Univention Bugzilla – Bug 57271
shim: Multiple issues (5.0)
Last modified: 2024-05-15 12:32:15 CEST
New Debian shim 15.8-1~deb10u1 fixes: This update addresses the following issue: 15.8-1~deb10u1 (Mon, 05 May 2024 11:33:57 +0100) * New upstream release fixing more bugs * Remove all our previous patches, no longer needed: + Make-sbat_var.S-parse-right-with-buggy-gcc-binutils.patch (now upstream) + Enable-NX.patch (we don't want NX just yet until the whole boot stack is NX-capable) + block-grub-sbat3-debian.patch (not needed now upstream grub SBAT is 4) * Cherry-pick 2 new patches from upstream for grub revocations: + 0001-sbat-Add-grub.peimage-2-to-latest-CVE-2024-2312.patch + 0002-sbat-Also-bump-latest-for-grub-4-and-to-todays-date.patch * Log if the build is nx-compatible or not * Force shim to use the latest revocations by default to block some older grub / peimage issues. This is: "shim,4\ngrub,4\ngrub.peimage,2\n" * Install a copy of the Debian CA certificate into /usr/share/shim. * Clean up better after build.
--- mirror/ftp/pool/main/s/shim/shim_15.7-1~deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-7/source/shim_15.8-1~deb10u1.dsc @@ -1,3 +1,24 @@ +15.8-1~deb10u1 [Mon, 05 May 2024 11:33:57 +0100] Steve McIntyre <93sam@debian.org>: + + * New upstream release fixing more bugs + * Remove all our previous patches, no longer needed: + + Make-sbat_var.S-parse-right-with-buggy-gcc-binutils.patch (now + upstream) + + Enable-NX.patch (we don't want NX just yet until the whole boot + stack is NX-capable) + + block-grub-sbat3-debian.patch (not needed now upstream grub SBAT + is 4) + * Cherry-pick 2 new patches from upstream for grub revocations: + + 0001-sbat-Add-grub.peimage-2-to-latest-CVE-2024-2312.patch + + 0002-sbat-Also-bump-latest-for-grub-4-and-to-todays-date.patch + * Log if the build is nx-compatible or not + * Force shim to use the latest revocations by default to block some + older grub / peimage issues. This is: + "shim,4\ngrub,4\ngrub.peimage,2\n" + * Install a copy of the Debian CA certificate into /usr/share/shim. + Closes: #1069054 + * Clean up better after build. Closes: #1046268 + 15.7-1~deb10u1 [Tue, 31 Jan 2023 10:41:03 +0100] Steve McIntyre <93sam@debian.org>: * New upstream release fixing more bugs <http://piuparts.knut.univention.de/5.0-7/#6309849232310078724>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-7] 99a3f1ecac Bug #57271: shim 15.8-1~deb10u1 doc/errata/staging/shim.yaml | 20 ++++---------------- 1 file changed, 4 insertions(+), 16 deletions(-) [5.0-7] 556d699733 Bug #57271: shim 15.8-1~deb10u1 doc/errata/staging/shim.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x1047>