Change logs for shim source package in Lunar

  • shim (15.7-0ubuntu1) kinetic; urgency=medium
    
      * New upstream version 15.7 (LP: #1996503), highlights:
        - Enable TDX measurements (LP: #1995852)
        - Flush the memory region from i-cache before execution (LP: #1987541)
        - Introspectable SBAT payload for TPM resealing efforts
        - Don't measure MokListTrusted to PCR7
        - SBAT level: shim,3
        - SBAT policy bumped to for grub,2 in previous and grub,3 in latest:
          SBAT policy: latest="shim,2\ngrub,3\n" previous="grub,2\n"
          Note that shim requirement was not bumped as shim,2 shims are not
          commonly available yet.
      * SECURITY FIX: Buffer overflow when loading crafted EFI images.
        - CVE-2022-28737
      * Rebase patches, only ubuntu-no-addend-vendor-dbx.patch remains
      * Import 20221103 Canonical vendor dbx.
        This vendor dbx revokes all certificates that have been used
        so far.
        - CN = Canonical Ltd. Secure Boot Signing
        - CN = Canonical Ltd. Secure Boot Signing (2017)
        - CN = Canonical Ltd. Secure Boot Signing (ESM 2018)
        - CN = Canonical Ltd. Secure Boot Signing (2019)
        - CN = Canonical Ltd. Secure Boot Signing (Ubuntu Core 2019)
        - CN = Canonical Ltd. Secure Boot Signing (2021 v1)
        - CN = Canonical Ltd. Secure Boot Signing (2021 v2)
        - CN = Canonical Ltd. Secure Boot Signing (2021 v3)
      * Build-Depend on libefivar-dev
      * debian/rules: Update COMMIT_ID
    
     -- Julian Andres Klode <email address hidden>  Fri, 18 Nov 2022 16:00:39 +0100
  • shim (15.4-0ubuntu9) hirsute; urgency=medium
    
      * Fix booting installer media on some machines (LP: #1937115)
        - Always fallback to the default loader (PR #393)
        - Dump load options parsed (PR #393)
        - Disable load option parsing on removable media path (PR #399)
      * trivial: Fix a minor overflow in the mok importing code (PR #365)
      * Fix fall back loader to find the correct boot entry, avoiding potential
        corruption of firmware (PR #396).
    
     -- Julian Andres Klode <email address hidden>  Fri, 06 Aug 2021 13:16:33 +0200