openSUSE Recommended Update: Recommended update for shim ______________________________________________________________________________ Announcement ID: openSUSE-RU-2021:2464-1 Rating: moderate References: #1185232 #1185261 #1185441 #1185464 #1185961 #1187071 #1187260 #1187696 Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for shim fixes the following issues: - shim-install: Always assume "removable" for Azure to avoid the endless reset loop (bsc#1185464) - Avoid deleting the mirrored RT variables (bsc#1187696) - Split the keys in vendor-dbx.bin to vendor-dbx-sles and vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce the size of MokListXRT (bsc#1185261) + Also update generate-vendor-dbx.sh in dbx-cert.tar.xz - Handle ignore_db and user_insecure_mode correctly (bsc#1185441, bsc#1187071) - Relax the maximum variable size check for u-boot (bsc#1185621) - Relax the check for import_mok_state() when Secure Boot is off. (bsc#1185261) - Ignore the odd LoadOptions length (bsc#1185232) - shim-install: reset def_shim_efi to "shim.efi" if the given file doesn't exist - Fided the size of rela sections for AArch64 - Disable exporting vendor-dbx to MokListXRT since writing a large RT variable could crash some machines (bsc#1185261) - Avoid potential crash when calling QueryVariableInfo in EFI 1.10 machines (bsc#1187260) - Avoid buffer overflow when copying data to the MOK config table (bsc#1185232) Patch Instructions: To install this openSUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-2464=1 Package List: - openSUSE Leap 15.3 (aarch64 x86_64): shim-15.4-4.7.1 shim-debuginfo-15.4-4.7.1 shim-debugsource-15.4-4.7.1 References: https://bugzilla.suse.com/1185232 https://bugzilla.suse.com/1185261 https://bugzilla.suse.com/1185441 https://bugzilla.suse.com/1185464 https://bugzilla.suse.com/1185961 https://bugzilla.suse.com/1187071 https://bugzilla.suse.com/1187260 https://bugzilla.suse.com/1187696