Recommended update for shim-susesigned

Announcement ID:	SUSE-RU-2021:2677-1
Rating:	moderate
References:	bsc#1185232 bsc#1185261 bsc#1185464 bsc#1185961 bsc#1187260 bsc#1187696
Affected Products:	openSUSE Leap 15.3

An update that has six fixes can now be installed.

Description:

This update for shim-susesigned fixes the following issues:

• Sync with Microsoft signed shim to Thu Jul 15 08:13:26 UTC 2021.
• avoid deleting the mirrored RT variables (bsc#1187696)
• relax the check for import_mok_state() when Secure Boot is off. (bsc#1185261)
• ignore the odd LoadOptions length (bsc#1185232)
• shim-install: reset def_shim_efi to "shim.efi" if the given file doesn't exist
• fix the size of rela sections for AArch64
• disable exporting vendor-dbx to MokListXRT since writing a large RT variable could crash some machines (bsc#1185261)
• Avoid the potential crash when calling QueryVariableInfo in EFI 1.10 machines (bsc#1187260)
• avoid buffer overflow when copying data to the MOK config table (bsc#1185232)
• shim-install: instead of assuming "removable" for Azure, remove fallback.efi from \EFI\Boot and copy grub.efi/cfg to \EFI\Boot to make \EFI\Boot bootable and keep the boot option created by efibootmgr (bsc#1185464, bsc#1185961)
• shim-install: always assume "removable" for Azure to avoid the endless reset loop (bsc#1185464)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• openSUSE Leap 15.3
  zypper in -t patch SUSE-2021-2677=1

Package List:

• openSUSE Leap 15.3 (aarch64)
  • shim-susesigned-15.4-3.3.1

References:

• https://bugzilla.suse.com/show_bug.cgi?id=1185232
• https://bugzilla.suse.com/show_bug.cgi?id=1185261
• https://bugzilla.suse.com/show_bug.cgi?id=1185464
• https://bugzilla.suse.com/show_bug.cgi?id=1185961
• https://bugzilla.suse.com/show_bug.cgi?id=1187260
• https://bugzilla.suse.com/show_bug.cgi?id=1187696