On Tue, Aug 25, 2020 at 10:32:29AM -0400, DennisG wrote:

On 8/25/20 6:17 AM, gumb wrote:

...

There's been a recommended update for Leap 15.1 showing for the last few days when I run YaST Online Update: openSUSE-2020-1223

In the Patch Description, it reads:

...

This update for shim-leap fixes the following issues: - Update shim to 15+git47-lp152.4.3.1 from openSUSE Leap 15.2 References:

I don't pretend to have anything like the tech knowledge necessary to fully evaluate the technical implications or overall worth of most updates, but I do try to apply just a minimal due diligence and cast my eye over the descriptions before just accepting any update.

In this case, there's no references. A web search for openSUSE-2020-1223 brings up nothing. I've scoured pages of search results and don't see anything related. What's more, this updates the package 14-lp151 to 15+git47-lp151. It just seems a bit off to push through an update from a 'stable' version to a git version for a later distro, without further explanation.

Is there a page disliked by the search engines where further info on all these patches can be found?

gumb

On my 15.1 system, there is no such update/patch showing.  The last update to shim was Aug 13, from git.  Not sure, but isn't 2020-1223 a reference to TW?

This is the SHIM update, that helps fixing the BootHole security issue. We build the shim just once (usually on the latest distro), and release binaries otherwise. This is due to the "binary signing" by Microsoft. the actual shim build was not yet released, as I did not want to break secure boot scenarios, it will be in the next days. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org

On Tue, Aug 25, 2020 at 06:02:05PM +0300, Andrei Borzenkov wrote:

On Tue, Aug 25, 2020 at 5:43 PM Marcus Meissner wrote:

...

On Tue, Aug 25, 2020 at 10:32:29AM -0400, DennisG wrote:

...

On 8/25/20 6:17 AM, gumb wrote:

...

There's been a recommended update for Leap 15.1 showing for the last few days when I run YaST Online Update: openSUSE-2020-1223

In the Patch Description, it reads:

...

This update for shim-leap fixes the following issues: - Update shim to 15+git47-lp152.4.3.1 from openSUSE Leap 15.2 References:

I don't pretend to have anything like the tech knowledge necessary to fully evaluate the technical implications or overall worth of most updates, but I do try to apply just a minimal due diligence and cast my eye over the descriptions before just accepting any update.

In this case, there's no references. A web search for openSUSE-2020-1223 brings up nothing. I've scoured pages of search results and don't see anything related. What's more, this updates the package 14-lp151 to 15+git47-lp151. It just seems a bit off to push through an update from a 'stable' version to a git version for a later distro, without further explanation.

Is there a page disliked by the search engines where further info on all these patches can be found?

gumb

On my 15.1 system, there is no such update/patch showing. The last update to shim was Aug 13, from git. Not sure, but isn't 2020-1223 a reference to TW?

This is the SHIM update, that helps fixing the BootHole security issue.

We build the shim just once (usually on the latest distro), and release binaries otherwise. This is due to the "binary signing" by Microsoft.

the actual shim build was not yet released, as I did not want to break secure boot scenarios, it will be in the next days.

What do you mean "not released"? It is listed in updates metadata in Leap 15.1 Updates repository, so it is definitely available from standard channels.

to be more clear: shim-leap is released for 15.1 and 15.2 shim (the source bundle) is not yet released for 15.2. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org

On 8/26/20 4:46 AM, gumb wrote:

On 25/08/2020 17:14, Marcus Meissner wrote:

...

...

...

This is the SHIM update, that helps fixing the BootHole security issue.

We build the shim just once (usually on the latest distro), and release binaries otherwise. This is due to the "binary signing" by Microsoft.

the actual shim build was not yet released, as I did not want to break secure boot scenarios, it will be in the next days.

Ok thanks for the explanation. I'd still be interested to know if there's any central source of info on all patches released.

There is a mailing list that has an archive, which contains all released updates https://lists.opensuse.org/opensuse-updates/2020-08/ normally the references section will list bugzilla and CVE numbers where you can find more info. -- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adelaide Australia, UTC+10:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B

On 8/26/20 2:38 PM, Andrei Borzenkov wrote:

26.08.2020 04:27, Simon Lees пишет:

...

On 8/26/20 4:46 AM, gumb wrote:

...

On 25/08/2020 17:14, Marcus Meissner wrote:

...

...

...

This is the SHIM update, that helps fixing the BootHole security issue.

We build the shim just once (usually on the latest distro), and release binaries otherwise. This is due to the "binary signing" by Microsoft.

the actual shim build was not yet released, as I did not want to break secure boot scenarios, it will be in the next days.

Ok thanks for the explanation. I'd still be interested to know if there's any central source of info on all patches released.

There is a mailing list that has an archive, which contains all released updates https://lists.opensuse.org/opensuse-updates/2020-08/ normally the references section will list bugzilla and CVE numbers where you can find more info.

An update that has 0 recommended fixes can now be installed.

Amusing :) It does not really encourage to install this update.

Yeah the process is somewhat automated and in this case there was no bugs listed. Sometimes these get manually updated by hand after but i'm not 100% sure what the process is here. -- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adelaide Australia, UTC+10:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B

On 8/26/20 11:47 AM, Carlos E. R. wrote:

On 25/08/2020 21.16, gumb wrote:

...

On 25/08/2020 17:14, Marcus Meissner wrote:

...

...

...

This is the SHIM update, that helps fixing the BootHole security issue.

We build the shim just once (usually on the latest distro), and release binaries otherwise. This is due to the "binary signing" by Microsoft.

the actual shim build was not yet released, as I did not want to break secure boot scenarios, it will be in the next days.

Ok thanks for the explanation. I'd still be interested to know if there's any central source of info on all patches released.

Normally they get announced on the security announces mail list, but I have not seen anything with "2020-1223" on it yet.

Are only security updates announced on that one? "2020-1223" wasn't marked as a security update only a recommended update. -- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adelaide Australia, UTC+10:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B

On Wed, Aug 26, 2020 at 12:50 PM Carlos E. R. wrote:

What I do not know is if there are emails with only "non security issues", I don't see any.

Are you subscribed to opensuse-updates list? -- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org

On Tue, Aug 25, 2020 at 06:02:05PM +0300, Andrei Borzenkov wrote:

On Tue, Aug 25, 2020 at 5:43 PM Marcus Meissner wrote:

...

On Tue, Aug 25, 2020 at 10:32:29AM -0400, DennisG wrote:

...

On 8/25/20 6:17 AM, gumb wrote:

...

There's been a recommended update for Leap 15.1 showing for the last few days when I run YaST Online Update: openSUSE-2020-1223

In the Patch Description, it reads:

...

This update for shim-leap fixes the following issues: - Update shim to 15+git47-lp152.4.3.1 from openSUSE Leap 15.2 References:

I don't pretend to have anything like the tech knowledge necessary to fully evaluate the technical implications or overall worth of most updates, but I do try to apply just a minimal due diligence and cast my eye over the descriptions before just accepting any update.

In this case, there's no references. A web search for openSUSE-2020-1223 brings up nothing. I've scoured pages of search results and don't see anything related. What's more, this updates the package 14-lp151 to 15+git47-lp151. It just seems a bit off to push through an update from a 'stable' version to a git version for a later distro, without further explanation.

Is there a page disliked by the search engines where further info on all these patches can be found?

gumb

On my 15.1 system, there is no such update/patch showing. The last update to shim was Aug 13, from git. Not sure, but isn't 2020-1223 a reference to TW?

This is the SHIM update, that helps fixing the BootHole security issue.

We build the shim just once (usually on the latest distro), and release binaries otherwise. This is due to the "binary signing" by Microsoft.

the actual shim build was not yet released, as I did not want to break secure boot scenarios, it will be in the next days.

What do you mean "not released"? It is listed in updates metadata in Leap 15.1 Updates repository, so it is definitely available from standard channels.

Errm yes. The source rpm name is shim-leap, the binary rpm is "shim". So all is good I think. Ciao, marcus -- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org