From c117735c205dea04b1a0dbaaa6dfdb0b11250ea7 Mon Sep 17 00:00:00 2001 From: Julien Cristau Date: Sat, 15 Oct 2016 15:17:34 +0200 Subject: Import Debian changes 0.9+1474479173.6c180c6-1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit shim (0.9+1474479173.6c180c6-1) unstable; urgency=medium [ Steve Langasek ] * Initial Debian upload. Closes: #820052. * Update Standards-Version. * Embed the newly-minted Debian CA certificate. * Vendorize debian/rules so that the same package can be used in both Debian and Ubuntu without modification. * Fix debian/copyright to match the spec (last match wins, not first) * Fix shim.efi to not be executable. * Add watchfile. * Support parallel builds, because eh why not * Update Vcs-Bzr. * Resync with Ubuntu, including patch to fix debian/copyright. [ Julien Cristau ] * Add some missing copyright holders in d/copyright, update Upstream-Contact. Thanks to Helen Koike for the help. shim (0.9+1474479173.6c180c6-0ubuntu1) UNRELEASED; urgency=medium [ Helen Koike ] * debian/copyright: add OpenSSL license [ Mathieu Trudel-Lapierre ] * New upstream release. * debian/copyright: patches should be BSD, like the rest of the upstream code. * debian/patches/unused-variable: dropped; applied upstream. * debian/patches/binutils-version-matching: dropped, fixed upstream. * debian/shim.install: built EFI binaries were renamed; update our install file to properly pick up shim (shim$arch), MokManager (mm$arch), and fallback (fb$arch). shim (0.9+1465500757.14a5905-0ubuntu1) yakkety; urgency=medium * New upstream release. - Better handle LoadOptions. (LP: #1581299) - Measure state and second stage in TPM. - Mirror MokSBState in runtime as MokSBStateRT. - Fix failure to build with GCC 5. (LP: #1429978) - Various bug fixes and other improvements. * Refreshed patches. - Remaining patches: + second-stage-path + sbsigntool-not-pesign * debian/patches/unused-variable: remove unused variable size. * debian/patches/binutils-version-matching: revert d9a4c912 to correctly match objcopy's version on Ubuntu. * debian/copyright: update copyright for patches. shim (0.8-0ubuntu2) wily; urgency=medium * No-change rebuild against gnu-efi 3.0v-5ubuntu1. shim (0.8-0ubuntu1) wily; urgency=medium * New upstream release. - Clarify meaning of insecure_mode. (LP: #1384973) * debian/patches/CVE-2014-3675.patch, debian/patches/CVE-2014-3677.patch, debian/patches/0001-Update-openssl-to-0.9.8za.patch: dropped, included in the upstream release. * debian/patches/sbsigntool-not-pesign,debian/patches/second-stage-path: refreshed. shim (0.7-0ubuntu4) utopic; urgency=medium * SECURITY UPDATE: heap overflow and out-of-bounds read access when parsing DHCPv6 information - debian/patches/CVE-2014-3675.patch: apply proper bounds checking when parsing data provided in DHCPv6 packets. - CVE-2014-3675 - CVE-2014-3676 * SECURITY UPDATE: memory corruption when processing user-provided key lists - debian/patches/CVE-2014-3677.patch: detect malformed machine owner key (MOK) lists and ignore them, avoiding possible memory corruption. - CVE-2014-3677 shim (0.7-0ubuntu2) utopic; urgency=medium * Restore debian/patches/prototypes, which still is needed on shim 0.7 but only detected on the buildds. * Update debian/patches/prototypes with some new declarations needed for openssl 0.9.8za update. shim (0.7-0ubuntu1) utopic; urgency=medium * New upstream release. - fix spurious error message when fallback.efi is not present, as will always be the case for removable media. LP: #1297069. - drop most patches, included upstream. * debian/patches/0001-Update-openssl-to-0.9.8za.patch: cherry-pick openssl 0.9.8za in via upstream. shim (0.4-0ubuntu5) utopic; urgency=low * Install fallback.efi.signed as well, to lay the groundwork for fallback handling (wanted when we have to move a drive between machines, or when the firmware loses its marbles^W nvram). shim (0.4-0ubuntu4) saucy; urgency=low * debian/patches/fix-tftp-prototype: pass the right arguments to EFI_PXE_BASE_CODE_TFTP_READ_FILE. * debian/patches/build-with-Werror: Build with -Werror to catch future prototype mismatches. * debian/patches/fix-compiler-warnings: Fix remaining compiler warnings in netboot.c. * debian/patches/tftp-proper-nul-termination: fix nul termination errors in filenames passed to tftp. * debian/patches/netboot-cleanup: roll-up of miscellaneous fixes to the netboot code. shim (0.4-0ubuntu3) saucy; urgency=low [ Steve Langasek ] * Install MokManager.efi.signed in the package. * debian/patches/no-output-by-default.patch: Don't print any informational messages. Closes LP: #1074302. [ Stéphane Graber ] * debian/patches/no-print-on-unsigned: Don't print an error message when validating an unsigned binary as that tends to hang Lenovo machines. (LP: #1087501) shim (0.4-0ubuntu2) saucy; urgency=low * Add missing build-dependency on openssl. shim (0.4-0ubuntu1) saucy; urgency=low * New upstream release. * Drop debian/patches/shim-before-loadimage; upstream has changed this to not call loadimage at all. * debian/patches/sbsigntool-not-pesign: Sign MokManager with sbsigntool instead of pesign. * Add a versioned build-dependency on gnu-efi. shim (0~20120906.bcd0a4e8-0ubuntu4) quantal-proposed; urgency=low * debian/patches/shim-before-loadimage: Use direct verification first before LoadImage. Addresses an issue where Lenovo's SecureBoot implementation pops an error message on any verification failure - avoid calling LoadImage at all unless we have to. shim (0~20120906.bcd0a4e8-0ubuntu3) quantal; urgency=low * debian/patches/second-stage-path: Chainload grubx64.efi, not grub.efi. shim (0~20120906.bcd0a4e8-0ubuntu2) quantal; urgency=low * debian/patches/prototypes: Include missing prototypes, and disable use of BIO_new_file. * Only build the package for amd64; we're not signing an i386 shim at this stage so there's no point in building it. shim (0~20120906.bcd0a4e8-0ubuntu1) quantal; urgency=low * Initial release. * Include the Canonical Secure Boot master CA. --- debian/copyright | 254 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 254 insertions(+) create mode 100644 debian/copyright (limited to 'debian/copyright') diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 00000000..7c08287c --- /dev/null +++ b/debian/copyright @@ -0,0 +1,254 @@ +Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: shim +Upstream-Contact: Matthew Garrett +Source: https://github.com/mjg59/shim.git + +Files: * +Copyright: 2012-2013 Red Hat, Inc + 2009-2016 Intel Corporation +License: BSD-2-Clause + +Files: debian/patches/* +Copyright: 2016 Canonical Ltd. +License: BSD-2-Clause + +Files: crypt_blowfish.* +Copyright: none +License: public-domain + No copyright is claimed, and the software is hereby placed in the public + domain. In case this attempt to disclaim copyright and place the software + in the public domain is deemed null and void, then the software is + Copyright (c) 2000-2011 Solar Designer and it is hereby released to the + general public under the following terms: + . + Redistribution and use in source and binary forms, with or without + modification, are permitted. + . + There's ABSOLUTELY NO WARRANTY, express or implied. + +Files: httpboot.* +Copyright: 2015 SUSE LINUX GmbH +License: BSD-2-Clause + +Files: include/Http.h +Copyright: 2016 Intel Corporation + 2015 Hewlett Packard Enterprise Development LP +License: BSD-2-Clause + +Files: include/PeImage.h +Copyright: 2006-2010 Intel Corporation + 2008-2009 Apple Inc +License: BSD-2-Clause + +Files: lib/*.c +Copyright: 2011-2012 Intel Corporation + 2012 + 2012-2013 Red Hat, Inc +License: BSD-2-Clause + +Files: Cryptlib/OpenSSL/* Cryptlib/Include/openssl/* +Copyright: 1998-2016 The OpenSSL Project + 1995-1998 Eric Young (eay@cryptsoft.com) + 2002 Sun Microsystems, Inc + 2005 Nokia +License: OpenSSL and Original-SSLeay + OpenSSL License + --------------- + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + . + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + . + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + . + 3. All advertising materials mentioning features or use of this + software must display the following acknowledgment: + "This product includes software developed by the OpenSSL Project + for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + . + 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + endorse or promote products derived from this software without + prior written permission. For written permission, please contact + openssl-core@openssl.org. + . + 5. Products derived from this software may not be called "OpenSSL" + nor may "OpenSSL" appear in their names without prior written + permission of the OpenSSL Project. + . + 6. Redistributions of any form whatsoever must retain the following + acknowledgment: + "This product includes software developed by the OpenSSL Project + for use in the OpenSSL Toolkit (http://www.openssl.org/)" + . + THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + OF THE POSSIBILITY OF SUCH DAMAGE. + ==================================================================== + . + This product includes cryptographic software written by Eric Young + (eay@cryptsoft.com). This product includes software written by Tim + Hudson (tjh@cryptsoft.com). + . + Original SSLeay License + ----------------------- + This package is an SSL implementation written + by Eric Young (eay@cryptsoft.com). + The implementation was written so as to conform with Netscapes SSL. + . + This library is free for commercial and non-commercial use as long as + the following conditions are aheared to. The following conditions + apply to all code found in this distribution, be it the RC4, RSA, + lhash, DES, etc., code; not just the SSL code. The SSL documentation + included with this distribution is covered by the same copyright terms + except that the holder is Tim Hudson (tjh@cryptsoft.com). + . + Copyright remains Eric Young's, and as such any Copyright notices in + the code are not to be removed. + If this package is used in a product, Eric Young should be given attribution + as the author of the parts of the library used. + This can be in the form of a textual message at program startup or + in documentation (online or textual) provided with the package. + . + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + "This product includes cryptographic software written by + Eric Young (eay@cryptsoft.com)" + The word 'cryptographic' can be left out if the rouines from the library + being used are not cryptographic related :-). + 4. If you include any Windows specific code (or a derivative thereof) from + the apps directory (application code) you must include an acknowledgement: + "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + . + THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. + . + The licence and distribution terms for any publically available version or + derivative of this code cannot be changed. i.e. this code cannot simply be + copied and put under another distribution licence + [including the GNU Public Licence.] + +Files: Cryptlib/Include/openssl/seed.h +Copyright: 2007 KISA(Korea Information Security Agency) +License: BSD-2-Clause + +Files: Cryptlib/OpenSSL/crypto/o_dir.h Cryptlib/OpenSSL/crypto/LPdir_nyi.c +Copyright: 2004, Richard Levitte +License: BSD-2-Clause + +Files: Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c +Copyright: 2004 Kungliga Tekniska Högskolan +License: BSD-3-Clause-Institute + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + . + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + . + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + . + 3. Neither the name of the Institute nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. + +Files: Cryptlib/OpenSSL/crypto/bn/rsaz_exp.h +Copyright: 2012, Intel Corporation +License: BSD-3-Clause-Intel + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are + met: + . + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + . + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the + distribution. + . + * Neither the name of the Intel Corporation nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION ""AS IS"" AND ANY + EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR + CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +License: BSD-2-Clause + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + . + Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + . + Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the + distribution. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + OF THE POSSIBILITY OF SUCH DAMAGE. -- cgit v1.2.3