback-use-system-loadimage.patch
    * shim-bnc872503-check-key-encoding.patch
    * shim-bnc877003-fetch-from-the-same-device.patch
    * shim-correct-user_insecure-usage.patch
    * shim-fallback-avoid-duplicate-bootorder.patch
    * shim-fallback-improve-entries-creation.patch
    * shim-fix-dhcpv4-path-generation.patch
    * shim-fix-uninitialized-variable.patch
    * shim-fix-verify-mok.patch
    * shim-get-variable-check.patch
    * shim-improve-error-messages.patch
    * shim-mokmanager-delete-bs-var-right.patch
    * shim-mokmanager-handle-keystroke-error.patch
    * shim-remove-unused-variables.patch
    since they're included in upstream and rebased the remaining onces.
    Added shim-signed-unsigned-compares.patch to fix some compiler
    warnings
* Tue Aug 12 2014 glin@suse.com
  - Keep shim-devel.efi for the devel project
* Fri Aug 08 2014 lnussel@suse.de
  - don't fail the build if the UEFI signing service signature can't
    be attached anymore. This way shim can still pass through staging
    projects. We will verify the correct signature for release builds
    using openQA instead.
* Mon Aug 04 2014 mchang@suse.com
  - shim-install: fix GRUB shows broken letters at boot by calling
    grub2-install to initialize /boot/grub2 directory with files
    needed by grub.cfg (bnc#889765)
* Wed May 28 2014 glin@suse.com
  - Add shim-remove-unused-variables.patch to remove the unused
    variables
  - Add shim-bnc872503-check-key-encoding.patch to check the encoding
    of the keys (bnc#872503)
  - Add shim-bnc877003-fetch-from-the-same-device.patch to fetch the
    netboot image from the same device (bnc#877003)
  - Refresh shim-opensuse-cert-prompt.patch
* Wed May 14 2014 glin@suse.com
  - Use --reinit instead of --refresh in %post to update the files
    in /boot
* Tue Apr 29 2014 mchang@suse.com
  - shim-install: fix boot partition and rollback support kluge
    (bnc#875385)
* Thu Apr 10 2014 glin@suse.com
  - Replace shim-mokmanager-support-sha1.patch with
    shim-mokmanager-support-sha-family.patch to support the SHA
    family
* Mon Apr 07 2014 glin@suse.com
  - Add shim-mokmanager-support-sha1.patch to support SHA1 hashes in
    MOK
* Mon Mar 31 2014 mchang@suse.com
  - snapper rollback support (fate#317062)
    - refresh shim-install
* Thu Mar 13 2014 glin@suse.com
  - Insert the right signature (bnc#867974)
* Mon Mar 10 2014 glin@suse.com
  - Add shim-fix-uninitialized-variable.patch to fix the use of
    uninitialzed variables in lib
* Fri Mar 07 2014 glin@suse.com
  - Add shim-mokmanager-delete-bs-var-right.patch to delete the BS+NV
    variables the right way
  - Update shim-opensuse-cert-prompt.patch to delete openSUSE_Verify
    correctly
* Thu Mar 06 2014 glin@suse.com
  - Add shim-fallback-avoid-duplicate-bootorder.patch to fix the
    duplicate entries in BootOrder
  - Add shim-allow-fallback-use-system-loadimage.patch to handle the
    shim protocol properly to keep only one protocol entity
  - Refresh shim-opensuse-cert-prompt.patch
* Thu Mar 06 2014 mchang@suse.com
  - shim-install: fix the $prefix to use grub2-mkrelpath for paths
    on btrfs subvolume (bnc#866690).
* Tue Mar 04 2014 glin@suse.com
  - FATE#315002: Update shim-install to install shim.efi as the EFI
    default bootloader when none exists in \EFI\boot.
* Thu Feb 27 2014 fcrozat@suse.com
  - Update signature-sles.asc: shim signed by UEFI signing service,
    based on code from "Thu Feb 20 11:57:01 UTC 2014"
* Fri Feb 21 2014 glin@suse.com
  - Add shim-opensuse-cert-prompt.patch to show the prompt to ask
    whether the user trusts the openSUSE certificate or not
* Thu Feb 20 2014 lnussel@suse.de
  - allow package to carry multiple signatures
  - check correct certificate is embedded
* Thu Feb 20 2014 lnussel@suse.de
  - always clean up generated files that embed certificates
    (shim_cert.h shim.cer shim.crt) to make sure next build loop
    rebuilds them properly
* Mon Feb 17 2014 glin@suse.com
  - Add shim-bnc863205-mokmanager-fix-hash-delete.patch to fix the
    hash deletion operation to avoid ruining the whole list
    (bnc#863205)
* Tue Feb 11 2014 glin@suse.com
  - Update shim-mokx-support.patch to support the resetting of MOK
    blacklist
  - Add shim-get-variable-check.patch to fix the variable checking
    in get_variable_attr
  - Add shim-fallback-improve-entries-creation.patch to improve the
    boot entry pathes and avoid generating the boot entries that
    are already there
  - Update SUSE certificate
  - Update attach_signature.sh, show_hash.sh, strip_signature.sh,
    extract_signature.sh and show_signatures.sh to remove the
    creation of the temporary nss database
  - Add shim-only-os-name.patch: remove the kernel version of the
    build server
  - Match the the prefix of the project name properly by escaping the
    percent sign.
* Wed Jan 22 2014 lnussel@suse.de
  - enable signature assertion also in SUSE: hierarchy
* Fri Dec 06 2013 glin@suse.com
  - Add shim-mokmanager-handle-keystroke-error.patch to handle the
    error status from ReadKeyStroke to avoid unexpected keys
* Thu Dec 05 2013 glin@suse.com
  - Update to 0.7
  - Add upstream patches:
    + shim-fix-verify-mok.patch
    + shim-improve-error-messages.patch
    + shim-correct-user_insecure-usage.patch
    + shim-fix-dhcpv4-path-generation.patch
  - Add shim-mokx-support.patch to support the MOK blacklist
    (Fate#316531)
  - Drop upstreamed patches
    + shim-fix-pointer-casting.patch
    + shim-merge-lf-loader-code.patch
    + shim-fix-simple-file-selector.patch
    + shim-mokmanager-support-crypt-hash-method.patch
    + shim-bnc804631-fix-broken-bootpath.patch
    + shim-bnc798043-no-doulbe-separators.patch
    + shim-bnc807760-change-pxe-2nd-loader-name.patch
    + shim-bnc808106-correct-certcount.patch
    + shim-mokmanager-ui-revamp.patch
    + shim-netboot-fixes.patch
    + shim-mokmanager-disable-gfx-console.patch
  - Drop shim-suse-build.patch: it's not necessary anymore
  - Drop shim-bnc841426-silence-shim-protocols.patch: shim is not
    verbose by default
* Thu Oct 31 2013 fcrozat@suse.com
  - Update microsoft.asc: shim signed by UEFI signing service, based
    on code from "Tue Oct  1 04:29:29 UTC 2013".
* Tue Oct 01 2013 glin@suse.com
  - Add shim-netboot-fixes.patch to include upstream netboot fixes
  - Add shim-mokmanager-disable-gfx-console.patch to disable the
    graphics console to avoid system hang on some machines
  - Add shim-bnc841426-silence-shim-protocols.patch to silence the
    shim protocols (bnc#841426)
* Wed Sep 25 2013 glin@suse.com
  - Create boot.csv in ESP for fallback.efi to restore the boot entry
* Tue Sep 17 2013 fcrozat@suse.com
  - Update microsoft.asc: shim signed by UEFI signing service, based
    on code from "Fri Sep  6 13:57:36 UTC 2013".
  - Improve extract_signature.sh to work on current path.
* Fri Sep 06 2013 lnussel@suse.de
  - set timestamp of PE file to time of the binary the signature was
    made for.
  - make sure cert.o get's rebuilt for each target
* Fri Sep 06 2013 fcrozat@suse.com
  - Update microsoft.asc: shim signed by UEFI signing service, based
    on code from "Wed Aug 28 15:54:38 UTC 2013"
* Wed Aug 28 2013 lnussel@suse.de
  - always build a shim that embeds the distro's certificate (e.g.
    shim-opensuse.efi). If the package is built in the devel project
    additionally shim-devel.efi is created. That allows us to either
    load grub2/kernel signed by the distro or signed by the devel
    project, depending on use case. Also shim-$distro.efi from the
    devel project can be used to request additional signatures.
* Wed Aug 28 2013 lnussel@suse.de
  - also include old openSUSE 4096 bit certificate to be able to still
    boot kernels signed with that key.
  - add show_signatures script
* Tue Aug 27 2013 lnussel@suse.de
  - replace the 4096 bit openSUSE UEFI CA certificate with new a
    standard compliant 2048 bit one.
* Tue Aug 20 2013 lnussel@suse.de
  - fix shell syntax error
* Wed Aug 07 2013 lnussel@suse.de
  - don't include binary in the sources. Instead package the raw
    signature and attach it during build (bnc#813448).
* Tue Jul 30 2013 glin@suse.com
  - Update shim-mokmanager-ui-revamp.patch to include fixes for
    MokManager
    + reboot the system after clearing MOK password
    + fetch more info from X509 name
    + check the suffix of the key file
* Tue Jul 23 2013 glin@suse.com
  - Update to 0.4
  - Rebase patches
    + shim-suse-build.patch
    + shim-mokmanager-support-crypt-hash-method.patch
    + shim-bnc804631-fix-broken-bootpath.patch
    + shim-bnc798043-no-doulbe-separators.patch
    + shim-bnc807760-change-pxe-2nd-loader-name.patch
    + shim-bnc808106-correct-certcount.patch
    + shim-mokmanager-ui-revamp.patch
  - Add patches
    + shim-merge-lf-loader-code.patch: merge the Linux Foundation
      loader UI code
    + shim-fix-pointer-casting.patch: fix a casting issue and the
      size of an empty vendor cert
    + shim-fix-simple-file-selector.patch: fix the buffer allocation
      in the simple file selector
  - Remove upstreamed patches
    + shim-support-mok-delete.patch
    + shim-reboot-after-changes.patch
    + shim-clear-queued-key.patch
    + shim-local-key-sign-mokmanager.patch
    + shim-get-2nd-stage-loader.patch
    + shim-fix-loadoptions.patch
  - Remove unused patch: shim-mokmanager-new-pw-hash.patch and
    shim-keep-unsigned-mokmanager.patch
  - Install the vendor certificate to /etc/uefi/certs
* Wed May 08 2013 glin@suse.com
  - Add shim-mokmanager-ui-revamp.patch to update the MokManager UI
* Wed Apr 03 2013 glin@suse.com
  - Call update-bootloader in %post to update *.efi in \efi\opensuse
    (bnc#813079)
* Fri Mar 08 2013 glin@suse.com
  - Add shim-bnc807760-change-pxe-2nd-loader-name.patch to change the
    PXE 2nd stage loader name (bnc#807760)
  - Add shim-bnc808106-correct-certcount.patch to correct the
    certificate count of the signature list (bnc#808106)
* Fri Mar 01 2013 glin@suse.com
  - Add shim-bnc798043-no-doulbe-separators.patch to remove double
    seperators from the bootpath (bnc#798043#c4)
* Thu Feb 28 2013 lnussel@suse.de
  - sign shim also with openSUSE certificate
* Wed Feb 27 2013 mls@suse.de
  - identify project, export certificate as DER file
  - don't create an unused extra keypair
* Thu Feb 21 2013 glin@suse.com
  - Add shim-bnc804631-fix-broken-bootpath.patch to fix the broken
    bootpath generated in generate_path(). (bnc#804631)
* Mon Feb 11 2013 fcrozat@suse.com
  - Update with shim signed by UEFI signing service, based on code
    from "Thu Feb  7 06:56:19 UTC 2013".
* Thu Feb 07 2013 lnussel@suse.de
  - prepare for having a signed shim from the UEFI signing service
* Thu Feb 07 2013 glin@suse.com
  - Sign shim-opensuse.efi and MokManager.efi with the openSUSE cert
  - Add shim-keep-unsigned-mokmanager.patch to keep the unsigned
    MokManager and sign it later.
* Wed Feb 06 2013 mchang@suse.com
  - Add shim-install utility
  - Add Recommends to grub2-efi
* Wed Jan 30 2013 glin@suse.com
  - Add shim-mokmanager-support-crypt-hash-method.patch to support
    password hash from /etc/shadow (FATE#314506)
* Tue Jan 29 2013 glin@suse.com
  - Embed openSUSE-UEFI-CA-Certificate.crt in shim
  - Rename shim-unsigned.efi to shim-opensuse.efi.
* Fri Jan 18 2013 glin@suse.com
  - Update shim-mokmanager-new-pw-hash.patch to extend the password
    hash format
  - Rename shim.efi as shim-unsigned.efi
* Wed Jan 16 2013 glin@suse.com
  - Merge patches for FATE#314506
    + Add shim-support-mok-delete.patch to add support for deleting
      specific keys
    + Add shim-mokmanager-new-pw-hash.patch to support the new
      password hash.
  - Drop shim-correct-mok-size.patch which is included in
    shim-support-mok-delete.patch
  - Merge shim-remove-debug-code.patch and
    shim-local-sign-mokmanager.patch into
    shim-local-key-sign-mokmanager.patch
  - Install COPYRIGHT
* Tue Jan 15 2013 glin@suse.com
  - Add shim-fix-loadoptions.patch to adopt the UEFI shell style
    LoadOptions (bnc#798043)
  - Drop shim-check-pk-kek.patch since upstream rejected the patch
    due to violation of SPEC.
  - Install EFI binaries to /usr/lib64/efi
* Wed Dec 26 2012 glin@suse.com
  - Update shim-reboot-after-changes.patch to avoid rebooting the
    system after enrolling keys/hashes from the file system
  - Add shim-correct-mok-size.patch to correct the size of MOK
  - Add shim-clear-queued-key.patch to clear the queued key and show
    the menu properly
* Wed Dec 12 2012 fcrozat@suse.com
  - Remove shim-rpmlintrc, it wasn't fixing the error, hide error
    stdout to prevent post build check to get triggered by cast
    warnings in openSSL code
  - Add shim-remove-debug-code.patch: remove debug code
* Wed Dec 12 2012 glin@suse.com
  - Add shim-rpmlintrc to filter 64bit portability errors
* Tue Dec 11 2012 glin@suse.com
  - Add shim-local-sign-mokmanager.patch to create a local certicate
    to sign MokManager
  - Add shim-get-2nd-stage-loader.patch to get the second stage
    loader path from the load options
  - Add shim-check-pk-kek.patch to verify EFI images with PK and KEK
  - Add shim-reboot-after-changes.patch to reboot the system after
    enrolling or erasing keys
  - Install the EFI images to /usr/lib64/shim instead of the EFI
    partition
  - Update the mail address of the author
* Fri Nov 02 2012 glin@suse.com
  - Add new package shim 0.2 (FATE#314484)
    + It's in fact git 2fd180a92 since there is no tag for 0.2

Files

/etc/uefi
/etc/uefi/certs
/etc/uefi/certs/4659838C.crt
/usr/lib64/efi
/usr/lib64/efi/MokManager.efi
/usr/lib64/efi/fallback.efi
/usr/lib64/efi/shim-opensuse.der
/usr/lib64/efi/shim-opensuse.efi
/usr/lib64/efi/shim.efi
/usr/sbin/shim-install
/usr/share/doc/packages/shim
/usr/share/doc/packages/shim/COPYRIGHT


Generated by rpm2html 1.8.1

Fabrice Bellet, Wed Oct 11 01:45:51 2017