Hello community,
here is the log from the commit of package shim for openSUSE:Factory checked in
at 2017-09-18 19:52:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/shim (Old)
and /work/SRC/openSUSE:Factory/.shim.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "shim"
Mon Sep 18 19:52:41 2017 rev:63 rq:523850 version:12
Changes:
--------
--- /work/SRC/openSUSE:Factory/shim/shim.changes 2017-09-04
12:18:26.598335869 +0200
+++ /work/SRC/openSUSE:Factory/.shim.new/shim.changes 2017-09-18
19:52:44.285691772 +0200
@@ -1,0 +2,8 @@
+Wed Sep 13 04:13:21 UTC 2017 - g...@suse.com
+
+- Add shim-back-to-openssl-1.0.2e.patch to avoid rejecting some
+ legit certificates (bsc#1054712)
+- Add the stderr mask back while compiling MokManager.efi since the
+ warnings in Cryptlib is back after reverting the openssl commits.
+
+-------------------------------------------------------------------
New:
----
shim-back-to-openssl-1.0.2e.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ shim.spec ++++++
--- /var/tmp/diff_new_pack.rhdnaI/_old 2017-09-18 19:52:45.173566893 +0200
+++ /var/tmp/diff_new_pack.rhdnaI/_new 2017-09-18 19:52:45.177566331 +0200
@@ -45,7 +45,7 @@
Source99: SIGNATURE_UPDATE.txt
# PATCH-FIX-SUSE shim-only-os-name.patch g...@suse.com -- Only include the OS
name in version.c
Patch1: shim-only-os-name.patch
-# PATCH-FIX-SUSE shim-only-os-name.patch g...@suse.com -- Use the
Arch-independent names
+# PATCH-FIX-SUSE shim-arch-independent-names.patch g...@suse.com -- Use the
Arch-independent names
Patch2: shim-arch-independent-names.patch
# PATCH-FIX-UPSTREAM shim-fix-httpboot-crash.patch g...@suse.com -- Fix
HTTPBoot crash
Patch3: shim-fix-httpboot-crash.patch
@@ -59,6 +59,8 @@
Patch7: shim-fallback-workaround-masked-ami-variables.patch
# PATCH-FIX-UPSTREAM shim-more-tpm-measurement.patch g...@suse.com -- Measure
more components for TPM
Patch8: shim-more-tpm-measurement.patch
+# PATCH-FIX-UPSTREAM shim-back-to-openssl-1.0.2e.patch bsc#1054712
g...@suse.com -- Revert openssl back to 1.0.2e due to the rejection of some
legit certificates
+Patch9: shim-back-to-openssl-1.0.2e.patch
# PATCH-FIX-OPENSUSE shim-change-debug-file-path.patch g...@suse.com -- Change
the default debug file path
Patch50: shim-change-debug-file-path.patch
# PATCH-FIX-OPENSUSE shim-opensuse-cert-prompt.patch g...@suse.com -- Show the
prompt to ask whether the user trusts openSUSE certificate or not
@@ -114,6 +116,7 @@
%patch6 -p1
%patch7 -p1
%patch8 -p1
+%patch9 -p1
%patch50 -p1
%if 0%{?is_opensuse} == 1
%patch100 -p1
@@ -121,7 +124,7 @@
%build
# first, build MokManager and fallback as they don't depend on a
# specific certificate
-make EFI_PATH=/usr/lib64 RELEASE=0 MokManager.efi fallback.efi
+make EFI_PATH=/usr/lib64 RELEASE=0 MokManager.efi fallback.efi 2> /dev/null
# now build variants of shim that embed different certificates
default=''
++++++ shim-back-to-openssl-1.0.2e.patch ++++++
++++ 178031 lines (skipped)
