Ubuntu
shim-signed package

Change logs for shim-signed source package in Kinetic

  1. Kinetic (22.10)
  2. Change log 
  • shim-signed (1.54) kinetic; urgency=medium

  [ dann frazier ]
  * Fix arm64 issues due to hardcoding "x64" as the EFI architecture.
    (LP: #2004208)
  * is-not-revoked: Support vmlinux.gz files as used on arm64.
    (LP: #2004201)

shim-signed (1.52) kinetic; urgency=medium

  * New upstream version 15.7 (LP: #1996503)
    - SBAT level: shim,3
    - SBAT policy bumped to for grub,2 in previous and grub,3 in latest:
      SBAT policy: latest="shim,2\ngrub,3\n" previous="grub,2\n"
  * SECURITY FIX: Buffer overflow when loading crafted EFI images.
      - CVE-2022-28737
  * debian/control: Depend on new grub versions (1.191 on lunar+, 1.187.2 elsewhere)
  * Break fwupd-signed signed with old keys
  * Check for revoked fb,mm binaries in build, grubs, fwupd in autopkgtest
  * Install both previous and latest shim as alternatives. On secure boot
    systems, if the current kernel or any newer one is revoked, the previous
    shim will continue to be used until current kernel and all newer ones
    are signed with a non-revoked key.

 -- Julian Andres Klode <email address hidden>  Tue, 31 Jan 2023 12:57:37 +0100
  • shim-signed (1.52) kinetic; urgency=medium

  * New upstream version 15.7 (LP: #1996503)
    - SBAT level: shim,3
    - SBAT policy bumped to for grub,2 in previous and grub,3 in latest:
      SBAT policy: latest="shim,2\ngrub,3\n" previous="grub,2\n"
  * SECURITY FIX: Buffer overflow when loading crafted EFI images.
      - CVE-2022-28737
  * debian/control: Depend on new grub versions (1.191 on lunar+, 1.187.2 elsewhere)
  * Break fwupd-signed signed with old keys
  * Check for revoked fb,mm binaries in build, grubs, fwupd in autopkgtest
  * Install both previous and latest shim as alternatives. On secure boot
    systems, if the current kernel or any newer one is revoked, the previous
    shim will continue to be used until current kernel and all newer ones
    are signed with a non-revoked key.

 -- Julian Andres Klode <email address hidden>  Thu, 26 Jan 2023 13:03:25 +0100
  • shim-signed (1.51) impish; urgency=medium

  * Update to shim 15.4-0ubuntu9
    - Fix booting installer media on some machines (LP: #1937115)
      + Always fallback to the default loader (PR #393)
      + Dump load options parsed (PR #393)
      + Disable load option parsing on removable media path (PR #399)
    - trivial: Fix a minor overflow in the mok importing code (PR #365)
    - Fix fall back loader to find the correct boot entry, avoiding potential
      corruption of firmware (PR #396).

 -- Julian Andres Klode <email address hidden>  Fri, 13 Aug 2021 18:00:15 +0200