summaryrefslogtreecommitdiff
path: root/debian/changelog
AgeCommit message (Collapse)Author
2024-05-04*Actually* release 15.8-1~deb12u1 for bookwormdebian/15.8-1_deb12u1bookworm/updatesSteve McIntyre
2024-05-04Clean up better after build. Closes: #1046268Steve McIntyre
2024-05-04Install a copy of the Debian CA certificate into /usr/share/shim.Steve McIntyre
Closes: #1069054
2024-05-04Release 15.8-1~deb12u1 for bookwormSteve McIntyre
2024-05-03Update version for bookwormSteve McIntyre
2024-05-03Force usage of newest revocations at build timeSteve McIntyre
Force shim to use the latest revocations by default to block some older grub / peimage issues. This is: "shim,4\ngrub,4\ngrub.peimage,2\n" This should work with the current released grub builds in all of buster, bullseye, bookwork and trixie/unstable. Let's not leave known security holes in the wild.
2024-05-03Cherry-pick latest grub revocation patches from upstream shimSteve McIntyre
0001-sbat-Add-grub.peimage-2-to-latest-CVE-2024-2312.patch 0002-sbat-Also-bump-latest-for-grub-4-and-to-todays-date.patch
2024-05-03Log if the build is nx-compatible or notSteve McIntyre
Add a new simple script to do this: check_nx
2024-05-03Switch to 15.8 upstream and drop patchesSteve McIntyre
2024-04-29Add changelog entryBastien Roucariès
2024-04-29Closes: #936009Bastien Roucariès
2024-04-15Update changelogBastien Roucariès
2023-11-02Tweak building with pesign changesSteve McIntyre
We used to use efisiglist to generate the DBX list. Newer versions of the pesign package don't include it any more, and the recommended replacement tool is now efisecdb from efivar. Tweak the generate_dbx_list script to work with both old and new. Let's make backports easy...
2023-01-31Release 15.7-1debian/15.7-1Steve McIntyre
2023-01-30Swith to using the upstream "enable NX" patchSteve McIntyre
2023-01-29Block Debian grub binaries with sbat < 4 (see #1024617)Steve McIntyre
2023-01-24Enable NX support at build timeSteve McIntyre
As required by policy for signing new shim binaries.
2023-01-22Update to Standards-Version 4.6.2 (no changes needed)Steve McIntyre
2023-01-22Switch to using gcc-12Steve McIntyre
Closes: #1022180
2023-01-22Switch to new upstream (15.7)Steve McIntyre
Also import patch to deal with buggy binutils
2022-07-21Release 15.6-1debian/15.6-1Steve McIntyre
2022-06-23Start packaging updates for the new 15.6 upstream releaseSteve McIntyre
Remove all our patches, all upstream now
2022-04-28Fix format strings for 32-bit buildsSteve McIntyre
2022-04-28Add new build-dep on libefivar-dev for testsSteve McIntyre
2022-04-27Tweak setup for dh_auto_test so the tests workSteve McIntyre
2022-04-27Start packaging updates for the new 15.51 upstream releaseSteve McIntyre
Remove all our patches, all upstream now.
2021-07-12Tweak how we call grub-install; don't abort on errordebian/15.4-7Steve McIntyre
Not ideal behaviour either, but don't break upgrades. Copy the behaviour from the grub packages here. Closes: #990966
2021-06-23Release 15.4-6debian/15.4-6Steve McIntyre
2021-06-22In insecure mode, don't abort if we can't create the MokListXRT varSteve McIntyre
Upstream issue #372. Closes: #989962, #990158
2021-06-22Add arm64 patch to tweak section layout and stop crashing problemsSteve McIntyre
Upstream issue #371. Closes: #990082, #990190
2021-05-06Add defensive code around calls to db_getdebian/15.4-5Steve McIntyre
Don't fail if they return errors.
2021-05-04Fix up the template maintainer scriptsdebian/15.4-4Steve McIntyre
if we're not running on an EFI system then exit cleanly
2021-05-03Add maintainer scripts to the template packagesdebian/15.4-3Steve McIntyre
Manage installing and removing fbXXX.efi and mmXXX.efi when we install/remove the shim-helpers-$arch-signed packages. Closes: #966845
2021-04-21Add changelog for 15.4-2 with new patchesdebian/15.4-2Steve McIntyre
2021-04-14allocate MOK config table as BootServicesDataSteve McIntyre
Another patch from upstream, needed with newer kernels on x86
2021-03-31Add one more patch from upstream to fix i386 binary relocationsSteve McIntyre
2021-03-31Override dh_auto_build setting INSTALL, cut down on build noiseSteve McIntyre
2021-03-31Update to the 15.4 releaseSteve McIntyre
2021-03-24Print sha256 checksums of the EFI binaries when the build is doneSteve McIntyre
2021-03-24Tweak the SBAT data to keep reproducibilitydebian/15.3-3Steve McIntyre
Only include the upstream version in the Debian SBAT metadata, so we don't break reproducibility on every minor packaging change.
2021-03-24Add missing build-dep on xxd for build-time unit testsdebian/15.3-2Steve McIntyre
2021-03-23Switch to using the 15.3 release from upstreamSteve McIntyre
2021-03-23Update copyright fileSteve McIntyre
Update a couple of top-level changes, copy in gnu-efi information from the gnu-efi package
2021-03-23Add an extra rule to generate the extra gnu-efi tarballSteve McIntyre
Thanks to Dmitri John Ledkov for help
2021-03-23Add Debian SBAT data to the shim buildSteve McIntyre
Add a Debian SBAT template, and rules to use it Adds a build-dep on dos2unix
2021-03-23Add dbx entries for all our existing grub binariesSteve McIntyre
They're insecure, let's break the chainloading hole
2021-02-21Change changelog to shut lintian upSteve McIntyre
2021-02-21Add new patch cast-CHAR8-string-handling.patchSteve McIntyre
Cast CHAR8 strings to use (const char *) when using string functions Looks like gnu-efi definitions of CHAR8 are problematic
2021-02-21Trivial change to remove bashisms in Make.coveritySteve McIntyre
2021-02-21Remove all our old patches, no longer needed:Steve McIntyre
- avoid_null_vsprint.patch - check_null_sn_ln.patch - fixup_git.patch - uname.patch - use_compare_mem_gcc9.patch
generated by cgit v1.2.3 (git 2.39.1) at 2025-09-02 14:17:11 +0000