-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 08 May 2019 02:05:01 +0100 Source: shim Architecture: source Version: 15+1533136590.3beb971-7 Distribution: unstable Urgency: medium Maintainer: Debian EFI team <debian-...@lists.debian.org> Changed-By: Steve McIntyre <93...@debian.org> Changes: shim (15+1533136590.3beb971-7) unstable; urgency=medium . [ Ansgar Burchardt ] * debian/control: Update Vcs-* fields . [ Steve McIntyre ] * Backport needed crash fixes: + VLogError(): Avoid NULL pointer dereferences in (V)Sprint calls + Fix OBJ_create() to tolerate a NULL sn and ln * Build using gcc-7 to get better control of reproducibility during the lifetime of Buster. * Build in a dbx list to blacklist binaries that we know to not be secure. Build-depend on a new (bug-fixed) version of pesign to generate that list at build time, using a list of known bad hashes. * Initial list of known bad hashes is just my personal test binary. Checksums-Sha1: 54f03ddbcbe9f58fcc72fbc998756cd824de8e43 2390 shim_15+1533136590.3beb971-7.dsc 86de58eb15ce7a2774db841a09dead799b841de6 14792 shim_15+1533136590.3beb971-7.debian.tar.xz 2d8385d73774be231825156080d10f833d471431 5790 shim_15+1533136590.3beb971-7_source.buildinfo Checksums-Sha256: 886ef66e8a146cbce342bc7dd737176e314427759b9f8c7f5d274393dd2e2414 2390 shim_15+1533136590.3beb971-7.dsc b91021fccbc76b81f95e3ef7363f207a6cc4919fe06b8e49a56fdf130fb1ddca 14792 shim_15+1533136590.3beb971-7.debian.tar.xz 4e4cd1f2807037b607567a89529080f91604a188a77fb0fbd6bf3afb058895f2 5790 shim_15+1533136590.3beb971-7_source.buildinfo Files: 10c4f6cfcf8c99cebf382080afd179dc 2390 admin optional shim_15+1533136590.3beb971-7.dsc e529c45895ba9736bfb681e6085936b2 14792 admin optional shim_15+1533136590.3beb971-7.debian.tar.xz c78e9f1cd8b5503eb32b2082778784c3 5790 admin optional shim_15+1533136590.3beb971-7_source.buildinfo
-----BEGIN PGP SIGNATURE----- iQJFBAEBCAAvFiEEzrtSMB1hfpEDkP4WWHl5VzRCaE4FAlzSLHARHDkzc2FtQGRl Ymlhbi5vcmcACgkQWHl5VzRCaE5yGQ//Sa81Ub4HpxAcM3h2LgnU96RMUaWo2tsX cMawrN1/tRsxsKeRPu137NSrFATDw0SO9Lb5HWdhoNjJkZolTKMUSmbFSg3TgrUQ Yj722o2XgCBWSK3CVwfTvmFEc5IsKs6yZsGXVpFzj7q6Iqhii2l3VtkNinFP7NiA qgyzMFAJclvSrCye/GBq/bfKZMd7Lton4QFGyXFhU9FjiNoZzp/CLmZZ/HwknWYW /M9w5uDTpTUV1SvjQ9ZqqHRqPavcLHffUnFCLboRhhBnRL1z7NAJrUDMiCNH+VTk +y7PioC/RYH2oBeHghRVrYZbnnxjWcY2lNP7ALjSqQqKcxEEyDrG28PFaFB05RPI mjuRpSYJsNw++zk3ey4m9nTdpIsM51NgwjcnCUiI5g6JlxRR9gbyPokSeGuTh0Pa Q5xfi39InMewiDJMR9Tao6r0U00/OXD4uwLAychB0BwLsj6cI+U8ka0gxfIW9TbA OSADQgpdwwIvNML4DZEQXX/UbBXFt+uvg2cNxYLDOHRy9v4u+EAxxtoapscTxsHn CH5qGVZe+BRNxqoyAFOZ/C2SW1gi/kajQsZ+XVFLyw4luCoiXsOUt0fxWG1NQ+A7 CfnS1SwmTHjZnGIKUisyr6z1xD5fWrjIkkEFgRjxvofZJ1BLg5JImqvXXWQZk84/ aN0ifCsK1ek= =Ww89 -----END PGP SIGNATURE-----