Processed: Re: Bug#1032849: unblock: shim/15.7-1 (etc.)

2023-03-12 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 pending
Bug #1032849 [release.debian.org] unblock: shim/15.7-1 (etc.)
Added tag(s) pending.

-- 
1032849: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032849
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1032849: unblock: shim/15.7-1 (etc.)

2023-03-12 Thread Paul Gevers 

Control: tags -1 pending

Hi Steve,

On 12-03-2023 19:56, Steve McIntyre wrote:

Please unblock our stack of shim and shim-signed packages.


As mentioned on IRC, I like to age it one or two days more, but the 
hints are already in my hints file (commented out), so I'll do that 
tomorrow or on Tuesday.


Paul


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1032849: unblock: shim/15.7-1 (etc.)

2023-03-12 Thread Steve McIntyre 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: debian-...@lists.debian.org

Hi!

Please unblock our stack of shim and shim-signed packages. We finally
have new signed shim binaries and there's a lot of major bugfixes
included which cascade down:

shim (15.7-1) unstable; urgency=medium

  * New upstream release fixing more bugs
  * Add further patches from upstream:
+ Make sbat_var.S parse right with buggy gcc/binutils
+ Enable NX support at build time, as required by policy for signing
  new shim binaries.
  * Switch to using gcc-12. Closes: #1022180
  * Update to Standards-Version 4.6.2 (no changes needed)
  * Block Debian grub binaries with sbat < 4 (see #1024617)

shim-signed (1.39) unstable; urgency=medium

  * Build against new signed binaries corresponding to 15.7-1
+ This syncs up build-deps again. Closes: #1016280
+ We now have arm64 signed shims again \o/
  Undo the hacky unsigned arm64 build
  Closes: #1008942, #992073, #991478
Pulls multiple other bugfixes in for the signed version:
+ Make sbat_var.S parse right with buggy gcc/binutils
+ Enable NX support at build time, as required by policy for signing
  new shim binaries.
+ Fixes argument handling bug with some firmware implementations.
  Closes: #995940
  * Update build-dep on shim-unsigned to use 15.7-1
  * Block Debian grub binaries with sbat < 4 (see #1024617)
+ Update Depends on grub2-common to match.
  * postinst/postrm: make config_item() more robust
  * Add pt_BR translation, thanks to Paulo Henrique de Lima
Santana. Closes: #1026415
  * Tweak dependencies

unblock shim/15.7-1
unblock shim-signed/1.39
unblock shim-helpers-amd64-signed/1+15.7+1
unblock shim-helpers-arm64-signed/1+15.7+1
unblock shim-helpers-i386-signed/1+15.7+1