shim - Debian Package Tracker

general

source: shim (main)
version: 15.8-1
maintainer: Debian EFI team (archive) (DMD)
uploaders: Steve Langasek [DMD] – Steve McIntyre [DMD]
arch: amd64 arm64
std-ver: 4.6.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 15.8-1~deb11u1
o-o-p-u: 15.8-1~deb11u1
oldstable: 15.8-1~deb12u1
stable: 15.8-1
testing: 15.8-1
unstable: 15.8-1

versioned links

15.8-1~deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
15.8-1~deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
15.8-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

shim-helpers-amd64-signed-template
shim-helpers-arm64-signed-template
shim-unsigned (2 bugs: 0, 2, 0, 0)

action needed

A new upstream version is available: 16.1.rc1 high

A new upstream version 16.1.rc1 is available, you should consider packaging it.

Created: 2026-01-02 Last update: 2026-02-25 08:30

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2025-02-20 Last update: 2026-02-25 09:02

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 16.1-1, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit d3a076db1f27871c0139777a655b54c52b449add
Author: Steve McIntyre <steve@einval.com>
Date:   Sat Feb 21 15:51:49 2026 +0000

    Add a Closes: for the FTBFS bug #1125741

commit 97bf676d43ac1c34e4d0e8fe35934c17cae2b855
Author: Steve McIntyre <steve@einval.com>
Date:   Mon Feb 16 22:35:50 2026 +0000

    Enable NX for the sid/forky build
    
    We should have a complete NX boot chain now...

commit 7c4bb4e34d694bb0ea91cff1fa525558877d56cc
Author: Steve McIntyre <steve@einval.com>
Date:   Mon Feb 16 22:22:47 2026 +0000

    Bump chosen SBAT revocation level to 2024040900
    
    which means:
    
    shim,4
    grub,4
    grub.peimage,2

commit a8a81e187bf4419db753f1006207dcee72c98bd0
Author: Steve McIntyre <93sam@debian.org>
Date:   Sun Feb 15 17:32:09 2026 +0000

    Update debian/salsa-ci.yml file
    
    Disable blhc - shim is special...

commit 9cae8959e18d34e12cfd3b97cb0a0eec4295e599
Author: Steve McIntyre <steve@einval.com>
Date:   Sun Feb 15 15:38:50 2026 +0000

    Add lintian overrides:
    
    Ignore included binaries for unit tests

commit 245a781870a4c5e32547aed6b9023b4540645b29
Author: Steve McIntyre <steve@einval.com>
Date:   Sun Feb 15 15:22:11 2026 +0000

    Add new patch from upstream:
    
    + 0001-Fix-build-with-binutils-2.46.patch

commit 924fd5efbf1ef9908f1a0472553954df5cd0dde0
Author: Steve McIntyre <steve@einval.com>
Date:   Sun Feb 15 15:19:22 2026 +0000

    Drop old patches, no longer needed

commit 0d172d48e2635cea4d1d6518922eaa87759ebaf2
Author: Steve McIntyre <steve@einval.com>
Date:   Sun Feb 15 15:14:40 2026 +0000

    Switch to gcc-14
    
    We need a more static version of gcc for reproducibility reasons -
    let's avoid the latest upstream version in the Debian archive which is
    likely to change more quickly.

commit c97e196ef506b411f9e1fd55f91ae5fdf43ac021
Author: Steve McIntyre <steve@einval.com>
Date:   Sun Feb 15 15:09:18 2026 +0000

    Update to the 16.1 release

commit 326df180a4a40284d9b144edec6cfe34fe1aba07
Merge: 13717fd 55628fe
Author: Steve McIntyre <steve@einval.com>
Date:   Sun Feb 15 14:58:12 2026 +0000

    Update upstream source from tag 'upstream/16.1'
    
    Update to upstream version '16.1'
    with Debian dir 4ad99ae6ebb44e4d9ab8d7fa84ce94454aded279

commit 55628fe8e0aa6fd7b809bcdfb544fe5df1d156b6
Author: Steve McIntyre <steve@einval.com>
Date:   Sun Feb 15 14:58:12 2026 +0000

    New upstream version 16.1

commit 13717fda706d3a8b42d9609be638da08a473ead2
Author: Bastian Germann <bage@debian.org>
Date:   Fri Jan 16 23:40:57 2026 +0100

    d/copyright: Adjust file names to new version

commit 3f4fcf6274873a78d4d10fe56359a86ce1a152bd
Author: Bastian Germann <bage@debian.org>
Date:   Fri Jan 16 23:38:42 2026 +0100

    Remove BSD-4-clause-Intel license

commit d1090ac595b2f2d39c5a7df6905e46164bc9518f
Author: Bastian Germann <bage@debian.org>
Date:   Fri Jan 16 23:11:50 2026 +0100

    Also mangle -rc versions to ~rc

commit 3326d84c2d9cc86f5cbbc8a0ac3a9042acad237e
Author: Bastian Germann <bage@debian.org>
Date:   Tue Apr 8 13:27:09 2025 -0400

    Switch to gcc-15

commit 23f642c2b2d087929a45fb38519c996d32ce6ca0
Author: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Date:   Fri Mar 28 11:51:23 2025 +0100

    d/watch: avoid repacking
    
    to preserve the upstream signature.
    
    Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>

commit 7c006cc2f9121b2952c944d7f0ab9a56757ba807
Author: Steve McIntyre <steve@einval.com>
Date:   Sun Aug 3 22:00:43 2025 +0100

    Fix version

commit 7c0a25a8112c3088ac83724c9632f418466edcf9
Author: Steve McIntyre <steve@einval.com>
Date:   Sun Aug 3 21:53:11 2025 +0100

    Update to the 16.1 RC1 release

commit 297ca0a0ec0b75c75c8199c89c3b32fff1db9949
Author: Steve McIntyre <steve@einval.com>
Date:   Sun Aug 3 21:29:32 2025 +0100

    New upstream version 16.1~rc1

commit d0a140f65919d9f2ea4e843b45952e3601388811
Merge: 39df210 297ca0a
Author: Steve McIntyre <steve@einval.com>
Date:   Sun Aug 3 21:29:32 2025 +0100

    Update upstream source from tag 'upstream/16.1_rc1'
    
    Update to upstream version '16.1~rc1'
    with Debian dir c6b2b2dc3ea7a4c8c6894aa312fb6cdaf02cf04a

commit 39df2103d552e9ee5f7c85133732d28537cd9043
Author: Steve McIntyre <steve@einval.com>
Date:   Thu Mar 20 23:56:04 2025 +0000

    Update to the 16.0 release

commit 49703ccfe798a8eedf2ada1df0bbbbffa77d8c00
Author: Steve McIntyre <steve@einval.com>
Date:   Thu Mar 20 23:54:23 2025 +0000

    New upstream version 16.0

commit f9fe712e8fa2c7b0297351b2ca441fd0c0c4c17b
Author: Steve McIntyre <steve@einval.com>
Date:   Thu Mar 6 23:54:34 2025 +0000

    Switch to using gcc-13 for builds. Closes: #1092205

commit 691831c17769e13bfc7e8908cf735d97ebcc1dae
Author: Steve McIntyre <steve@einval.com>
Date:   Thu Mar 6 23:54:07 2025 +0000

    Test build for 16.0 RC1

commit 366217c2781974103c918132ad065635cbde7844
Author: Steve McIntyre <steve@einval.com>
Date:   Thu Mar 6 23:53:27 2025 +0000

    Tweak changelog

commit b266364840939439800cb0fd4772819677b3ccf7
Author: Steve McIntyre <steve@einval.com>
Date:   Wed Mar 5 23:23:07 2025 +0000

    New upstream version 16.0~rc1.orig

commit 4c1c6af76342a8c1a051e3fe9f8a78c0a0bd90cd
Author: Steve McIntyre <steve@einval.com>
Date:   Sat Feb 17 17:35:37 2024 +0000

    New upstream version 15.8

commit fd67985098863cfd4b61b9746377456ea2540399
Merge: 9032346 ccf52eb
Author: Steve McIntyre <93sam@debian.org>
Date:   Mon Mar 24 09:37:34 2025 +0000

    Merge branch 'mr/fix-d-watch-for-RC' into 'master'
    
    d/watch: mangle RC versions
    
    See merge request efi-team/shim!18

commit ccf52eb2256c3448d41c4c8bf45969491256570d
Author: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Date:   Mon Mar 24 10:01:30 2025 +0100

    d/watch: mangle RC versions
    
    else 16.0.rc1 gets sorted higher than the final 16.0 release tarball.
    
    Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>

commit c9924330d9343d72904a6cb8672b9e4c44df5094
Author: Steve McIntyre <steve@einval.com>
Date:   Thu Mar 20 23:54:23 2025 +0000

    New upstream version 16.0

commit 215056609f874142a1d7ec6775a7a3cf1a627a64
Author: Steve McIntyre <steve@einval.com>
Date:   Wed Mar 5 23:23:07 2025 +0000

    New upstream version 16.0~rc1.orig

commit 90323463f42ddc0c37b816d436e807d4d749846c
Author: Steve McIntyre <steve@einval.com>
Date:   Wed Mar 5 23:07:14 2025 +0000

    Remove Steve Langasek from Uploaders. RIP my good friend.

commit 638db1de7fa7ea696d9a01b14ff9a636fa34b4db
Author: Steve McIntyre <steve@einval.com>
Date:   Wed Jan 8 23:17:19 2025 +0000

    Also make the rules-requires-root changes in the templates
    
    for our generated packages. Closes: #1092425

commit fa4728b6daf0674409b1e0d34a98fcbfb99db5f4
Author: Steve McIntyre <steve@einval.com>
Date:   Sat Jan 4 17:57:54 2025 +0000

    Update changelog

commit aad8a5852bb3c87ad2d1fedaff10d73c43df75c5
Merge: 5757ae8 8d00396
Author: Steve McIntyre <93sam@debian.org>
Date:   Sat Jan 4 17:52:47 2025 +0000

    Merge branch 'bug-1089432-rootless' into 'master'
    
    shim: Build without requiring root
    
    See merge request efi-team/shim!17

commit 8d003968ca8776c067fc01628971911f0cbd3c52
Author: Niels Thykier <niels@thykier.net>
Date:   Sat Dec 28 11:58:58 2024 +0000

    shim: Build without requiring root
    
    Closes: #1089432

commit 5757ae8a5b8f58817b1c6906f39bbd339b0e2aba
Merge: 35d8c4a 57b6c43
Author: Steve McIntyre <93sam@debian.org>
Date:   Sun May 26 21:26:55 2024 +0000

    Merge branch 'remove-ubuntu-files' into 'master'
    
    Remove Ubuntu CA and dbx files from the repository
    
    See merge request efi-team/shim!16

commit 57b6c43301b1943197eef3d816639277869231d7
Author: Mate Kukri <mate.kukri@canonical.com>
Date:   Sun May 26 21:26:55 2024 +0000

    Remove Ubuntu CA and dbx files from the repository

commit 35d8c4ab76290f6e0402f2d5c2b0ae8cc6f807a7
Author: Steve McIntyre <steve@einval.com>
Date:   Sun May 5 21:26:43 2024 +0100

    salsa-ci config: Disable i386 builds and arm64 cross-builds

commit a075e58606b9affb6dfb176c71caab816737a981
Author: Steve McIntyre <steve@einval.com>
Date:   Sat Feb 17 17:35:37 2024 +0000

    New upstream version 15.8

commit 2dd2f7600d41253fe621b8d040ab57f0c202d71b
Author: Steve McIntyre <steve@einval.com>
Date:   Sun Jan 22 13:05:10 2023 +0000

    New upstream version 15.7

commit e6ace38abd705fbe24349152b7c90d473404e86e
Author: Steve McIntyre <steve@einval.com>
Date:   Thu Jun 23 00:16:56 2022 +0100

    New upstream version 15.6

commit 8529e0f7f70f427a7202815061362eceba6bfc50
Author: Steve McIntyre <steve@einval.com>
Date:   Wed Apr 27 22:41:59 2022 +0100

    New upstream version 15.5

commit 8119f7183f5f0bebb168fec5239855552020cf66
Author: Steve McIntyre <steve@einval.com>
Date:   Wed Mar 31 18:24:24 2021 +0100

    New upstream version 15.4

commit 031e5cce385d3f96b1caa1d53495332a7eb03749
Author: Steve McIntyre <steve@einval.com>
Date:   Tue Mar 23 23:49:46 2021 +0000

    New upstream version 15.3

commit 7bf7a6d0852382bb645119b18df3ff461aaba247
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Tue Aug 21 14:22:44 2018 -0400

    New upstream version 15+1533136590.3beb971

commit f892ac66084ab0315adb0c52e4a39b518730d023
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Tue Jul 24 16:24:23 2018 -0400

    New upstream version 15+1531942534.dd3230d

commit 6215e920e71f5c6c43189f27b755e7a3238ad396
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Fri Sep 29 11:20:57 2017 -0400

    New upstream version 13

commit 77e5c6e4808f045629411b056b444e76c6c8c313
Merge: e85582f ecc2922
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Wed Sep 27 13:09:42 2017 -0400

    Updated version 13~git1506531982.23ce039 from 'upstream/13_git1506531982.23ce039'
    
    with Debian dir bc85d2ed9d59b8c9e8d4bf33603c75c11feec4f8

commit ecc29226057b19002d41141e651ae64ff9cdc522
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Wed Sep 27 13:09:42 2017 -0400

    New upstream version 13~git1506531982.23ce039

commit e85582f4ca53cd6ae9079db04929ce1986fff577
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Wed Sep 27 12:55:12 2017 -0400

    We don't really need libnss3-tools.

commit 926d9476901166a54b71bef61ee5ce93f9712697
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Wed Sep 27 12:54:05 2017 -0400

    debian/control: add Breaks: for the previous shim-signed builds given that shim will now build and ship BOOT.CSV by itself.

commit 52b46c08f66fb2c5525b7b6efe6c89e0455bdb34
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Wed Sep 27 12:46:14 2017 -0400

    Ignore unused-variable errors.

commit 21fbf908f79c48fe0a7082465268e65d7b89d062
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Wed Sep 27 12:45:29 2017 -0400

    New upstream snapshot: 13~git1505328971.0780644a

commit 51d5bbcb24fabe7bfc8a1664778e55f2583daf00
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Thu Sep 14 17:48:49 2017 -0700

    New upstream version 13~git1505328971.0780644a

commit 695f91950304ed5f48ed3ec49c0a83cc6dd69723
Merge: 1bb5cf1 51d5bbc
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Thu Sep 14 17:48:49 2017 -0700

    Updated version 13~git1505328971.0780644a from 'upstream/13_git1505328971.0780644a'
    
    with Debian dir 8d0dcc2dc48e0c1bf2e174c33432be6f73754e7a

commit 1bb5cf18d0cb6a846c88fa65cd2809e4c1105c39
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Wed Sep 13 12:12:27 2017 -0700

    New upstream snapshot: 13~git1505328970.9c1c35c5

commit 544696f3ade15d70a5d8389c481e964a164cd3de
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Wed Sep 13 12:11:21 2017 -0700

    Drop PHONY fix patch; merged upstream.

commit b6f94dbeacfc6f0a507413096189304c58dbe66c
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Wed Sep 13 12:09:40 2017 -0700

    New upstream version 13~git1505328970.9c1c35c5

commit 8de1d1dc3a96fec12e97eff6ca5b728e606764b1
Merge: a97c265 b6f94db
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Wed Sep 13 12:09:40 2017 -0700

    Updated version 13~git1505328970.9c1c35c5 from 'upstream/13_git1505328970.9c1c35c5'
    
    with Debian dir 676fec75f526e6b8072deb5302628d27abfc7449

commit a97c2654996184b9a327630bc020f24f70a8b0da
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Thu Aug 31 19:11:13 2017 -0400

    changelog: ~test3 wasn't released; prepare for another test upload.
    
    Signed-off-by: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>

commit c3fa7299807746320f6b6bbe7779a77152856c08
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Thu Aug 31 19:10:10 2017 -0400

    debian/rules, debian/shim.install: make sure the 'make install' step does what it's meant to do by upstream: we can easily make use of the end result to have the files we need.

commit 0e7f9a71d62abba31357b842825d38fd3fa3f18b
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Thu Aug 31 19:08:49 2017 -0400

    debian/patches/buildid_write_return.patch: workaround our strict compile rules failing the build: make sure write calls check the return value.

commit b37fef52049e3d9b32d73eb6db3e9058d875fd9a
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Thu Aug 31 19:07:19 2017 -0400

    debian/control: add a Build-Depends on libelf-dev.

commit 7d562b4949fda4bd683d312f42285875f5ef4b65
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Tue Aug 29 22:45:27 2017 -0400

    debian/shim.install: update paths in light of using shim's upstream install target.

commit 3f5806e428da5992390aca796d8cbaa72879337d
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Tue Aug 29 22:38:38 2017 -0400

    Set EFIDIR=ubuntu for dh_auto_install; that will let files be installed in the "right" final directories, and makes boot.csv for us.

commit f841331ca35ec67599457bb1cd102a0f6a195025
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Tue Aug 29 22:21:11 2017 -0400

    Update dh_auto_build/dh_auto_clean/dh_auto_install for new upstream options: set MAKELEVEL.

commit ee22d4255df975c59181e9258c1919cff227d68b
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Tue Aug 29 21:33:03 2017 -0400

    debian/rules: clean up after *.signed files.

commit 2993c0ee31017782413e48980f8380881cdbd137
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Tue Aug 29 21:23:41 2017 -0400

    debian/patches/fix_makefile_phony.patch: fix a makefile bug causing shim to fail to build, because it gets confused about the .signed efi files.

commit 402fafb47564efc2281966aa39f9d2d25d73aec4
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Tue Aug 29 13:58:39 2017 -0400

    Set ENABLE_SBSIGN, to use sbsign instead of pesign for signing fallback and MokManager.
    
    Also drop debian/patches/sbsigntool-no-pesign: with this change from upstream
    it is no longer needed..

commit 661d3ea1dc23ebe589593dd9cc772a1d436c417b
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Tue Aug 29 13:57:47 2017 -0400

    Set ENABLE_SHIM_CERT, to keep using ephemeral self-signed certs built at compile-time for MokManager and fallback.

commit cff1facf80f327dbd43654221ea5704e24a0dc1d
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Tue Aug 29 13:57:22 2017 -0400

    debian/patches/second-stage-path: dropped; the default loader path now includes an arch suffix.

commit 0123496a8a4483df3d743b791c9bdcfb45409a76
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Tue Aug 29 13:56:15 2017 -0400

    New upstream snapshot: 12+1503074702.5202f80.

commit c224bb09d248997b3333e01d3b89fa8ccd473c6e
Merge: 48d77ce ab881f0
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Tue Aug 29 13:55:31 2017 -0400

    Updated version 12+1503074702.5202f80 from 'upstream/12+1503074702.5202f80'
    
    with Debian dir 08243b332bab8ddbadb7a33b4929c3a66682e2c4

commit ab881f03a3d8b1b6007103eefd1a5ad1342cb83f
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Tue Aug 29 13:55:31 2017 -0400

    New upstream version 12+1503074702.5202f80

commit 48d77ce60605698c2fc8fb92c6891ba76d3415c6
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Wed Aug 9 20:40:15 2017 -0400

    New upstream snapshot: 12+1502324945.478f9bb.

commit 31e25d52717d341c0a7177c34b27c75eeea36436
Merge: 33da872 ac05ece
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Wed Aug 9 20:39:01 2017 -0400

    Updated version 12+1502324945.478f9bb from 'upstream/12+1502324945.478f9bb'
    
    with Debian dir a5373f8bb41a0f7c4d5d293c57dd3374e72d3064

commit ac05ece820d5fd4ef7ee4f1d79adc9b5eb9593fa
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Wed Aug 9 20:39:01 2017 -0400

    New upstream version 12+1502324945.478f9bb

commit 33da8726b4035061190266e3e0c25d87f95d646a
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Mon Aug 7 17:43:53 2017 -0400

    Fix typo for DEFAULT_LOADER: missing a backslash, also needs quoting.

commit 5ca483b97b9d1c1373fd17346dbf207c18455019
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Mon Aug 7 17:43:08 2017 -0400

    debian/patches/0001-shim-fix-the-mirroring-MokSBState-fail.patch: dropped, included upstream.

commit 25f7fd1fb389a5f6356f353d16c5ead80dac6bbc
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Mon Aug 7 17:35:43 2017 -0400

    New upstream version 12+1501864225.b586175

commit f4173af1ad45a270a5d8b2283f8018582484a553
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Mon Aug 7 17:34:45 2017 -0400

    New upstream version 12+1501864225.b586175

commit 62f0afa2ecead02b1258dabab8097ca278a22f8f
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Wed Sep 21 20:29:42 2016 -0400

    Import upstream version 0.9+1474479173.6c180c6

commit d3819813b8e0a64400ddf3ce033bae7c3f245508
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Tue Jul 26 12:02:18 2016 -0400

    Import upstream version 0.9+1465500757.14a5905

commit a14921c5944c340056312f2f5b1728d698f628b1
Merge: 72bb39c 7361f67
Author: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com>
Date:   Wed May 6 09:49:41 2015 -0400

    Import upstream version 0.8

commit 7361f67dbd7f7fe98a807d3d12f90a87262124d6
Author: Peter Jones <pjones@redhat.com>
Date:   Mon Oct 13 16:41:51 2014 -0400

    Bump version to 0.8

commit 72bb39c0237f8bcc3afa8b623e8b097eec6d69cd
Author: Steve Langasek <steve.langasek@canonical.com>
Date:   Mon Oct 6 15:39:48 2014 -0700

    Import upstream version 0.7

commit 159609ee4eab766673606f5a4e122c78dea390b3
Author: Peter Jones <pjones@redhat.com>
Date:   Thu Oct 2 01:01:54 2014 -0400

    Correctly reject bad tftp addresses earlier, rather than later.
    
    This check is for end == NULL but was meant to be *end == '\0'.  Without
    this change, we'll pass a plausibly bad address (i.e. one with no ']' at
    the end) to Mtftp(... READ_FILE ...), which should fail correctly, but
    our error messaging will be inconsistent.
    
    Signed-off-by: Peter Jones <pjones@redhat.com>

commit 7d953d6722ee9d2d1e21104bae41d60629332140
Author: Peter Jones <pjones@redhat.com>
Date:   Thu Oct 2 01:01:54 2014 -0400

    Use -Werror=sign-compare .
    
    I'm going to have to fix any errors that have this anyway, so may as
    well do it here properly.
    
    Signed-off-by: Peter Jones <pjones@redhat.com>

commit a6dfd3e426540b0eafc85f2e6bb3768fe190d3f2
Author: Peter Jones <pjones@redhat.com>
Date:   Thu Oct 2 01:01:54 2014 -0400

    Make another integer compare be signed/unsigned safe as well.
    
    Signed-off-by: Peter Jones <pjones@redhat.com>

commit 0dbc0e7f427c77aa12a58810c3f30f59e203bd5a
Author: Sebastian Krahmer <krahmer@suse.com>
Date:   Thu Oct 2 01:01:54 2014 -0400

    OOB access when parsing MOK List/Certificates on MOK enrollment

commit f6bff34f51cc0ed024ba5262e36a141cd220d4d4
Author: Sebastian Krahmer <krahmer@suse.com>
Date:   Thu Oct 2 01:01:54 2014 -0400

    shim buffer overflow on ipv6 option parsing

commit 597dd8393bf0ce193cb012dd928bca0a2529ba69
Author: Peter Jones <pjones@redhat.com>
Date:   Thu Oct 2 01:01:46 2014 -0400

    Another testplan error.
    
    Signed-off-by: Peter Jones <pjones@redhat.com>

commit e83cd86c6734e8368429482945855ab9c60b3da5
Author: Gary Ching-Pang Lin <glin@suse.com>
Date:   Thu Oct 2 00:10:47 2014 -0400

    Cryptlib: remove the unused files
    
    I mistakenly added CryptPkcs7VerifyNull.c which may make Pkcs7Verify
    always return FALSE. Besides CryptPkcs7VerifyNull.c, there are some
    functions we would never use. This commit removes those files to
    avoid any potential trouble.
    
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>

commit f852734c5a15f2fe6a76424ce23daaee870c6c4e
Author: Gary Ching-Pang Lin <glin@suse.com>
Date:   Thu Oct 2 00:08:50 2014 -0400

    Don't verify images with the empty build key
    
    We replaced the build key with an empty file while compiling shim
    for our distro. Skip the verification with the empty build key
    since this makes no sense.
    
    Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>

commit e258243e43ca2c9f6ac177ed4153fe92af64fcd8
Author: Peter Jones <pjones@redhat.com>
Date:   Thu Oct 2 00:02:43 2014 -0400

    Fix some minor testplan errors.
    
    Signed-off-by: Peter Jones <pjones@redhat.com>

commit ada75ade4ca906737bda7741c49b427da9b5763f
Author: Peter Jones <pjones@redhat.com>
Date:   Thu Oct 2 00:02:43 2014 -0400

    Don't append an empty cert list to MokListRT if vendor_cert_size is 0.
    
    Signed-off-by: Peter Jones <pjones@redhat.com>

commit a16340e3f79d32b7454426db53b94e611802c6e3
Author: Peter Jones <pjones@redhat.com>
Date:   Tue Sep 30 22:51:32 2014 -0400

    Actually find the relocations correctly and process them that way.
    
    Find the relocations based on the *file* address in the old binary,
    because it's only the same as the virtual address some of the time.
    
    Also perform some extra validation before processing it, and don't bail
    out in /error/ if both ReloceBase and RelocEnd are null - that condition
    is fine.
    
    Signed-off-by: Peter Jones <pjones@redhat.com>

commit 05b61752dbc651d51956263aa78681cf6bbcaa63
Author: Peter Jones <pjones@redhat.com>
Date:   Tue Sep 30 22:49:21 2014 -0400

    Revert header changes
    
    Revert "Do the same for ia32..."
    and "Generate a sane PE header on shim, fallback, and MokManager."
    This reverts commit 6744a7ef8eca44948565c3d1244ec931ed3f6fee.
    and commit 0e7ba5947eb38b79de2051ecf3b95055e620475c.
    
    These are premature and I can do this without such drastic measures.
    
    Signed-off-by: Peter Jones <pjones@redhat.com>

commit 9ac3f69597b1460a59ed6ca8c752acc8a8577c6d
Author: Peter Jones <pjones@redhat.com>
Date:   Sun Sep 21 16:25:28 2014 -0400

    Make list_keys() index variables all be signed.
    
    We build with -Werror=signed-compare in fedora/rhel rpms, and this
    showed up.
    
    Signed-off-by: Peter Jones <pjones@redhat.com>

Created: 2023-11-02 Last update: 2026-02-21 17:02

1 open merge request in Salsa normal

There is 1 open merge request for this package on Salsa. You should consider reviewing and/or merging these merge requests.

Created: 2025-09-22 Last update: 2026-01-22 22:00

lintian reports 8 warnings normal

Lintian reports 8 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2023-02-01 Last update: 2024-05-07 00:13

debian/patches: 2 patches to forward upstream low

Among the 2 debian patches available in version 15.8-1 of the package, we noticed the following issues:

2 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2024-05-07 00:29

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.3 instead of 4.6.2).

Created: 2024-04-07 Last update: 2025-12-23 20:00

news

[rss feed]

[2024-08-25] shim 15.8-1 MIGRATED to testing (Debian testing watch)
[2024-05-12] Accepted shim 15.8-1~deb10u1 (source) into oldoldstable (Steve McIntyre)
[2024-05-08] Accepted shim 15.8-1~deb11u1 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Steve McIntyre)
[2024-05-08] Accepted shim 15.8-1~deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Steve McIntyre)
[2024-05-06] Accepted shim 15.8-1 (source) into unstable (Steve McIntyre)
[2023-03-14] shim 15.7-1 MIGRATED to testing (Debian testing watch)
[2023-01-31] Accepted shim 15.7-1~deb11u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Steve McIntyre)
[2023-01-31] Accepted shim 15.7-1~deb10u1 (source) into oldstable (Steve McIntyre)
[2023-01-31] Accepted shim 15.7-1 (source) into unstable (Steve McIntyre)
[2022-07-28] Accepted shim 15.6-1~deb10u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Steve McIntyre)
[2022-07-28] Accepted shim 15.6-1~deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Steve McIntyre)
[2022-07-21] Accepted shim 15.6-1 (source) into unstable (Steve McIntyre)
[2021-07-25] shim 15.4-7 MIGRATED to testing (Debian testing watch)
[2021-07-12] Accepted shim 15.4-7~deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Steve McIntyre)
[2021-07-12] Accepted shim 15.4-7 (source) into unstable (Steve McIntyre)
[2021-07-09] shim 15.4-6 MIGRATED to testing (Debian testing watch)
[2021-06-23] Accepted shim 15.4-6~deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Steve McIntyre)
[2021-06-23] Accepted shim 15.4-6 (source) into unstable (Steve McIntyre)
[2021-05-18] shim 15.4-5 MIGRATED to testing (Debian testing watch)
[2021-05-08] Accepted shim 15.4-5~deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Steve McIntyre)
[2021-05-06] Accepted shim 15.4-5 (source) into unstable (Steve McIntyre)
[2021-05-04] Accepted shim 15.4-4 (source) into unstable (Steve McIntyre)
[2021-05-04] Accepted shim 15.4-3~deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Steve McIntyre)
[2021-05-03] Accepted shim 15.4-3 (source) into unstable (Steve McIntyre)
[2021-04-22] Accepted shim 15.4-2~deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Steve McIntyre)
[2021-04-21] Accepted shim 15.4-2 (source) into unstable (Steve McIntyre)
[2021-04-17] Accepted shim 15.4-1~deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Steve McIntyre)
[2021-04-17] Accepted shim 15.4-1 (source) into unstable (Steve McIntyre)
[2021-03-24] Accepted shim 15.3-1~deb10u3 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Steve McIntyre)
[2021-03-24] Accepted shim 15.3-3 (source) into unstable (Steve McIntyre)

bugs [bug history graph]

all: 9 10
RC: 1
I&N: 3
M&W: 2
F&P: 3 4
patch: 0

links

lintian (0, 8)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 15.8-0ubuntu2
28 bugs