shim 0.9

========

Gary Ching-Pang Lin (19):
      Add nostdinc to the CFLAGS for lib
      Update Cryptlib and openssl
      Make the build failed with objcopy < 2.24
      Support MOK blacklist
      MokManager: show the hash list properly
      MokManager: delete the hash properly
      MokManager: Match all hashes in the list
      MokManager: Write the hash list properly
      Copy the MOK blacklist to a RT variable
      Verify the EFI images with MOK blacklist
      Make shim to check MokXAuth for MOKX reset
      MokManager: calculate the variable size correctly
      MokManager: fix the hash list counting in delete
      MokManager: Support SHA1 hash in MOK
      MokManager: fix the return value and type
      MokManager: Add more key list safe checks
      MokManager: Support SHA224, SHA384, and SHA512
      MokManager: Discard the list contains an invalid signature
      MokManager: fix comparison between signed and unsigned integer

Laszlo Ersek (1):
      Fix length of allocated buffer for boot option comparison.

Matthew Garrett (1):
      Explicitly request sysv-style ELF hash sections

Peter Jones (17):
      Align the sections we're loading, and check for validity /after/ discarding.
      Don't install our protocols if we're not in secure mode.
      Make lib/ build right with the cflags it should be using...
      Make lib/ use the right CFLAGS.
      gcc 5.0 changes some include bits, so copy what arm does on x86.
      Only run MokManager if asked or a security violation occurs.
      Don't leave in_protocol==1 when shim_verify() isn't enforcing.
      Ensure that apps launched by shim get correct BS->Exit() behavior
      Fix console_print_box*() parameters.
      MokManager: Nerf SHA-1 again for actual hashes and signatures.
      Don't print anything or delay when start_image() succeeds.
      More incorrect unsigned vs signed fixups from yours truly.
      Add a conditional point for a debugger to attach.
      Only be verbose the first time secure_mode() is called.
      Make sure our build-id notes wind up at a reasonable place.
      Improve our debuginfo path print
      0.9

Richard W.M. Jones (1):
      fallback: Fix comparison between signed and unsigned in debugging code.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUAVZLd+u7SZrcPT+8QAQJiXw//fmwS1vrq97mfSfmy2c7QqfyrUlJpBfrI
e65nb+lpxZ0Fx9VGI9JBqTwT8TFnpj+FFX2DjH98uxNPHTFIuQShk1Vqboygmcem
W2CmFGJkCnu5v8yYPlym21h9U5madXPssSHTXdcWSqV7TILVIJ6mgXHoqS637u0S
QYNuNaXb1DJtyvNqbcvAsfjneTFiL70/UOSUnK7nqBQW44+Ei8F0iY5zqoII3aZs
1MgltbCLl/PfDxotg8Sf7Y+bVdI+624VGEYNtxfcc7LVFHzI1fegnreYiDmZXl7F
Fj2/PMLTNyAVXLsdKA8kz5kTi9KFyrS1LOhu0u55giKPjSP1oCb94J1G8nFgxq00
E6A935JmrPp/E3PEVX3+VHuZfTAsSHjLZJMGRx4nvkJVh1aN8cSSgNt0flgaAjD/
OuZntB8w37g0Urxi4TfxR4q3+WSNa1CLYfcUGHkxYEtY0fvCaVQSz7lja7WRpV7P
4EjfsqtrMObgVhlJXRE1QiSJeQCiuyTrOmBuU1blRff7PwmC6Or+WQilxzekW0iN
C/i7pQ0rCknaVG0DB2A3G/X38R/081oFfWr72CmYZ9SNSzdaEqnSi40QID52S4x0
Z69Ljxoicdzvm2Eg/wDH8kInyzfniU+M2pjIaJtD+Ih8qCDn6l9I8cHe9RW62RKL
8aGE4WS8858=
=l/Xa
-----END PGP SIGNATURE-----