(mirror of https://github.com/vyos/efi-boot-shim.git) https://git.amelek.net/vyos/efi-boot-shim.git/atom?h=Version_15 2018-03-15T15:23:26+00:00 2018-03-15T15:23:26+00:00 Peter Jones pjones@redhat.com 2018-03-15T15:13:25+00:00 urn:sha1:138deeff23707b2db46bbb5c90f1c08bd4b2a429 I don't think the x86 binaries clang builds will actually work unless they just infer -maccumulate-outgoing-args from __attribute__((__ms_abi__), but it's nice to have the analyzer working. Signed-off-by: Peter Jones <pjones@redhat.com> 2018-03-06T19:33:19+00:00 Tamas K Lengyel lengyelt@ainfosec.com 2017-11-11T17:10:56+00:00 urn:sha1:3d932631980a29cf584afbf80bc6c278129ae2e2 Signed-off-by: Tamas K Lengyel <lengyelt@ainfosec.com> 2017-09-08T18:48:57+00:00 Peter Jones pjones@redhat.com 2017-09-08T18:28:30+00:00 urn:sha1:9802023c13859cb2fb2e9df924ec203286994d7d I think this works around most of them. Signed-off-by: Peter Jones <pjones@redhat.com> 2017-09-08T18:47:09+00:00 Gary Lin glin@suse.com 2017-04-10T09:23:29+00:00 urn:sha1:e992a913cf5f1d8eeaec345cc5c873a96bf4bb39 Disable DES completely since it's already old and insecure. This makes MokManager not support the DES based password hash but probably no one is using it. Signed-off-by: Gary Lin <glin@suse.com> 2017-09-08T18:47:09+00:00 Gary Lin glin@suse.com 2017-04-10T08:55:17+00:00 urn:sha1:70d49e332d0196a15f19cbc7c603b01057e3e901 MD4 is known to be insecure and shim never uses it. Signed-off-by: Gary Lin <glin@suse.com> 2017-08-31T19:13:58+00:00 Peter Jones pjones@redhat.com 2017-08-31T17:57:30+00:00 urn:sha1:1d39ada8cb336d9e7c156be7526b674851fbdd40 OpenSSL changes quite a bit of the key validation, and most of the keys I can find in the wild aren't marked as trusted by the new checker. Intel noticed this too: https://github.com/vathpela/edk2/commit/f536d7c3ed but instead of fixing the compatibility error, they switched their test data to match the bug. So that's pretty broken. For now, I'm reverting OpenSSL 1.1.0e, because we need those certs in the wild to work. This reverts commit 513cbe2aea689bf968f171f894f3d4cdb43524d5. This reverts commit e9cc33d6f2b7f35c6f5e349fd83fb9ae0bc66226. This reverts commit 80d49f758ead0180bfe6161931838e0578248303. This reverts commit 9bc647e2b23bcfd69a0077c0717fbc454c919a57. This reverts commit ae75df6232ad30f3e8736e9449692d58a7439260. This reverts commit e883479f35644d17db7efed710657c8543cfcb68. This reverts commit 97469449fda5ba933a64280917e776487301a127. This reverts commit e39692647f78e13d757ddbfdd36f440d5f526050. This reverts commit 0f3dfc01e2d5e7df882c963dd8dc4a0dfbfc96ad. This reverts commit 4da6ac819510c7cc4ba21d7a735d69b45daa5873. This reverts commit d064bd7eef201f26cb926450a76260b5187ac689. This reverts commit 9bc86cfd6f9387f0da9d5c0102b6aa5627e91c91. This reverts commit ab9a05a10f16b33f7ee1e9da360c7801eebdb9d2. Signed-off-by: Peter Jones <pjones@redhat.com> 2017-08-31T19:13:45+00:00 Peter Jones pjones@redhat.com 2017-08-31T18:49:11+00:00 urn:sha1:aaf8049c3995dd2c0c42087a601c262545f36b9c Signed-off-by: Peter Jones <pjones@redhat.com> 2017-08-11T18:10:43+00:00 Peter Jones pjones@redhat.com 2017-08-08T21:48:59+00:00 urn:sha1:b9354fc4aa32a4c30483bb0c83f0fb13297e7891 Signed-off-by: Peter Jones <pjones@redhat.com> 2017-07-25T00:11:28+00:00 Peter Jones pjones@redhat.com 2017-07-25T00:07:07+00:00 urn:sha1:8a6d270d707df229a3f2a1d5bcf52a84141950b8 This lets you do: mkdir build-x64 build-ia32 cd build-x64 make TOPDIR=.. -f ../Makefile cd ../build-ia32 setarch i686 -B make ARCH=ia32 TOPDIR=.. -f ../Makefile And not worry about generated sources and headers mixing and matching. Signed-off-by: Peter Jones <pjones@redhat.com> 2017-04-11T14:42:19+00:00 Gary Lin glin@suse.com 2017-04-10T09:23:29+00:00 urn:sha1:e9cc33d6f2b7f35c6f5e349fd83fb9ae0bc66226 Disable DES completely since it's already old and insecure. This makes MokManager not support the DES based password hash but probably no one is using it. Signed-off-by: Gary Lin <glin@suse.com>