| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| aarch64-gnuefi-old.patch | shim 15.6 onwards needs newer binutils to build on aarch64. That works better, but we don't have that binutils update in older Debian releases. Undo the build changes here so that we can build for aarch64 on older stable releases. We're not going to sign them, but we need the binaries for aarch64. diff --git a/gnu-efi/Make.defaults b/gnu-efi/Make.defaults index 3b56150..5ce8f7c 100755 |
no | ||||
| aarch64-shim-old.patch | shim 15.6 onwards needs newer binutils to build on aarch64. That works better, but we don't have that binutils update in older Debian releases. Undo the build changes here so that we can build for aarch64 on older stable releases. We're not going to sign them, but we need the binaries for aarch64. diff --git a/Make.defaults b/Make.defaults index dfed9c4a..18677daa 100644 |
no | ||||
| 0001-sbat-Add-grub.peimage-2-to-latest-CVE-2024-2312.patch | [PATCH 1/2] sbat: Add grub.peimage,2 to latest (CVE-2024-2312) Add the previous latest level to the switch for automatic. |
Julian Andres Klode <julian.klode@canonical.com> | no | 2024-04-05 | ||
| 0002-sbat-Also-bump-latest-for-grub-4-and-to-todays-date.patch | [PATCH 2/2] sbat: Also bump latest for grub,4 (and to todays date) Back in January we decided to bump the SBAT level for the shim CVE without bumping the grub level for the previous NTFS issues - CVE-2023-4692 CVE-2023-4693 - as not every vendor was signing the ntfs module. Catch up on this revocation to ensure it doesn't get lost. Doing so also allows us to remove the grub.debian,4 revocation as this happened before grub,4 and hence is obsolete. Also bump the date of the sbat variable to today's. Don't copy the April 5 one to a previous selection, as it wasn't shipped to anyone. |
Julian Andres Klode <julian.klode@canonical.com> | no | 2024-04-09 |