pool/shim
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
153 Commits 2 Branches 0 Tags 16 MiB
e8b8c97820
Commit Graph

128 Commits

Author SHA256 Message Date
Joey Lee
e8b8c97820 Accepting request 1035798 from home:joeyli:branches:devel:openSUSE:Factory 
Add shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch for backporting the following patches between 15.6 with aa1b289a1a (jsc#PED-127)

OBS-URL: https://build.opensuse.org/request/show/1035798
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=194
 2022-11-15 09:50:55 +00:00
Joey Lee
2386bd59cb Accepting request 1002927 from home:KHanich:branches:devel:openSUSE:Factory 
- Add logic to shim.spec to only set sbat policy when efivarfs is writeable.
  (bsc#1201066)

OBS-URL: https://build.opensuse.org/request/show/1002927
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=192
 2022-09-16 06:35:39 +00:00
Joey Lee
a379c7b18b Accepting request 993203 from home:joeyli:branches:devel:openSUSE:Factory 
Add logic to shim.spec for detecting --set-sbat-policy option before using mokutil to set sbat policy. (bsc#1202120)

OBS-URL: https://build.opensuse.org/request/show/993203
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=191
 2022-08-05 05:58:36 +00:00
Joey Lee
63fb624566 Accepting request 991618 from home:joeyli:branches:devel:openSUSE:Factory 
Change the URL in SBAT section to mail:security@suse.de. (bsc#1193282)

OBS-URL: https://build.opensuse.org/request/show/991618
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=190
 2022-07-29 02:47:14 +00:00
Joey Lee
3bb7cc18a5 Accepting request 991171 from home:joeyli:branches:devel:openSUSE:Factory 
Revoked the change in shim.spec for use common SBAT values (boo#1193282) (bsc#1198458)

OBS-URL: https://build.opensuse.org/request/show/991171
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=189
 2022-07-26 04:16:19 +00:00
Joey Lee
20e705b979 Accepting request 971203 from home:lnussel:branches:Base:System 
- use common SBAT values (boo#1193282)

OBS-URL: https://build.opensuse.org/request/show/971203
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=188
 2022-07-14 02:23:22 +00:00
Joey Lee
7410f7aef0 Accepting request 985418 from home:joeyli:branches:devel:openSUSE:Factory 
Update to 15.6 (bsc#1198458)

OBS-URL: https://build.opensuse.org/request/show/985418
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=187
 2022-06-28 05:59:27 +00:00
Gary Ching-Pang Lin
182fd24b7c Accepting request 903339 from home:gary_lin:branches:devel:openSUSE:Factory 
avoid deleting the mirrored RT variables (bsc#1187696)

OBS-URL: https://build.opensuse.org/request/show/903339
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=186
 2021-07-01 06:13:57 +00:00
Gary Ching-Pang Lin
4e7f70bc3a Accepting request 901235 from home:gary_lin:branches:devel:openSUSE:Factory 
- Add shim-bsc1185232-fix-config-table-copying.patch to avoid
  buffer overflow when copying data to the MOK config table
  (bsc#1185232)

OBS-URL: https://build.opensuse.org/request/show/901235
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=185
 2021-06-22 02:03:16 +00:00
Gary Ching-Pang Lin
32f6f1f55a Accepting request 901053 from home:gary_lin:branches:devel:openSUSE:Factory 
- Add shim-disable-export-vendor-dbx.patch to disable exporting
  vendor-dbx to MokListXRT since writing a large RT variable
  could crash some machines (bsc#1185261)
- Add shim-bsc1187260-fix-efi-1.10-machines.patch to avoid the
  potential crash when calling QueryVariableInfo in EFI 1.10
  machines (bsc#1187260)

- Add shim-fix-aa64-relsz.patch to fix the size of rela sections
  for AArch64
  Fix: https://github.com/rhboot/shim/issues/371

OBS-URL: https://build.opensuse.org/request/show/901053
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=184
 2021-06-21 02:58:46 +00:00
Gary Ching-Pang Lin
b128f342b9 Accepting request 900008 from home:gary_lin:branches:devel:openSUSE:Factory 
ignore the odd LoadOptions length (bsc#1185232)

OBS-URL: https://build.opensuse.org/request/show/900008
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=183
 2021-06-15 03:59:23 +00:00
Gary Ching-Pang Lin
7f83b4b531 Accepting request 894182 from home:gary_lin:branches:devel:openSUSE:Factory 
- shim-install: instead of assuming "removable" for Azure, remove
  fallback.efi from \EFI\Boot and copy grub.efi/cfg to \EFI\Boot
  to make \EFI\Boot bootable and keep the boot option created by
  efibootmgr (bsc#1185464, bsc#1185961)

- Add shim-bsc1185261-relax-import_mok_state-check.patch to relax
  the check for import_mok_state() when Secure Boot is off.
  (bsc#1185261)

OBS-URL: https://build.opensuse.org/request/show/894182
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=181
 2021-05-19 01:26:58 +00:00
Gary Ching-Pang Lin
f94c2e5bcf Accepting request 890839 from home:gary_lin:branches:devel:openSUSE:Factory 
- Add shim-bsc1185621-relax-max-var-sz-check.patch to relax the
  maximum variable size check for u-boot (bsc#1185621)

- Add shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch
  to handle ignore_db and user_insecure_mode correctly
  (bsc#1185441)

OBS-URL: https://build.opensuse.org/request/show/890839
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=179
 2021-05-06 03:35:27 +00:00
Gary Ching-Pang Lin
14a92e6f61 Accepting request 888994 from home:gary_lin:branches:devel:openSUSE:Factory 
- Split the keys in vendor-dbx.bin to vendor-dbx-sles and
  vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce
  the size of MokListXRT (bsc#1185261) 
  + Also update generate-vendor-dbx.sh in dbx-cert.tar.xz

OBS-URL: https://build.opensuse.org/request/show/888994
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=178
 2021-04-28 10:01:26 +00:00
Gary Ching-Pang Lin
0f47283b84 Accepting request 883796 from home:gary_lin:branches:devel:openSUSE:Factory 
- avoid the error message during linux system boot (bsc#1184454)
- prevent the build id being added to the binary. That can cause issues with the signature

OBS-URL: https://build.opensuse.org/request/show/883796
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=177
 2021-04-08 09:16:46 +00:00
Gary Ching-Pang Lin
1354ba095a Accepting request 882314 from home:gary_lin:branches:devel:openSUSE:Factory 
Update to 15.4 (bsc#1182057)

OBS-URL: https://build.opensuse.org/request/show/882314
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=176
 2021-03-31 08:55:10 +00:00
Gary Ching-Pang Lin
bbfcbff67b Accepting request 881822 from home:gary_lin:branches:devel:openSUSE:Factory 
change the SBAT variable name and enhance the handling of SBAT (bsc#1182057)

OBS-URL: https://build.opensuse.org/request/show/881822
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=175
 2021-03-29 07:54:46 +00:00
Gary Ching-Pang Lin
0fc0214e26 Accepting request 880833 from home:gary_lin:branches:devel:openSUSE:Factory 
- Update to 15.3 for SBAT support (bsc#1182057)

OBS-URL: https://build.opensuse.org/request/show/880833
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=173
 2021-03-24 03:16:20 +00:00
Gary Ching-Pang Lin
b9c4429460 Accepting request 878250 from home:gary_lin:branches:devel:openSUSE:Factory 
- Refresh shim-bsc1182776-fix-crash-at-exit.patch to do the cleanup
  also when Secure Boot is disabled (bsc#1183213, bsc#1182776)
- Merged linker-version.pl into timestamp.pl and add the linker
  version to signature files accordingly

OBS-URL: https://build.opensuse.org/request/show/878250
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=172
 2021-03-11 03:36:34 +00:00
Gary Ching-Pang Lin
cce479bdc0 Accepting request 877543 from home:gary_lin:branches:devel:openSUSE:Factory 
- Add shim-bsc1182776-fix-crash-at-exit.patch to fix the potential
  crash at Exit() (bsc#1182776)

OBS-URL: https://build.opensuse.org/request/show/877543
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=171
 2021-03-08 03:42:43 +00:00
Gary Ching-Pang Lin
e3245db390 Accepting request 865543 from home:gary_lin:branches:devel:openSUSE:Factory 
- Update the SLE signature
- Exclude some patches from x86_64 to avoid breaking the signature
- Add shim-correct-license-in-headers.patch back for x86_64 to
  match the SLE signature
- Add linker-version.pl to modify the EFI/PE header to match the
  SLE signature

OBS-URL: https://build.opensuse.org/request/show/865543
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=170
 2021-01-22 04:22:49 +00:00
Gary Ching-Pang Lin
877a8b9828 Accepting request 845885 from home:gary_lin:branches:devel:openSUSE:Factory 
- Disable the signature attachment for AArch64 temporarily until we get a real one.

OBS-URL: https://build.opensuse.org/request/show/845885
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=169
 2020-11-04 06:15:49 +00:00
Gary Ching-Pang Lin
ad2aeff5ac Accepting request 845367 from home:gary_lin:branches:devel:openSUSE:Factory 
- Add shim-bsc1177315-verify-eku-codesign.patch to check CodeSign
  in the signer's EKU (bsc#1177315)
- Add shim-bsc1177789-fix-null-pointer-deref-AuthenticodeVerify.patch
  to fix NULL pointer dereference in AuthenticodeVerify()
  (bsc#1177789, CVE-2019-14584)
- shim-install: Support changing default shim efi binary in
  /usr/etc/default/shim and /etc/default/shim (bsc#1177315)
- Add shim-bsc1177315-fix-buffer-use-after-free.patch to fix buffer
  use-after-free at the end of the EKU verification (bsc#1177315)

OBS-URL: https://build.opensuse.org/request/show/845367
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=168
 2020-11-03 06:49:18 +00:00
Gary Ching-Pang Lin
a14628c7b5 Accepting request 841727 from home:gary_lin:branches:devel:openSUSE:Factory 
- Add shim-bsc1177404-fix-a-use-of-strlen.patch to fix the length
  of the option data string to launch the program correctly
  (bsc#1177404)
- Add shim-bsc1175509-more-tpm-fixes.patch to fix the file path
  in the tpm even log (bsc#1175509)

OBS-URL: https://build.opensuse.org/request/show/841727
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=167
 2020-10-14 09:22:20 +00:00
Gary Ching-Pang Lin
6cefe7b10f Accepting request 834242 from home:gary_lin:branches:devel:openSUSE:Factory 
- Add shim-VLogError-Avoid-Null-pointer-dereferences.patch to fix
  VLogError crash in AArch64 (jsc#SLE-15824)
- Add shim-fix-verify-eku.patch to fix the potential crash at
  verify_eku() (jsc#SLE-15824)
- Add shim-do-not-write-string-literals.patch to fix the potential
  crash when accessing the DEFAULT_LOADER string (jsc#SLE-15824)

OBS-URL: https://build.opensuse.org/request/show/834242
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=166
 2020-09-14 08:23:32 +00:00
Gary Ching-Pang Lin
0e2b985c49 Accepting request 832350 from home:Guillaume_G:branches:devel:openSUSE:Factory 
- Enable build on aarch64

OBS-URL: https://build.opensuse.org/request/show/832350
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=165
 2020-09-07 01:45:46 +00:00
Gary Ching-Pang Lin
4e169f6be0 Accepting request 828385 from home:gary_lin:branches:devel:openSUSE:Factory 
fix the TPM2 measurement (bsc#1175509)

OBS-URL: https://build.opensuse.org/request/show/828385
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=163
 2020-08-21 06:24:52 +00:00
Gary Ching-Pang Lin
ca285f90f5 Accepting request 824673 from home:gary_lin:branches:devel:openSUSE:Factory 
Amend the check of %shim_enforce_ms_signature so that we can disable the signature check by defining shim_enforce_ms_signature as 0

OBS-URL: https://build.opensuse.org/request/show/824673
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=162
 2020-08-06 10:25:36 +00:00
Gary Ching-Pang Lin
761179927f Accepting request 824566 from home:gary_lin:branches:devel:openSUSE:Factory 
Updated openSUSE signature

OBS-URL: https://build.opensuse.org/request/show/824566
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=161
 2020-08-06 03:10:22 +00:00
Gary Ching-Pang Lin
1a492cd8bd Accepting request 822928 from home:gary_lin:branches:devel:openSUSE:Factory 
Update the license header patch (bsc#1174512)

OBS-URL: https://build.opensuse.org/request/show/822928
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=160
 2020-07-27 07:40:45 +00:00
Gary Ching-Pang Lin
f0bb3978c4 Accepting request 819890 from home:gary_lin:branches:devel:openSUSE:Factory 
only check EFI variable copying when Secure Boot is enabled (bsc#1173411)

OBS-URL: https://build.opensuse.org/request/show/819890
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=158
 2020-07-10 07:26:45 +00:00
Gary Ching-Pang Lin
d2c2a9d07b Accepting request 789643 from home:gary_lin:branches:devel:openSUSE:Factory 
Use "suse_version" instead of "sle_version" to avoid shim_lib64_share_compat being set in Tumbleweed forever.

OBS-URL: https://build.opensuse.org/request/show/789643
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=156
 2020-03-30 06:34:16 +00:00
Gary Ching-Pang Lin
e0cafca96d - Add shim-fix-gnu-efi-3.0.11.patch to fix the build error caused 
by the upgrade of gnu-efi

OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=155
 2020-03-16 09:43:20 +00:00
Gary Ching-Pang Lin
441cbe7c4c Accepting request 723852 from home:gary_lin:branches:devel:openSUSE:Factory 
Fix a typo in shim-install (bsc#1145802)

OBS-URL: https://build.opensuse.org/request/show/723852
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=153
 2019-08-16 04:12:38 +00:00
Gary Ching-Pang Lin
283ffe9359 - Add gcc9-fix-warnings.patch (bsc#1121268). 
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=152
 2019-04-19 10:33:47 +00:00
Gary Ching-Pang Lin
63fdae9097 Accepting request 679210 from home:marxin:branches:devel:openSUSE:Factory 
- Add gcc9-fix-warnings.patch (bsc#1121268).

OBS-URL: https://build.opensuse.org/request/show/679210
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=151
 2019-04-19 10:28:20 +00:00
Gary Ching-Pang Lin
34ba35f99d Accepting request 694230 from home:gary_lin:branches:devel:openSUSE:Factory 
Add shim-opensuse-signed.efi, the openSUSE shim-15+git47 binary (bsc#1113225)

OBS-URL: https://build.opensuse.org/request/show/694230
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=150
 2019-04-15 10:37:44 +00:00
Gary Ching-Pang Lin
21b22c170b Accepting request 693691 from home:gary_lin:branches:devel:openSUSE:Factory 
- Disable AArch64 build (FATE#325971)
- Updated shim signature: signature-sles.x86_64.asc (bsc#1120026)

OBS-URL: https://build.opensuse.org/request/show/693691
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=149
 2019-04-12 10:19:00 +00:00
Gary Ching-Pang Lin
cffc5113b4 Accepting request 676201 from home:rwill:branches:Base:System 
- Fix conditions for '/usr/share/efi'-move  (FATE#326960)

OBS-URL: https://build.opensuse.org/request/show/676201
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=148
 2019-02-15 03:26:41 +00:00
Gary Ching-Pang Lin
6613ee1088 Accepting request 668949 from home:gary_lin:branches:devel:openSUSE:Factory 
Amend shim.spec to remove $RPM_BUILD_ROOT

OBS-URL: https://build.opensuse.org/request/show/668949
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=147
 2019-01-28 03:29:25 +00:00
Gary Ching-Pang Lin
f402a003c4 Accepting request 668546 from home:gary_lin:branches:devel:openSUSE:Factory 
- Move 'efi'-executables to '/usr/share/efi'  (FATE#326960)
  (preparing the move to 'noarch' for this package)

OBS-URL: https://build.opensuse.org/request/show/668546
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=146
 2019-01-25 09:28:34 +00:00
Gary Ching-Pang Lin
426b9f297b Accepting request 665689 from home:gary_lin:branches:devel:openSUSE:Factory 
Update shim-install to handle the partitioned MD devices (bsc#1119762, bsc#1119763)

OBS-URL: https://build.opensuse.org/request/show/665689
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=145
 2019-01-14 10:23:56 +00:00
Gary Ching-Pang Lin
f7b3e9f399 Accepting request 660225 from home:gary_lin:branches:devel:openSUSE:Factory 
- Update to 15+git47 (bsc#1120026, FATE#325971)
- Retire the old openSUSE 4096 bit certificate

OBS-URL: https://build.opensuse.org/request/show/660225
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=144
 2018-12-20 08:53:52 +00:00
Gary Ching-Pang Lin
a0cfc31263 Accepting request 655465 from home:gary_lin:branches:devel:openSUSE:Factory 
- Update shim-install to specify the target for grub2-install and
  change the boot efi file name according to the architecture
  (bsc#1118363, FATE#325971)

OBS-URL: https://build.opensuse.org/request/show/655465
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=143
 2018-12-06 03:11:43 +00:00
Gary Ching-Pang Lin
3f0c0279d9 Accepting request 634117 from home:gary_lin:branches:devel:openSUSE:Factory 
- Enable AArch64 build (FATE#325971)
  + Also add the aarch64 signature files and rename the x86_64
    signature files

OBS-URL: https://build.opensuse.org/request/show/634117
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=142
 2018-09-07 09:39:12 +00:00
Gary Ching-Pang Lin
cdcbabe549 Accepting request 612951 from home:gary_lin:branches:devel:openSUSE:Factory 
Add shim-bsc1092000-fallback-menu.patch to show a menu before system reset ((bsc#1092000))

OBS-URL: https://build.opensuse.org/request/show/612951
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=141
 2018-05-30 03:26:13 +00:00
Gary Ching-Pang Lin
ddc96299d3 Accepting request 595021 from home:gary_lin:branches:devel:openSUSE:Factory 
avoid double-freeing after enrolling a key from the disk (bsc#1088585)

OBS-URL: https://build.opensuse.org/request/show/595021
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=140
 2018-04-10 04:33:05 +00:00
Gary Ching-Pang Lin
206b9df42b Accepting request 593109 from home:gary_lin:branches:devel:openSUSE:Factory 
- Install the certificates with a shim suffix to avoid conflicting
  with other packages (bsc#1087847)

OBS-URL: https://build.opensuse.org/request/show/593109
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=139
 2018-04-03 09:13:29 +00:00
Gary Ching-Pang Lin
66ba0f1262 Accepting request 590555 from home:gary_lin:branches:devel:openSUSE:Factory 
- Add the missing leading backlash to the DEFAULT_LOADER
  (bsc#1086589)

OBS-URL: https://build.opensuse.org/request/show/590555
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=138
 2018-03-23 06:40:17 +00:00
Gary Ching-Pang Lin
81fe5bce9e Accepting request 561805 from home:gary_lin:branches:devel:openSUSE:Factory 
Amend the device path matching rule for httpboot (bsc#1065370)

OBS-URL: https://build.opensuse.org/request/show/561805
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=137
 2018-01-05 09:03:39 +00:00