diff options
Diffstat (limited to 'debian/changelog')
| -rw-r--r-- | debian/changelog | 243 |
1 files changed, 0 insertions, 243 deletions
diff --git a/debian/changelog b/debian/changelog deleted file mode 100644 index 005a1457..00000000 --- a/debian/changelog +++ /dev/null @@ -1,243 +0,0 @@ -shim (13~git1505328971.0780644a-0ubuntu1~test1) UNRELEASED; urgency=medium - - * New upstream snapshot: 13~git1505328971.0780644a - * debian/control: add a Build-Depends on libelf-dev. - * debian/control: add Breaks: for the previous shim-signed builds given - that shim will now build and ship BOOT.CSV by itself. - * debian/rules: - - Update dh_auto_build/dh_auto_clean/dh_auto_install for new upstream - options: set MAKELEVEL. - - Define an EFI_ARCH variable, and use that for paths to shim. This - makes it possible to build a shim for other architectures than amd64. - - Set EFIDIR=ubuntu for dh_auto_install; that will let files be installed - in the "right" final directories, and makes boot.csv for us. - - Set ENABLE_SHIM_CERT, to keep using ephemeral self-signed certs built - at compile-time for MokManager and fallback. - - Set ENABLE_SBSIGN, to use sbsign instead of pesign for signing fallback - and MokManager. - - Ignore unused-variable errors. - * debian/patches/second-stage-path: dropped; the default loader path now - includes an arch suffix. - * debian/patches/sbsigntool-no-pesign: dropped; no longer needed.. - * debian/patches/0001-shim-fix-the-mirroring-MokSBState-fail.patch: dropped, - included upstream. - * debian/rules: clean up after *.signed files. - * debian/shim.install: update paths in light of using shim's upstream install - target. - * debian/patches/buildid_write_return.patch: workaround our strict compile - rules failing the build: make sure write calls check the return value. - * debian/rules, debian/shim.install: make sure the 'make install' step does - what it's meant to do by upstream: we can easily make use of the end result - to have the files we need. - - -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Tue, 29 Aug 2017 22:45:30 -0400 - -shim (0.9+1474479173.6c180c6-1ubuntu1) zesty; urgency=medium - - [ Steve Langasek ] - * Merge (not yet NEW cleared) changes from Debian branch. - - [ Mathieu Trudel-Lapierre ] - * debian/patches/0001-shim-fix-the-mirroring-MokSBState-fail.patch: guard - against errors in mirroring MokSBState to MokSBStateRT. Thanks to Ivan Hu - for the patch. This will fix issues updating MokSBStateRT if the variable - already exists with different attributes. (LP: #1644806) - - -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Thu, 01 Dec 2016 16:55:50 -0500 - -shim (0.9+1474479173.6c180c6-1) unstable; urgency=medium - - [ Steve Langasek ] - * Initial Debian upload. Closes: #820052. - * Update Standards-Version. - * Embed the newly-minted Debian CA certificate. - * Vendorize debian/rules so that the same package can be used in both - Debian and Ubuntu without modification. - * Fix debian/copyright to match the spec (last match wins, not first) - * Fix shim.efi to not be executable. - * Add watchfile. - * Support parallel builds, because eh why not - * Update Vcs-Bzr. - * Resync with Ubuntu, including patch to fix debian/copyright. - - [ Julien Cristau ] - * Add some missing copyright holders in d/copyright, update - Upstream-Contact. Thanks to Helen Koike for the help. - - -- Julien Cristau <jcristau@debian.org> Sat, 15 Oct 2016 15:17:34 +0200 - -shim (0.9+1474479173.6c180c6-0ubuntu1) yakkety; urgency=medium - - [ Helen Koike ] - * debian/copyright: add OpenSSL license - - [ Mathieu Trudel-Lapierre ] - * New upstream release. (LP: #1624096) - * debian/copyright: patches should be BSD, like the rest of the upstream - code. - * debian/patches/unused-variable: dropped; applied upstream. - * debian/patches/binutils-version-matching: dropped, fixed upstream. - * debian/shim.install: built EFI binaries were renamed; update our install - file to properly pick up shim (shim$arch), MokManager (mm$arch), and - fallback (fb$arch). - - -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Thu, 22 Sep 2016 15:02:20 -0400 - -shim (0.9+1465500757.14a5905-0ubuntu1) yakkety; urgency=medium - - * New upstream release. - - Better handle LoadOptions. (LP: #1581299) - - Measure state and second stage in TPM. - - Mirror MokSBState in runtime as MokSBStateRT. - - Fix failure to build with GCC 5. (LP: #1429978) - - Various bug fixes and other improvements. - * Refreshed patches. - - Remaining patches: - + second-stage-path - + sbsigntool-not-pesign - * debian/patches/unused-variable: remove unused variable size. - * debian/patches/binutils-version-matching: revert d9a4c912 to correctly - match objcopy's version on Ubuntu. - * debian/copyright: update copyright for patches. - - -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Tue, 26 Jul 2016 16:48:32 -0400 - -shim (0.8-0ubuntu2) wily; urgency=medium - - * No-change rebuild against gnu-efi 3.0v-5ubuntu1. - - -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 12 May 2015 17:48:30 +0000 - -shim (0.8-0ubuntu1) wily; urgency=medium - - * New upstream release. - - Clarify meaning of insecure_mode. (LP: #1384973) - * debian/patches/CVE-2014-3675.patch, debian/patches/CVE-2014-3677.patch, - debian/patches/0001-Update-openssl-to-0.9.8za.patch: dropped, included - in the upstream release. - * debian/patches/sbsigntool-not-pesign,debian/patches/second-stage-path: - refreshed. - - -- Mathieu Trudel-Lapierre <mathieu-tl@ubuntu.com> Mon, 11 May 2015 19:50:49 -0400 - -shim (0.7-0ubuntu4) utopic; urgency=medium - - * SECURITY UPDATE: heap overflow and out-of-bounds read access when - parsing DHCPv6 information - - debian/patches/CVE-2014-3675.patch: apply proper bounds checking - when parsing data provided in DHCPv6 packets. - - CVE-2014-3675 - - CVE-2014-3676 - * SECURITY UPDATE: memory corruption when processing user-provided key - lists - - debian/patches/CVE-2014-3677.patch: detect malformed machine owner - key (MOK) lists and ignore them, avoiding possible memory corruption. - - CVE-2014-3677 - - -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 08 Oct 2014 06:40:40 +0000 - -shim (0.7-0ubuntu2) utopic; urgency=medium - - * Restore debian/patches/prototypes, which still is needed on shim 0.7 - but only detected on the buildds. - * Update debian/patches/prototypes with some new declarations needed for - openssl 0.9.8za update. - - -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 07 Oct 2014 16:20:08 -0700 - -shim (0.7-0ubuntu1) utopic; urgency=medium - - * New upstream release. - - fix spurious error message when fallback.efi is not present, as will - always be the case for removable media. LP: #1297069. - - drop most patches, included upstream. - * debian/patches/0001-Update-openssl-to-0.9.8za.patch: cherry-pick - openssl 0.9.8za in via upstream. - - -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 07 Oct 2014 05:40:41 +0000 - -shim (0.4-0ubuntu5) utopic; urgency=low - - * Install fallback.efi.signed as well, to lay the groundwork for fallback - handling (wanted when we have to move a drive between machines, or when - the firmware loses its marbles^W nvram). - - -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 04 Aug 2014 12:11:13 +0200 - -shim (0.4-0ubuntu4) saucy; urgency=low - - * debian/patches/fix-tftp-prototype: pass the right arguments to - EFI_PXE_BASE_CODE_TFTP_READ_FILE. - * debian/patches/build-with-Werror: Build with -Werror to catch future - prototype mismatches. - * debian/patches/fix-compiler-warnings: Fix remaining compiler - warnings in netboot.c. - * debian/patches/tftp-proper-nul-termination: fix nul termination - errors in filenames passed to tftp. - * debian/patches/netboot-cleanup: roll-up of miscellaneous fixes to - the netboot code. - - -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 23 Sep 2013 00:30:00 -0700 - -shim (0.4-0ubuntu3) saucy; urgency=low - - [ Steve Langasek ] - * Install MokManager.efi.signed in the package. - * debian/patches/no-output-by-default.patch: Don't print any - informational messages. Closes LP: #1074302. - - [ Stéphane Graber ] - * debian/patches/no-print-on-unsigned: Don't print an error message when - validating an unsigned binary as that tends to hang Lenovo machines. - (LP: #1087501) - - -- Stéphane Graber <stgraber@ubuntu.com> Thu, 08 Aug 2013 17:12:12 +0200 - -shim (0.4-0ubuntu2) saucy; urgency=low - - * Add missing build-dependency on openssl. - - -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 02 Jul 2013 20:30:43 +0000 - -shim (0.4-0ubuntu1) saucy; urgency=low - - * New upstream release. - * Drop debian/patches/shim-before-loadimage; upstream has changed this to - not call loadimage at all. - * debian/patches/sbsigntool-not-pesign: Sign MokManager with - sbsigntool instead of pesign. - * Add a versioned build-dependency on gnu-efi. - - -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 02 Jul 2013 12:53:24 -0700 - -shim (0~20120906.bcd0a4e8-0ubuntu4) quantal-proposed; urgency=low - - * debian/patches/shim-before-loadimage: Use direct verification first - before LoadImage. Addresses an issue where Lenovo's SecureBoot - implementation pops an error message on any verification failure - avoid - calling LoadImage at all unless we have to. - - -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 10 Oct 2012 15:28:40 -0700 - -shim (0~20120906.bcd0a4e8-0ubuntu3) quantal; urgency=low - - * debian/patches/second-stage-path: Chainload grubx64.efi, not - grub.efi. - - -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 05 Oct 2012 11:20:58 -0700 - -shim (0~20120906.bcd0a4e8-0ubuntu2) quantal; urgency=low - - * debian/patches/prototypes: Include missing prototypes, and disable - use of BIO_new_file. - * Only build the package for amd64; we're not signing an i386 shim at this - stage so there's no point in building it. - - -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 04 Oct 2012 17:47:04 +0000 - -shim (0~20120906.bcd0a4e8-0ubuntu1) quantal; urgency=low - - * Initial release. - * Include the Canonical Secure Boot master CA. - - -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 04 Oct 2012 00:01:06 -0700 |