[ubuntu/focal-updates] shim 15.4-0ubuntu7 (Accepted)

Łukasz Zemczak lukasz.zemczak at canonical.com
Mon Aug 2 19:46:29 UTC 2021

shim (15.4-0ubuntu7) hirsute; urgency=medium

  * Fix load option parsing, and thus fwupd execution (LP: #1929471) (PR #379)
  * Fix occasional crashes in _relocate() on arm64 (LP: #1928010) (PR #383)
  * Fix accidental deletion of RT variables (LP: #1934506) (PR #387)
  * mok: relax the maximum variable size check (LP: #1934780) (PR #369)

shim (15.4-0ubuntu5) hirsute; urgency=medium

  * Rebuild in hirsute to get a more stable target to keep shim reproducible
    for a longer time.

shim (15.4-0ubuntu3) impish; urgency=medium

  [ Steve Langasek ]
  * Use -Zxz compression, for compatibility with dpkg in older releases.
    LP: #1925673

  [ Julian Andres Klode ]
  * Stop addending vendor dbx to MokListXRT during MokListX mirroring. This
    is causing systems to run out of EFI storage space, or just hang up
    when trying to write it (LP: #1924605) (LP: #1928434)
  * Further relax the check for variable mirroring on non-secureboot systems
    avoiding boot failures on out of space conditons (pull request #372)

  [ Seth Forshee ]
  * Don't unhook ExitBootServices() when EBS protection is disabled (LP: #1931136)
    (pull request #378)

shim (15.4-0ubuntu2) hirsute; urgency=medium

  [ Balint Reczey ]
  * Fix boot on EFI 1.10 machines, for example on some MacBooks (LP: #1925010)

  [ Dimitri John Ledkov ]
  * Fix kernel warning when allocating MOK table (LP: #1925139)
  * Fix booting with shim SBState disabled (LP: #1925140)

shim (15.4-0ubuntu1) hirsute; urgency=medium

  [ Dimitri John Ledkov ]
  * New upstream release 15.4 LP: #1921134
    - Update the commit hash in debian/rules
  * debian/rules: add request to sign EFI binaries with archive signing key.
  * debian/rules: stop using ENABLE_SHIM_CERT=1.
  * debian/rules: add canonical 2021 DBX.
  * deiban/rules: start using DISABLE_EBS_PROTECTION=1 to allow
    chainloading shim to shim, and shim to kernel.efi.
  * Add shim-dbg package, skip stripping files.
  * Update watch file, now uscan can generate new upstream tarballs.
  * Upgrade to debhelper 12.
  * Drop gnu-efi build-dep, now vendored upstream.
  * Add debian/rules target to generate gnu-efi components.
  * Do not clean gnu-efi Makefile.orig
  * Remove fallback 5s delay with TPM. LP: #1922581
  * Add xxd build-dep to run unittests.

  [ Chris Coulson ]
  * Drop patches that are fixed upstream:
    - debian/patches/Fix-OBJ_create-to-tolerate-a-NULL-sn-and-ln.patch
    - debian/patches/MokManager-avoid-unaligned.patch
    - debian/patches/tpm-correctness-1.patch
    - debian/patches/tpm-correctness-2.patch
    - debian/patches/tpm-correctness-3.patch
    - debian/patches/MokManager-hidpi-support.patch
    - debian/patches/fix-path-checks.patch
  * Drop the ENABLE_HTTPBOOT option - this is always built now.
    - update debian/rules
  * Add vendor SBAT metadata to shim.
    - add debian/sbat.ubuntu.csv.in
    - update debian/rules
  * Add vendor dbx esl to include-binaries
  * Build-depend on dos2unix
    - update debian/control

Date: 2021-07-07 09:00:09.980893+00:00
Changed-By: Julian Andres Klode <julian.klode at canonical.com>
Signed-By: Łukasz Zemczak <lukasz.zemczak at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Focal-changes mailing list