Comment # 7 on bug 1185441 from 
Here are the shim changes:
osc rdiff openSUSE:Leap:15.2:Update/shim.13675 \
          openSUSE:Leap:15.2:Update/shim.16135

-------------------------------------------------------------------
Wed Apr 21 05:46:19 UTC 2021 - Johannes Segitz <jsegitz@suse.com>

- Updated openSUSE x86 signature

-------------------------------------------------------------------
Thu Apr  8 08:44:27 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>

- Add shim-bsc1184454-allocate-mok-config-table-BS.patch to avoid
  the error message during linux system boot (bsc#1184454)

-------------------------------------------------------------------
Wed Apr  7 12:25:02 UTC 2021 - Johannes Segitz <jsegitz@suse.com>

- Add remove_build_id.patch to prevent the build id being added to 
  the binary. That can cause issues with the signature

-------------------------------------------------------------------
Wed Mar 31 08:45:52 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>

- Update to 15.4 (bsc#1182057)
  + Rename the SBAT variable and fix the self-check of SBAT
  + sbat: add more dprint()
  + arm/aa64: Swizzle some sections to make old sbsign happier
  + arm/aa64 targets: put .rel* and .dyn* in .rodata
- Drop upstreamed patch:
  shim-bsc1182057-sbat-variable-enhancement.patch

-------------------------------------------------------------------
Mon Mar 29 07:18:20 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>

- Add shim-bsc1182057-sbat-variable-enhancement.patch to change
  the SBAT variable name and enhance the handling of SBAT
  (bsc#1182057)

-------------------------------------------------------------------
Wed Mar 24 01:29:17 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>

- Update to 15.3 for SBAT support (bsc#1182057)
  + Drop gnu-efi from BuildRequires since upstream pull it into the
  + Include the fixes for bsc#1175509, bsc#1173411, bsc#1177404,
    bsc#1175509, bsc#1174512
- Generate vender-specific SBAT metadata
  + Add dos2unix to BuildRequires since Makefile requires it for
    vendor SBAT
- Update dbx-cert.tar.xz and vendor-dbx.bin to block the following
  sign keys:
  + SLES-UEFI-SIGN-Certificate-2020-07.crt
  + openSUSE-UEFI-SIGN-Certificate-2020-07.crt
- Refresh patches
  + shim-arch-independent-names.patch
  + shim-change-debug-file-path.patch
- Add shim-bsc1177315-verify-eku-codesign.patch to check CodeSign
  in the signer's EKU (bsc#1177315)
- Add shim-bsc1177789-fix-null-pointer-deref-AuthenticodeVerify.patch
  to fix NULL pointer dereference in AuthenticodeVerify()
  (bsc#1177789, CVE-2019-14584)
- Drop upstreamed fixes
  + shim-always-mirror-mok-variables.patch
  + gcc9-fix-warnings.patch
  + shim-fix-gnu-efi-3.0.11.patch
  + shim-bsc1092000-fallback-menu.patch
  + shim-bsc1173411-only-check-efi-var-on-sb.patch
  + shim-correct-license-in-headers.patch
- Drop shim-opensuse-cert-prompt.patch
  + All newly released openSUSE kernels enable kernel lockdown
    and signature verification, so there is no need to add the
    prompt anymore.
- Amend timestamp.pl to include the linker version to avoid the
  potential breakage of signature due to the upgrade of binutils
  + Also update the signature files to add the linker version
- shim-install: Support changing default shim efi binary in
  /usr/etc/default/shim and /etc/default/shim (bsc#1177315)

You are receiving this mail because: