Hello community, here is the log from the commit of package shim for openSUSE:Factory checked in at 2017-09-18 19:52:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/shim (Old) and /work/SRC/openSUSE:Factory/.shim.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "shim" Mon Sep 18 19:52:41 2017 rev:63 rq:523850 version:12 Changes: -------- --- /work/SRC/openSUSE:Factory/shim/shim.changes 2017-09-04 12:18:26.598335869 +0200 +++ /work/SRC/openSUSE:Factory/.shim.new/shim.changes 2017-09-18 19:52:44.285691772 +0200 @@ -1,0 +2,8 @@ +Wed Sep 13 04:13:21 UTC 2017 - g...@suse.com + +- Add shim-back-to-openssl-1.0.2e.patch to avoid rejecting some + legit certificates (bsc#1054712) +- Add the stderr mask back while compiling MokManager.efi since the + warnings in Cryptlib is back after reverting the openssl commits. + +------------------------------------------------------------------- New: ---- shim-back-to-openssl-1.0.2e.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ shim.spec ++++++ --- /var/tmp/diff_new_pack.rhdnaI/_old 2017-09-18 19:52:45.173566893 +0200 +++ /var/tmp/diff_new_pack.rhdnaI/_new 2017-09-18 19:52:45.177566331 +0200 @@ -45,7 +45,7 @@ Source99: SIGNATURE_UPDATE.txt # PATCH-FIX-SUSE shim-only-os-name.patch g...@suse.com -- Only include the OS name in version.c Patch1: shim-only-os-name.patch -# PATCH-FIX-SUSE shim-only-os-name.patch g...@suse.com -- Use the Arch-independent names +# PATCH-FIX-SUSE shim-arch-independent-names.patch g...@suse.com -- Use the Arch-independent names Patch2: shim-arch-independent-names.patch # PATCH-FIX-UPSTREAM shim-fix-httpboot-crash.patch g...@suse.com -- Fix HTTPBoot crash Patch3: shim-fix-httpboot-crash.patch @@ -59,6 +59,8 @@ Patch7: shim-fallback-workaround-masked-ami-variables.patch # PATCH-FIX-UPSTREAM shim-more-tpm-measurement.patch g...@suse.com -- Measure more components for TPM Patch8: shim-more-tpm-measurement.patch +# PATCH-FIX-UPSTREAM shim-back-to-openssl-1.0.2e.patch bsc#1054712 g...@suse.com -- Revert openssl back to 1.0.2e due to the rejection of some legit certificates +Patch9: shim-back-to-openssl-1.0.2e.patch # PATCH-FIX-OPENSUSE shim-change-debug-file-path.patch g...@suse.com -- Change the default debug file path Patch50: shim-change-debug-file-path.patch # PATCH-FIX-OPENSUSE shim-opensuse-cert-prompt.patch g...@suse.com -- Show the prompt to ask whether the user trusts openSUSE certificate or not @@ -114,6 +116,7 @@ %patch6 -p1 %patch7 -p1 %patch8 -p1 +%patch9 -p1 %patch50 -p1 %if 0%{?is_opensuse} == 1 %patch100 -p1 @@ -121,7 +124,7 @@ %build # first, build MokManager and fallback as they don't depend on a # specific certificate -make EFI_PATH=/usr/lib64 RELEASE=0 MokManager.efi fallback.efi +make EFI_PATH=/usr/lib64 RELEASE=0 MokManager.efi fallback.efi 2> /dev/null # now build variants of shim that embed different certificates default='' ++++++ shim-back-to-openssl-1.0.2e.patch ++++++ ++++ 178031 lines (skipped)