ELBA-2020-5789
- ULN >
- Oracle Linux Errata repository >
- ELBA-2020-5789
ELBA-2020-5789 - shim-signed bug fix update
| Type: | BUG |
| Severity: | NA |
| Release Date: | 2020-07-29 |
Description
[15-2.0.6]
- removed shim{efiarchlc}-redhat.efi [Orabug: 31663209]
- updated with shimia32.efi and shimx64.efi signed by Microsoft [Orabug: 31663209]
- added oracle(grub2-sig-key) and oracle(kernel-sig-key) to package Requires [Orabug: 31663209]
- added shim-{efiarchlc} to yum protected [Orabug: 31663209]
[15-2.0.4]
- updated with shimaa64.efi
- updated unsigned_release
[15-2.0.2]
- Update shimaa64.efi to include fix for 'Section 0 has negative size' error [Orabug 27972230]
[15-2.0.1]
- updated BOOT*.CSV files to contain Oracle Linux
[Orabug: 28073193]
- Pack files in efidir with disabled rpm verification
[bug 27166040]
- updated with shimia32.efi and shimx64.efi signed by Microsoft
- Use redhat as efidir to maintain compatibility with RedHat
[15-2]
- Fix MoK mirroring issue which breaks kdump without intervention
Related: rhbz#1649270
[15-1]
- Update to shim version 15
Resolves: rhbz#1589962
[12-3]
- Fix broken file owner/modes
Resolves: rhbz#1595677
[12-2]
- Fix /boot/efi/... permissions to match the filesystem's requirements
Related: rhbz#1512749
- Minor .spec cleanups
Related: rhbz#1512749
[12-1]
- Update to 12-1 to work around a signtool.exe bug
Resolves: rhbz#1445393
[11-4]
- Another shot at better obsoletes.
Related: rhbz#1310764
[11-3]
- Fix Obsoletes
Related: rhbz#1310764
[11-2]
- Make sure Aarch64 still has shim.efi as well
Related: rhbz#1310766
[11-1]
- Rebuild with signed shim
Related: rhbz#1310766
[11-0.1]
- Update to 11-0.1 to match shim-11-1
Related: rhbz#1310766
- Fix regression in PE loader
Related: rhbz#1310766
- Fix case where BDS invokes us wrong and we exec shim again as a result
Related: rhbz#1310766
[10-0.1]
- Support ia32
Resolves: rhbz#1310766
- Handle various different load option implementation differences
- TPM 1 and TPM 2 support.
- Update to OpenSSL 1.0.2k
[0.9-2]
- Apparently I'm *never* going to learn to build this in the right target
the first time through.
Related: rhbz#1100048
[0.9-0.1]
- Bump version for 0.9
Also use mokutil-0.3.0
Related: rhbz#1100048
[0.7-14.1]
- Fix mokutil_version usage.
Related: rhbz#1100048
[0.7-14]
- Pull in aarch64 build so they can compose that tree.
(-14 to match -unsigned)
Related: rhbz#1100048
[0.7-12]
- Fix some minor build bugs on Aarch64
Related: rhbz#1190191
[0.7-11]
- Fix section loading on Aarch64
Related: rhbz#1190191
[0.7-10]
- Rebuild for Aarch64 to get \EFI\BOOT\BOOTAA64.EFI named right.
(I managed to fix the inputs but not the outputs in -9.)
Related: rhbz#1100048
[0.7-9]
- Rebuild for Aarch64 to get \EFI\BOOT\BOOTAA64.EFI named right.
Related: rhbz#1100048
[0.7-8]
- Build for aarch64 as well
Related: rhbz#1100048
- out-of-bounds memory read flaw in DHCPv6 packet processing
Resolves: CVE-2014-3675
- heap-based buffer overflow flaw in IPv6 address parsing
Resolves: CVE-2014-3676
- memory corruption flaw when processing Machine Owner Keys (MOKs)
Resolves: CVE-2014-3677
[0.7-7]
- Make sure we use the right keys on Aarch64.
(It's only a demo at this stage.)
Related: rhbz#1100048
[0.7-6]
- Add ARM Aarch64.
Related: rhbz#1100048
[0.7-5.2]
- Get the right signatures on shim-redhat.efi
Related: rhbz#1064449
[0.7-5.1]
- Update for signed shim for RHEL 7
Resolves: rhbz#1064449
[0.7-5]
- Fix shim-unsigned deps.
Related: rhbz#1032583
[0.7-4]
- Make dhcp4 work better.
Related: rhbz#1032583
[0.7-3]
- Make lockdown include UEFI and other KEK/DB entries.
Related: rhbz#1030492
[0.7-2]
- Handle SetupMode better in lockdown as well
Related: rhbz#996863
[0.7-1]
- Don't treat SetupMode variable's presence as meaning we're in SetupMode.
Related: rhbz#996863
[0.6-3]
- Use the correct CA and signer certificates.
Related: rhbz#996863
[0.6-1]
- Update to 0.6-1
Resolves: rhbz#1008379
[0.4-3.2]
- Depend on newer pesign.
Related: rhbz#989442
[0.4-3.1]
- Rebuild with newer pesign
Related: rhbz#989442
[0.4-3]
- Update for RHEL signing with early test keys.
Related: rhbz#989442
[0.4-1]
- Provide a fallback for uninitialized Boot#### and BootOrder
Resolves: rhbz#963359
- Move all signing from shim-unsigned to here
- properly compare our generated hash from shim-unsigned with the hash of
the signed binary (as opposed to doing it manually)
[0.2-4.4]
- Re-sign to get alignments that match the new specification.
Resolves: rhbz#963361
[0.2-4.3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
[0.2-3.3]
- Add obsoletes and provides for earlier shim-signed packages, to cover
the package update cases where previous versions were installed.
Related: rhbz#888026
[0.2-3.2]
- Make the shim-unsigned dep be on the subpackage.
[0.2-3.1]
- Rebuild to provide 'shim' package directly instead of just as a Provides:
[0.2-3]
- Also provide shim-fedora.efi, signed only by the fedora signer.
- Fix the fedora signature on the result to actually be correct.
- Update for shim-unsigned 0.2-3
[0.2-2]
- Initial build
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
