Группа :: Система/Ядро и оборудование
Пакет: shim
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
14 марта 2023 Egor Ignatov <egori at altlinux.org> 15.7-alt3
- grub 2.06-alt9 is missing fix for CVE-2022-28733, block SBAT grub.altlinux < 2
+ add shim-15.7-alt-Add-grub.altlinux-2-to-SBAT-revocations patch
- add shim-15.7-upstream-Enable-the-NX-compatibility-flag-by-default patch
- remove obsolete Make.defaults-skip-Werror-restrict-and-Werror-string patch
- new version
- new version
- remove all previously added upstream patches contained in this version
- spec: update check section
- spec: build with DISABLE_REMOVABLE_LOAD_OPTIONS
- rearrange patch set to include recent upstream commits
- fix critical issues discovered recently
+ add upstream-fix-mokutil--disable-validation-does-not-work patch
+ add upstream-mok-config-table-as-bootservicesdata patch
+ add upstream-don-t-call-queryvariableinfo-on-efi-1.10 patch
+ add upstream-fix-build-with-old-binutils-on-aarch64 patch
- new version
+ introduce SBAT
+ use bundled gnu-efi version from rhboot/gnu-efi
(git submodule, refer to c61bfdc8 for details) - add script for submodules update (thanks to darktemplar@)
- remove fix-gcc9-address-of-packed-members patch
- remove upstream-fix-a-typo patch
- add upstream-fix-a-broken-file-header-on-ia32 patch
- spec: add dos2unix to BR:, remove gnu-efi
+ add ALT specific SBAT data
+ add check section - replace altlinux-ca.cer
- fix FTBFS against gnu-efi 3.0.10+ due to fixed typo
+ add upstream-fix-a-typo patch
- fix FTBFS with gcc9
+ add fix-gcc9-address-of-packed-members patch
- rebuild against gnu-efi 3.0.9
- remove ubt
- new version
+ unbundle mokutil package
+ remove patches (upstream application)
- FTBFS workaround: use gcc4.7
- rebuilt for Sisyphus
- replaced fedora-ca.cer with altlinux-ca.cer
- actually built for ALT Linux
+ based on fedora's 0.3-2 spec by pjones@
- Require gnu-efi-3.0q for now.
- Don't allow mmx or sse during compilation.
- Re-organize this so all real signing happens in shim-signed instead.
- Split out mokutil
- Fix mokutil's idea of signature sizes.
- Fix secure_mode() always returning true
- Update shim
- Include mokutil
- Add debuginfo package since mokutil is a userspace executable
- Produce an unsigned shim
- Update how embedded cert and signing work.
- initial release
- Add patch to fix image size calculation