rpms/shim-unsigned-x64
7
0
Fork 0
Code Issues Pull Requests Releases Activity

AlmaLinux chages

Browse Source
This commit is contained in:
eabdullin 2022-06-17 16:15:44 +03:00
parent 8e51097acc
commit 7b7c17dc74
6 changed files with 8 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
SOURCES/0001-Fix-a-broken-file-header-on-ia32.patch
View File

@ -1,32 +0,0 @@
From 1bea91ba72165d97c3b453cf769cb4bc5c07207a Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 31 Mar 2021 14:54:52 -0400
Subject: [PATCH] Fix a broken file header on ia32
Commit c6281c6a195edee61185 needs to have included a ". = ALIGN(4096)"
directive before .reloc, but fails to do so.
As a result, binutils, which does not care about the actual binary
format's constraints in any way, does not enforce the section alignment,
and it will not load.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
elf_ia32_efi.lds | 1 +
1 file changed, 1 insertion(+)
diff --git a/elf_ia32_efi.lds b/elf_ia32_efi.lds
index 742e0a47a73..497a3a15265 100644
--- a/elf_ia32_efi.lds
+++ b/elf_ia32_efi.lds
@@ -15,6 +15,7 @@ SECTIONS
*(.gnu.linkonce.t.*)
_etext = .;
}
+ . = ALIGN(4096);
.reloc :
{
*(.reloc)
--
2.30.2

BIN
SOURCES/clsecureboot001.cer Normal file
View File

Binary file not shown.

BIN
SOURCES/redhatsecurebootca5.cer
View File

Binary file not shown.

1
SOURCES/sbat.cloudlinux.csv Normal file
View File

@ -0,0 +1 @@
shim.cloudlinux,2,CloudLinux,shim,15.6,security@cloudlinux.com
1 shim.cloudlinux 2 CloudLinux shim 15.6 security@cloudlinux.com

1
SOURCES/sbat.redhat.csv
View File

@ -1 +0,0 @@
shim.redhat,1,Red Hat Inc,shim,15.5,secalert@redhat.com
1 shim.redhat 1 Red Hat Inc shim 15.5 secalert@redhat.com

11
SPECS/shim-unsigned-x64.spec
View File

@ -1,7 +1,7 @@
%global pesign_vre 0.106-1 %global pesign_vre 0.106-1
%global openssl_vre 1.0.2j %global openssl_vre 1.0.2j
%global efidir %(eval echo $(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/')) %global efidir almalinux
%global shimrootdir %{_datadir}/shim/ %global shimrootdir %{_datadir}/shim/
%global shimversiondir %{shimrootdir}/%{version}-%{release} %global shimversiondir %{shimrootdir}/%{version}-%{release}
%global efiarch x64 %global efiarch x64
@ -20,17 +20,17 @@
Name: shim-unsigned-%{efiarch} Name: shim-unsigned-%{efiarch}
Version: 15.6 Version: 15.6
Release: 1.el9 Release: 1.el9.alma
Summary: First-stage UEFI bootloader Summary: First-stage UEFI bootloader
ExclusiveArch: x86_64 ExclusiveArch: x86_64
License: BSD License: BSD
URL: https://github.com/rhboot/shim URL: https://github.com/rhboot/shim
Source0: https://github.com/rhboot/shim/releases/download/%{version}/shim-%{version}.tar.bz2 Source0: https://github.com/rhboot/shim/releases/download/%{version}/shim-%{version}.tar.bz2
Source1: redhatsecurebootca5.cer Source1: clsecureboot001.cer
%if 0%{?dbxfile} %if 0%{?dbxfile}
Source2: %{dbxfile} Source2: %{dbxfile}
%endif %endif
Source3: sbat.redhat.csv Source3: sbat.cloudlinux.csv
Source4: shim.patches Source4: shim.patches
Source100: shim-find-debuginfo.sh Source100: shim-find-debuginfo.sh
@ -158,6 +158,9 @@ cd ..
%files debugsource -f build-%{efiarch}/debugsource.list %files debugsource -f build-%{efiarch}/debugsource.list
%changelog %changelog
* Fri Jun 17 2022 Eduard Abdullin <eabdullin@almalinux.org> - 15.6-1.el9.alma
- Use CloudLinux vendor cert and SBAT entry
* Wed Jun 01 2022 Peter Jones <pjones@redhat.com> - 15.6-1.el9 * Wed Jun 01 2022 Peter Jones <pjones@redhat.com> - 15.6-1.el9
- Update to shim-15.6 - Update to shim-15.6
Resolves: CVE-2022-28737 Resolves: CVE-2022-28737