diff --git a/SOURCES/clsecureboot001.cer b/SOURCES/clsecureboot001.cer new file mode 100644 index 0000000..ca9ce5d Binary files /dev/null and b/SOURCES/clsecureboot001.cer differ diff --git a/SOURCES/redhatsecurebootca5.cer b/SOURCES/redhatsecurebootca5.cer deleted file mode 100644 index dfb0284..0000000 Binary files a/SOURCES/redhatsecurebootca5.cer and /dev/null differ diff --git a/SOURCES/sbat.cloudlinux.csv b/SOURCES/sbat.cloudlinux.csv new file mode 100644 index 0000000..c39de2e --- /dev/null +++ b/SOURCES/sbat.cloudlinux.csv @@ -0,0 +1 @@ +shim.cloudlinux,1,CloudLinux,shim,15.4-4,security@cloudlinux.com diff --git a/SOURCES/sbat.redhat.csv b/SOURCES/sbat.redhat.csv deleted file mode 100644 index bc47dae..0000000 --- a/SOURCES/sbat.redhat.csv +++ /dev/null @@ -1 +0,0 @@ -shim.redhat,1,Red Hat,shim,15.4-4,secalert@redhat.com diff --git a/SPECS/shim-unsigned-x64.spec b/SPECS/shim-unsigned-x64.spec index 32435b7..b375f68 100644 --- a/SPECS/shim-unsigned-x64.spec +++ b/SPECS/shim-unsigned-x64.spec @@ -1,7 +1,7 @@ %global pesign_vre 0.106-1 %global openssl_vre 1.0.2j -%global efidir %(eval echo $(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/')) +%global efidir almalinux %global shimrootdir %{_datadir}/shim/ %global shimversiondir %{shimrootdir}/%{version}-%{release} %global efiarch x64 @@ -20,17 +20,17 @@ Name: shim-unsigned-%{efiarch} Version: 15.4 -Release: 4%{?dist} +Release: 4%{?dist}.alma Summary: First-stage UEFI bootloader ExclusiveArch: x86_64 License: BSD URL: https://github.com/rhboot/shim Source0: https://github.com/rhboot/shim/releases/download/%{version}/shim-%{version}.tar.bz2 -Source1: redhatsecurebootca5.cer +Source1: clsecureboot001.cer %if 0%{?dbxfile} Source2: %{dbxfile} %endif -Source3: sbat.redhat.csv +Source3: sbat.cloudlinux.csv Source100: shim-find-debuginfo.sh @@ -183,6 +183,9 @@ cd .. %files debugsource -f build-%{efiarch}/debugsource.list %changelog +* Fri Apr 02 2021 Andrew Lukoshko - 15.4-4.alma +- Use CloudLinux vendor cert and SBAT entry + * Thu Apr 01 2021 Peter Jones - 15.4-4 - Fix the sbat data to actually match /this/ product. Resolves: CVE-2020-14372