.gitignore

@@ -1 +1,2 @@
-SOURCES/shim-15.8.tar.bz2
+/shim-*.tar.bz2
+*.rpm

.shim-unsigned-aarch64.metadata

@@ -1 +1 @@
-cdec924ca437a4509dcb178396996ddf92c11183 SOURCES/shim-15.8.tar.bz2
+2dc6308584187bf3ee88bf9b119938c72c5a5088 shim-15.tar.bz2

0001-Make-sure-that-MOK-variables-always-get-mirrored.patch

@@ -0,0 +1,60 @@
+From 9ab0d796bdc9cefdaa3b0df7434845d26c43d894 Mon Sep 17 00:00:00 2001
+From: Patrick Uiterwijk <patrick@puiterwijk.org>
+Date: Mon, 5 Nov 2018 14:51:16 +0100
+Subject: [PATCH 1/3] Make sure that MOK variables always get mirrored
+
+Without this, if a Mok variable doesn't exist in Boot Services, it will also
+not be copied to Runtime, even if we have data to be added to it (vendor cert).
+This patch makes sure that if we have extra data to append, we still mirror
+the variable.
+
+Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
+---
+ mok.c | 20 ++++++++++++++++----
+ 1 file changed, 16 insertions(+), 4 deletions(-)
+
+diff --git a/mok.c b/mok.c
+index 38675211e0e..00dd1ad3034 100644
+--- a/mok.c
++++ b/mok.c
+@@ -223,11 +223,26 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
+ 		UINT32 attrs = 0;
+ 		BOOLEAN delete = FALSE, present, addend;
+ 
++		addend = (v->addend_source && v->addend_size &&
++			  *v->addend_source && *v->addend_size)
++			? TRUE : FALSE;
++
+ 		efi_status = get_variable_attr(v->name,
+ 					       &v->data, &v->data_size,
+ 					       *v->guid, &attrs);
+-		if (efi_status == EFI_NOT_FOUND)
++		if (efi_status == EFI_NOT_FOUND) {
++			if (v->rtname && addend) {
++				efi_status = mirror_one_mok_variable(v);
++				if (EFI_ERROR(efi_status) &&
++				    ret != EFI_SECURITY_VIOLATION)
++					ret = efi_status;
++			}
++			/*
++			 * after possibly adding, we can continue, no
++			 * further checks to be done.
++			 */
+ 			continue;
++		}
+ 		if (EFI_ERROR(efi_status)) {
+ 			perror(L"Could not verify %s: %r\n", v->name,
+ 			       efi_status);
+@@ -272,9 +287,6 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
+ 		}
+ 
+ 		present = (v->data && v->data_size) ? TRUE : FALSE;
+-		addend = (v->addend_source && v->addend_size &&
+-			  *v->addend_source && *v->addend_size)
+-			? TRUE : FALSE;
+ 
+ 		if (v->flags & MOK_VARIABLE_MEASURE && present) {
+ 			/*
+-- 
+2.20.1
+

0002-mok-fix-the-mirroring-of-RT-variables.patch

@@ -0,0 +1,49 @@
+From 4b27ae034ba9885960e72f77b3f687a9b7fea824 Mon Sep 17 00:00:00 2001
+From: Gary Lin <glin@suse.com>
+Date: Wed, 21 Nov 2018 12:47:43 +0800
+Subject: [PATCH 2/3] mok: fix the mirroring of RT variables
+
+When there is no key in MokList, import_mok_state() just skipped MokList
+even though it should always mirror the vendor cert. Besides, the faulty
+check of 'present' and 'addend' invalidates the mirroring of MokListXRT,
+MokSBStateRT, and MokIgnoreDB.
+
+https://github.com/rhboot/shim/issues/154
+
+Signed-off-by: Gary Lin <glin@suse.com>
+---
+ mok.c | 11 ++++-------
+ 1 file changed, 4 insertions(+), 7 deletions(-)
+
+diff --git a/mok.c b/mok.c
+index 00dd1ad3034..41925abbb49 100644
+--- a/mok.c
++++ b/mok.c
+@@ -231,12 +231,8 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
+ 					       &v->data, &v->data_size,
+ 					       *v->guid, &attrs);
+ 		if (efi_status == EFI_NOT_FOUND) {
+-			if (v->rtname && addend) {
+-				efi_status = mirror_one_mok_variable(v);
+-				if (EFI_ERROR(efi_status) &&
+-				    ret != EFI_SECURITY_VIOLATION)
+-					ret = efi_status;
+-			}
++			if (addend)
++				goto mirror_addend;
+ 			/*
+ 			 * after possibly adding, we can continue, no
+ 			 * further checks to be done.
+@@ -316,7 +312,8 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
+ 			}
+ 		}
+ 
+-		if (v->rtname && present && addend) {
++mirror_addend:
++		if (v->rtname && (present || addend)) {
+ 			if (v->flags & MOK_MIRROR_DELETE_FIRST)
+ 				LibDeleteVariable(v->rtname, v->guid);
+ 
+-- 
+2.20.1
+

0003-mok-consolidate-mirroring-code-in-a-helper-instead-o.patch

@@ -0,0 +1,109 @@
+From 29c11483101b460869a5e0dba1f425073862127d Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Thu, 31 Jan 2019 13:45:30 -0500
+Subject: [PATCH 3/3] mok: consolidate mirroring code in a helper instead of
+ using goto
+
+There's no reason to complicate the logic with a goto here, instead just
+pull the logic we're jumping to out to a helper function.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ mok.c  | 41 ++++++++++++++++++++++++++++-------------
+ shim.h |  2 ++
+ 2 files changed, 30 insertions(+), 13 deletions(-)
+
+diff --git a/mok.c b/mok.c
+index 41925abbb49..2f495e6cf25 100644
+--- a/mok.c
++++ b/mok.c
+@@ -130,7 +130,8 @@ struct mok_state_variable mok_state_variables[] = {
+ 	{ NULL, }
+ };
+ 
+-static EFI_STATUS mirror_one_mok_variable(struct mok_state_variable *v)
++static EFI_STATUS nonnull(1)
++mirror_one_mok_variable(struct mok_state_variable *v)
+ {
+ 	EFI_STATUS efi_status = EFI_SUCCESS;
+ 	void *FullData = NULL;
+@@ -196,6 +197,29 @@ static EFI_STATUS mirror_one_mok_variable(struct mok_state_variable *v)
+ 	return efi_status;
+ }
+ 
++/*
++ * Mirror a variable if it has an rtname, and preserve any
++ * EFI_SECURITY_VIOLATION status at the same time.
++ */
++static EFI_STATUS nonnull(1)
++maybe_mirror_one_mok_variable(struct mok_state_variable *v, EFI_STATUS ret)
++{
++	EFI_STATUS efi_status;
++	if (v->rtname) {
++		if (v->flags & MOK_MIRROR_DELETE_FIRST)
++			LibDeleteVariable(v->rtname, v->guid);
++
++		efi_status = mirror_one_mok_variable(v);
++		if (EFI_ERROR(efi_status)) {
++			if (ret != EFI_SECURITY_VIOLATION)
++				ret = efi_status;
++			perror(L"Could not create %s: %r\n", v->rtname,
++			       efi_status);
++		}
++	}
++	return ret;
++}
++
+ /*
+  * Verify our non-volatile MoK state.  This checks the variables above
+  * accessable and have valid attributes.  If they don't, it removes
+@@ -232,7 +256,7 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
+ 					       *v->guid, &attrs);
+ 		if (efi_status == EFI_NOT_FOUND) {
+ 			if (addend)
+-				goto mirror_addend;
++				ret = maybe_mirror_one_mok_variable(v, ret);
+ 			/*
+ 			 * after possibly adding, we can continue, no
+ 			 * further checks to be done.
+@@ -312,16 +336,8 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle)
+ 			}
+ 		}
+ 
+-mirror_addend:
+-		if (v->rtname && (present || addend)) {
+-			if (v->flags & MOK_MIRROR_DELETE_FIRST)
+-				LibDeleteVariable(v->rtname, v->guid);
+-
+-			efi_status = mirror_one_mok_variable(v);
+-			if (EFI_ERROR(efi_status) &&
+-			    ret != EFI_SECURITY_VIOLATION)
+-				ret = efi_status;
+-		}
++		if (present)
++			ret = maybe_mirror_one_mok_variable(v, ret);
+ 	}
+ 
+ 	/*
+@@ -340,4 +356,4 @@ mirror_addend:
+ 	return ret;
+ }
+ 
+-// vim:fenc=utf-8:tw=75
++// vim:fenc=utf-8:tw=75:noet
+diff --git a/shim.h b/shim.h
+index 2b359d821e3..c26d5f06538 100644
+--- a/shim.h
++++ b/shim.h
+@@ -30,6 +30,8 @@
+ 
+ #include <stddef.h>
+ 
++#define nonnull(...) __attribute__((__nonnull__(__VA_ARGS__)))
++
+ #define min(a, b) ({(a) < (b) ? (a) : (b);})
+ 
+ #ifdef __x86_64__
+-- 
+2.20.1
+

0004-Make-VLogError-behave-as-expected.patch

@@ -0,0 +1,50 @@
+From 0bff94b170116737e6e0838c35c0ac376542a5c0 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Tue, 12 Feb 2019 18:04:49 -0500
+Subject: [PATCH 4/4] Make VLogError() behave as expected.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ errlog.c | 15 +++------------
+ 1 file changed, 3 insertions(+), 12 deletions(-)
+
+diff --git a/errlog.c b/errlog.c
+index 18be4822d53..eebb266d396 100644
+--- a/errlog.c
++++ b/errlog.c
+@@ -14,29 +14,20 @@ EFI_STATUS
+ VLogError(const char *file, int line, const char *func, CHAR16 *fmt, va_list args)
+ {
+ 	va_list args2;
+-	UINTN size = 0, size2;
+ 	CHAR16 **newerrs;
+ 
+-	size = SPrint(NULL, 0, L"%a:%d %a() ", file, line, func);
+-	va_copy(args2, args);
+-	size2 = VSPrint(NULL, 0, fmt, args2);
+-	va_end(args2);
+-
+ 	newerrs = ReallocatePool(errs, (nerrs + 1) * sizeof(*errs),
+ 				       (nerrs + 3) * sizeof(*errs));
+ 	if (!newerrs)
+ 		return EFI_OUT_OF_RESOURCES;
+ 
+-	newerrs[nerrs] = AllocatePool(size*2+2);
++	newerrs[nerrs] = PoolPrint(L"%a:%d %a() ", file, line, func);
+ 	if (!newerrs[nerrs])
+ 		return EFI_OUT_OF_RESOURCES;
+-	newerrs[nerrs+1] = AllocatePool(size2*2+2);
++	va_copy(args2, args);
++	newerrs[nerrs+1] = VPoolPrint(fmt, args2);
+ 	if (!newerrs[nerrs+1])
+ 		return EFI_OUT_OF_RESOURCES;
+-
+-	SPrint(newerrs[nerrs], size*2+2, L"%a:%d %a() ", file, line, func);
+-	va_copy(args2, args);
+-	VSPrint(newerrs[nerrs+1], size2*2+2, fmt, args2);
+ 	va_end(args2);
+ 
+ 	nerrs += 2;
+-- 
+2.20.1
+

0005-Make-EFI-variable-copying-fatal-only-on-secureboot-e.patch

@@ -0,0 +1,47 @@
+From 741c61abba7d5c74166f8d0c1b9ee8001ebcd186 Mon Sep 17 00:00:00 2001
+From: Patrick Uiterwijk <patrick@puiterwijk.org>
+Date: Thu, 6 Dec 2018 10:08:45 +0100
+Subject: [PATCH] Make EFI variable copying fatal only on secureboot enabled
+ systems
+
+I have come across systems that are unwilling to reserve enough memory for
+a MokListRT big enough for big certificates.
+This seems to be the case with firmware implementations that do not support
+secureboot, which is probably the reason they went with much lower variable
+storage.
+
+This patch set makes sure we can still boot on those systems, by only
+making the copy action fatal if the system has secure boot enabled, or if
+the error was anything other than EFI_INVALID_PARAMETER.
+
+Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
+---
+ shim.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/shim.c b/shim.c
+index 7d25ad6fe70..aee4727fe67 100644
+--- a/shim.c
++++ b/shim.c
+@@ -2639,7 +2639,17 @@ efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab)
+ 	 * boot-services-only state variables are what we think they are.
+ 	 */
+ 	efi_status = import_mok_state(image_handle);
+-	if (EFI_ERROR(efi_status)) {
++	if (!secure_mode() && efi_status == EFI_INVALID_PARAMETER) {
++		/*
++		 * Make copy failures fatal only if secure_mode is enabled, or
++		 * the error was anything else than EFI_INVALID_PARAMETER.
++		 * There are non-secureboot firmware implementations that don't
++		 * reserve enough EFI variable memory to fit the variable.
++		 */
++		console_print(L"Importing MOK states has failed: %s: %r\n",
++			      msgs[msg], efi_status);
++		console_print(L"Continuing boot since secure mode is disabled");
++	} else if (EFI_ERROR(efi_status)) {
+ die:
+ 		console_print(L"Something has gone seriously wrong: %s: %r\n",
+ 			      msgs[msg], efi_status);
+-- 
+2.21.0
+

0006-Make-some-things-dprint-instead-of-console_print.patch

@@ -0,0 +1,28 @@
+From dad59f8c0f3620f68379a29c3e6badd22681ddc5 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Tue, 10 Apr 2018 12:36:34 -0400
+Subject: [PATCH] Make some things dprint() instead of console_print()
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ shim.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/shim.c b/shim.c
+index 00155346c12..ff0817009cd 100644
+--- a/shim.c
++++ b/shim.c
+@@ -2087,8 +2087,8 @@ static int is_our_path(EFI_LOADED_IMAGE *li, CHAR16 *path, UINTN len)
+ 	if (!dppath)
+ 		return 0;
+ 
+-	console_print(L"dppath: %s\n", dppath);
+-	console_print(L"path:   %s\n", path);
++	dprint(L"dppath: %s\n", dppath);
++	dprint(L"path:   %s\n", path);
+ 	if (StrnCaseCmp(dppath, path, len))
+ 		ret = 0;
+ 
+-- 
+2.21.0
+

0007-shim-Properly-generate-absolute-paths-from-relative-.patch

@@ -0,0 +1,51 @@
+From a625fa5096ccdf87036379a5cb237bd43516d605 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Fri, 7 Sep 2018 14:11:02 +0200
+Subject: [PATCH] shim: Properly generate absolute paths from relative
+ image paths
+
+The generate_path_from_image_path() doesn't properly handle the case when
+shim is invoked using a relative path (e.g: from the EFI shell). In that
+function, always the last component is stripped from absolute file path
+to calculate the dirname, and this is concatenated with the image path.
+
+But if the path is a relative one, the function will wrongly concatenate
+the dirname with the relative image path, i.e:
+
+ Shell> FS0:
+ FS0:\> cd EFI
+ FS0:\EFI\> BOOT\BOOTX64.EFI
+ Failed to open \EFI\BOOT\BOOT\BOOTX64.EFI - Not found
+ Failed to load image \EFI\BOOT\BOOT\BOOTX64.EFI: Not found
+ start_image() returned Not found
+
+Calculate the image path basename and concatenate that with the dirname.
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+Reviewed-by: Maran Wilson maran.wilson@oracle.com
+Tested-by: Maran Wilson maran.wilson@oracle.com
+---
+ shim.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/shim.c b/shim.c
+index f29f39214f5..32d2772b279 100644
+--- a/shim.c
++++ b/shim.c
+@@ -1640,9 +1640,11 @@ static EFI_STATUS generate_path_from_image_path(EFI_LOADED_IMAGE *li,
+ 		bootpath[j] = '\0';
+ 	}
+ 
+-	while (*ImagePath == '\\')
+-		ImagePath++;
++	for (i = 0, last = 0; i < StrLen(ImagePath); i++)
++		if (ImagePath[i] == '\\')
++			last = i + 1;
+ 
++	ImagePath = ImagePath + last;
+ 	*PathName = AllocatePool(StrSize(bootpath) + StrSize(ImagePath));
+ 
+ 	if (!*PathName) {
+-- 
+2.21.0
+

0008-shim-Prevent-shim-to-set-itself-as-a-second-stage-lo.patch

@@ -0,0 +1,75 @@
+From e563bc3dcd17d91861d3b363ed19d30228f409e1 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Fri, 7 Sep 2018 15:10:51 +0200
+Subject: [PATCH] shim: Prevent shim to set itself as a second stage loader
+
+When shim is invoked from a relative path (e.g: from the UEFI shell), the
+Loaded Image handle LoadOptions can be set to the binary relative path.
+
+But the is_our_path() function only checks if LoadOptions is set to the
+absolute path of shim to ignore it. So if a relative path is there, shim
+would set itself as the secondary loader and invoke itself in a loop.
+
+To prevent that, use the path in LoadOptions to calculate the absolute
+path and compare it with the one in the Loader Image handle FilePath.
+
+Resolves: bz#1622485
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+Reviewed-by: Maran Wilson maran.wilson@oracle.com
+Tested-by: Maran Wilson maran.wilson@oracle.com
+---
+ shim.c | 17 ++++++++++++++---
+ 1 file changed, 14 insertions(+), 3 deletions(-)
+
+diff --git a/shim.c b/shim.c
+index 32d2772b279..8abc0c267cf 100644
+--- a/shim.c
++++ b/shim.c
+@@ -2116,21 +2116,32 @@ get_load_option_optional_data(UINT8 *data, UINTN data_size,
+ 	return EFI_SUCCESS;
+ }
+ 
+-static int is_our_path(EFI_LOADED_IMAGE *li, CHAR16 *path, UINTN len)
++static int is_our_path(EFI_LOADED_IMAGE *li, CHAR16 *path)
+ {
+ 	CHAR16 *dppath = NULL;
++	CHAR16 *PathName = NULL;
++	EFI_STATUS efi_status;
+ 	int ret = 1;
+ 
+ 	dppath = DevicePathToStr(li->FilePath);
+ 	if (!dppath)
+ 		return 0;
+ 
++	efi_status = generate_path_from_image_path(li, path, &PathName);
++	if (EFI_ERROR(efi_status)) {
++		perror(L"Unable to generate path %s: %r\n", path,
++		       efi_status);
++		goto done;
++	}
++
+ 	dprint(L"dppath: %s\n", dppath);
+ 	dprint(L"path:   %s\n", path);
+-	if (StrnCaseCmp(dppath, path, len))
++	if (StrnCaseCmp(dppath, PathName, strlen(dppath)))
+ 		ret = 0;
+ 
++done:
+ 	FreePool(dppath);
++	FreePool(PathName);
+ 	return ret;
+ }
+ 
+@@ -2319,7 +2330,7 @@ EFI_STATUS set_second_stage (EFI_HANDLE image_handle)
+ 
+ 	 * which is just cruel... So yeah, just don't use it.
+ 	 */
+-	if (strings == 1 && is_our_path(li, start, loader_len))
++	if (strings == 1 && is_our_path(li, start))
+ 		return EFI_SUCCESS;
+ 
+ 	/*
+-- 
+2.21.0
+

0009-Fix-a-use-of-strlen-instead-of-Strlen.patch

@@ -0,0 +1,28 @@
+From 1870bae796022f8bbf60465352eac329ff1d6ffd Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Thu, 5 Sep 2019 10:36:23 -0400
+Subject: [PATCH] Fix a use of strlen() instead of Strlen()
+
+Resolves: rhbz#1817882
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ src/shim.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/shim.c b/shim.c
+index 3f131f48572..38f1346da7f 100644
+--- a/shim.c
++++ b/shim.c
+@@ -2053,7 +2053,7 @@ static int is_our_path(EFI_LOADED_IMAGE *li, CHAR16 *path)
+ 
+ 	dprint(L"dppath: %s\n", dppath);
+ 	dprint(L"path:   %s\n", path);
+-	if (StrnCaseCmp(dppath, PathName, strlen(dppath)))
++	if (StrnCaseCmp(dppath, PathName, StrLen(dppath)))
+ 		ret = 0;
+ 
+ done:
+-- 
+2.25.1
+

0010-translate_slashes-don-t-write-to-string-literals.patch

@@ -0,0 +1,139 @@
+From 9813e8bc8b3295f343809fac43298a73a93ffc97 Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Tue, 28 Jan 2020 23:33:46 +0100
+Subject: [PATCH] translate_slashes(): don't write to string literals
+
+Currently, all three invocations of the translate_slashes() function may
+lead to writes to the string literal that is #defined with the
+DEFAULT_LOADER_CHAR macro. According to ISO C99 6.4.5p6, this is undefined
+behavior ("If the program attempts to modify such an array, the behavior
+is undefined").
+
+This bug crashes shim on e.g. the 64-bit ArmVirtQemu platform ("Data
+abort: Permission fault"), where the platform firmware maps the .text
+section (which contains the string literal) read-only.
+
+Modify translate_slashes() so that it copies and translates characters
+from an input array of "char" to an output array of "CHAR8".
+
+While at it, fix another bug. Before this patch, if translate_slashes()
+ever encountered a double backslash (translating it to a single forward
+slash), then the output would end up shorter than the input. However, the
+output was not NUL-terminated in-place, therefore the original string
+length (and according trailing garbage) would be preserved. After this
+patch, the NUL-termination on contraction is automatic, as the output
+array's contents are indeterminate when entering the function, and so we
+must NUL-terminate it anyway.
+
+Fixes: 8e9124227d18475d3bc634c33518963fc8db7c98
+Fixes: e62b69a5b0b87c6df7a4fc23906134945309e927
+Fixes: 3d79bcb2651b9eae809b975b3e03e2f96c067072
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1795654
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+---
+ include/str.h  | 14 ++++++++------
+ httpboot.c |  4 ++--
+ netboot.c  | 16 +++++++++++-----
+ 3 files changed, 21 insertions(+), 13 deletions(-)
+
+diff --git a/include/str.h b/include/str.h
+index 9a748366bd1..f73c6212cd9 100644
+--- a/include/str.h
++++ b/include/str.h
+@@ -45,21 +45,23 @@ strcata(CHAR8 *dest, const CHAR8 *src)
+ static inline
+ __attribute__((unused))
+ CHAR8 *
+-translate_slashes(char *str)
++translate_slashes(CHAR8 *out, const char *str)
+ {
+ 	int i;
+ 	int j;
+-	if (str == NULL)
+-		return (CHAR8 *)str;
++	if (str == NULL || out == NULL)
++		return NULL;
+ 
+ 	for (i = 0, j = 0; str[i] != '\0'; i++, j++) {
+ 		if (str[i] == '\\') {
+-			str[j] = '/';
++			out[j] = '/';
+ 			if (str[i+1] == '\\')
+ 				i++;
+-		}
++		} else
++			out[j] = str[i];
+ 	}
+-	return (CHAR8 *)str;
++	out[j] = '\0';
++	return out;
+ }
+ 
+ #endif /* SHIM_STR_H */
+diff --git a/httpboot.c b/httpboot.c
+index 3622e85867c..2d27e8ed993 100644
+--- a/httpboot.c
++++ b/httpboot.c
+@@ -743,14 +743,14 @@ httpboot_fetch_buffer (EFI_HANDLE image, VOID **buffer, UINT64 *buf_size)
+ {
+ 	EFI_STATUS efi_status;
+ 	EFI_HANDLE nic;
+-	CHAR8 *next_loader = NULL;
++	CHAR8 next_loader[sizeof DEFAULT_LOADER_CHAR];
+ 	CHAR8 *next_uri = NULL;
+ 	CHAR8 *hostname = NULL;
+ 
+ 	if (!uri)
+ 		return EFI_NOT_READY;
+ 
+-	next_loader = translate_slashes(DEFAULT_LOADER_CHAR);
++	translate_slashes(next_loader, DEFAULT_LOADER_CHAR);
+ 
+ 	/* Create the URI for the next loader based on the original URI */
+ 	efi_status = generate_next_uri(uri, next_loader, &next_uri);
+diff --git a/netboot.c b/netboot.c
+index 583fe4bee71..6d293bca9dd 100644
+--- a/netboot.c
++++ b/netboot.c
+@@ -189,7 +189,9 @@ static BOOLEAN extract_tftp_info(CHAR8 *url)
+ 	CHAR8 *start, *end;
+ 	CHAR8 ip6str[40];
+ 	CHAR8 ip6inv[16];
+-	CHAR8 *template = (CHAR8 *)translate_slashes(DEFAULT_LOADER_CHAR);
++	CHAR8 template[sizeof DEFAULT_LOADER_CHAR];
++
++	translate_slashes(template, DEFAULT_LOADER_CHAR);
+ 
+ 	// to check against str2ip6() errors
+ 	memset(ip6inv, 0, sizeof(ip6inv));
+@@ -254,10 +256,14 @@ static EFI_STATUS parseDhcp6()
+ 
+ static EFI_STATUS parseDhcp4()
+ {
+-	CHAR8 *template = (CHAR8 *)translate_slashes(DEFAULT_LOADER_CHAR);
+-	INTN template_len = strlen(template) + 1;
++	CHAR8 template[sizeof DEFAULT_LOADER_CHAR];
++	INTN template_len;
++	UINTN template_ofs = 0;
+ 	EFI_PXE_BASE_CODE_DHCPV4_PACKET* pkt_v4 = (EFI_PXE_BASE_CODE_DHCPV4_PACKET *)&pxe->Mode->DhcpAck.Dhcpv4;
+ 
++	translate_slashes(template, DEFAULT_LOADER_CHAR);
++	template_len = strlen(template) + 1;
++
+ 	if(pxe->Mode->ProxyOfferReceived) {
+ 		/*
+ 		 * Proxy should not have precedence.  Check if DhcpAck
+@@ -288,8 +294,8 @@ static EFI_STATUS parseDhcp4()
+ 			full_path[dir_len-1] = '\0';
+ 	}
+ 	if (dir_len == 0 && dir[0] != '/' && template[0] == '/')
+-		template++;
+-	strcata(full_path, template);
++		template_ofs++;
++	strcata(full_path, template + template_ofs);
+ 	memcpy(&tftp_addr.v4, pkt_v4->BootpSiAddr, 4);
+ 
+ 	return EFI_SUCCESS;
+-- 
+2.26.2
+

0011-RHEL-9-disable-Wpointer-sign-for-now.patch

@@ -0,0 +1,25 @@
+From 7e7fa748c8651ca3d9fdd55f0ad891c816949ff5 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Fri, 6 Aug 2021 16:43:37 -0400
+Subject: [PATCH] RHEL-9: disable -Wpointer-sign for now
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ Make.defaults | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/Make.defaults b/Make.defaults
+index e11ab5a7f2c..9b28720d186 100644
+--- a/Make.defaults
++++ b/Make.defaults
+@@ -42,6 +42,7 @@ EFI_LDS		= $(TOPDIR)/elf_$(ARCH)_efi.lds
+ CFLAGS		= -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \
+ 		  -fshort-wchar -Wall -Wsign-compare -Werror -fno-builtin \
+ 		  -Werror=sign-compare -ffreestanding -std=gnu89 \
++		  -Wno-pointer-sign -Wno-address-of-packed-member \
+ 		  -I$(shell $(CC) -print-file-name=include) \
+ 		  "-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \
+ 		  "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \
+-- 
+2.31.1
+

SOURCES/sbat.redhat.csv

@@ -1 +0,0 @@
-shim.redhat,3,Red Hat Inc,shim,15.8,secalert@redhat.com

build

@@ -0,0 +1,8 @@
+#!/bin/bash
+set -e
+if [ $# -ne 1 ]; then
+	echo "usage: ./build <release>" 1>&2
+	exit 1
+fi
+arm-koji build $1 `fedpkg giturl`
+

gating.yaml

@@ -0,0 +1,6 @@
+--- !Policy
+product_versions:
+  - rhel-8
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: manual.sst_desktop.shim.functional}

shim-unsigned-aarch64.spec

@@ -15,8 +15,8 @@
 %global shimdir %{shimversiondir}/%{efiarch}
 
 Name:		shim-unsigned-aarch64
-Version:	15.8
-Release:	2.el8
+Version:	15
+Release:	6%{?dist}
 Summary:	First-stage UEFI bootloader
 ExclusiveArch:	aarch64
 License:	BSD
@@ -26,18 +26,27 @@ Source1:	securebootca.cer
 # currently here's what's in our dbx:
 # nothing.
 Source2:	dbx.esl
-Source3:	sbat.redhat.csv
-Source4:	shim.patches
 
 Source100:	shim-find-debuginfo.sh
 
-%include %{SOURCE4}
+Patch0001:	0001-Make-sure-that-MOK-variables-always-get-mirrored.patch
+Patch0002:	0002-mok-fix-the-mirroring-of-RT-variables.patch
+Patch0003:	0003-mok-consolidate-mirroring-code-in-a-helper-instead-o.patch
+Patch0004:	0004-Make-VLogError-behave-as-expected.patch
+Patch0005:	0005-Make-EFI-variable-copying-fatal-only-on-secureboot-e.patch
+Patch0006:	0006-Make-some-things-dprint-instead-of-console_print.patch
+Patch0007:	0007-shim-Properly-generate-absolute-paths-from-relative-.patch
+Patch0008:	0008-shim-Prevent-shim-to-set-itself-as-a-second-stage-lo.patch
+Patch0009:	0009-Fix-a-use-of-strlen-instead-of-Strlen.patch
+Patch0010:	0010-translate_slashes-don-t-write-to-string-literals.patch
+Patch0011:	0011-RHEL-9-disable-Wpointer-sign-for-now.patch
 
 BuildRequires:	gcc make
 BuildRequires:	elfutils-libelf-devel
 BuildRequires:	git openssl-devel openssl
 BuildRequires:	pesign >= %{pesign_vre}
-BuildRequires:	dos2unix findutils
+BuildRequires:	gnu-efi >= %{gnuefi_vre}
+BuildRequires:	gnu-efi-devel >= %{gnuefi_vre}
 
 # Shim uses OpenSSL, but cannot use the system copy as the UEFI ABI is not
 # compatible with SysV (there's no red zone under UEFI) and there isn't a
@@ -82,17 +91,16 @@ git config --unset user.name
 mkdir build-%{efiarch}
 
 %build
-COMMIT_ID=5914984a1ffeab841f482c791426d7ca9935a5e6
-MAKEFLAGS="TOPDIR=.. -f ../Makefile COMMITID=${COMMIT_ID} "
+COMMITID=$(cat commit)
+MAKEFLAGS="TOPDIR=.. -f ../Makefile COMMITID=${COMMITID} "
 MAKEFLAGS+="EFIDIR=%{efidir} PKGNAME=shim RELEASE=%{release} "
-MAKEFLAGS+="ENABLE_SHIM_HASH=true "
-MAKEFLAGS+="SBAT_AUTOMATIC_DATE=2023012900 "
+MAKEFLAGS+="ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true "
 MAKEFLAGS+="%{_smp_mflags}"
 if [ -f "%{SOURCE1}" ]; then
-	MAKEFLAGS="$MAKEFLAGS VENDOR_CERT_FILE=%{SOURCE1} "
+	MAKEFLAGS="$MAKEFLAGS VENDOR_CERT_FILE=%{SOURCE1}"
 fi
 if [ -f "%{SOURCE2}" ]; then
-	MAKEFLAGS="$MAKEFLAGS VENDOR_DBX_FILE=%{SOURCE2} "
+	MAKEFLAGS="$MAKEFLAGS VENDOR_DBX_FILE=%{SOURCE2}"
 fi
 
 cd build-%{efiarch}
@@ -100,16 +108,15 @@ make ${MAKEFLAGS} DEFAULT_LOADER='\\\\grub%{efiarch}.efi' all
 cd ..
 
 %install
-COMMIT_ID=5914984a1ffeab841f482c791426d7ca9935a5e6
-MAKEFLAGS="TOPDIR=.. -f ../Makefile COMMITID=${COMMIT_ID} "
+COMMITID=$(cat commit)
+MAKEFLAGS="TOPDIR=.. -f ../Makefile COMMITID=${COMMITID} "
 MAKEFLAGS+="EFIDIR=%{efidir} PKGNAME=shim RELEASE=%{release} "
-MAKEFLAGS+="ENABLE_SHIM_HASH=true "
-MAKEFLAGS+="SBAT_AUTOMATIC_DATE=2023012900 "
+MAKEFLAGS+="ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true "
 if [ -f "%{SOURCE1}" ]; then
-	MAKEFLAGS="$MAKEFLAGS VENDOR_CERT_FILE=%{SOURCE1} "
+	MAKEFLAGS="$MAKEFLAGS VENDOR_CERT_FILE=%{SOURCE1}"
 fi
 if [ -f "%{SOURCE2}" ]; then
-	MAKEFLAGS="$MAKEFLAGS VENDOR_DBX_FILE=%{SOURCE2} "
+	MAKEFLAGS="$MAKEFLAGS VENDOR_DBX_FILE=%{SOURCE2}"
 fi
 
 cd build-%{efiarch}
@@ -126,21 +133,12 @@ cd ..
 %dir %{shimdir}
 %{shimdir}/*.efi
 %{shimdir}/*.hash
-%{shimdir}/*.CSV
 
 %files debuginfo -f build-%{efiarch}/debugfiles.list
 
 %files debugsource -f build-%{efiarch}/debugsource.list
 
 %changelog
-* Wed Feb 07 2024 Peter Jones <pjones@redhat.com> - 15.8-2.el8
-- Rebuild to fix the commit ident and MAKEFLAGS
-  Resolves: RHEL-11259
-
-* Tue Dec 05 2023 Peter Jones <pjones@redhat.com> - 15.8-1.el8
-- Update to shim-15.8 for CVE-2023-40547
-  Resolves: RHEL-11259
-
 * Tue May 26 2020 Javier Martinez Canillas <javierm@redhat.com> - 15-6
 - Fix a shim crash when attempting to netboot
   Resolves: rhbz#1840036

sources

@@ -0,0 +1 @@
+SHA512 (shim-15.tar.bz2) = f7dfac774d644111431ca56da76b5575b891b0abad970b318edaede11a0d83c869728bc39cb6af3689bdb203c6826545caf8ddd3d14228831027e334963cf957