From 8e678969ab502fad01db2386c1b830c52b9c0e29 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Tue, 17 May 2022 06:47:43 -0400
Subject: [PATCH] import shim-unsigned-x64-15.5-1.el9

---
 .gitignore                      |   2 +-
 .shim-unsigned-x64.metadata     |   2 +-
 SOURCES/clsecureboot001.cer     | Bin 1561 -> 0 bytes
 SOURCES/redhatsecurebootca5.cer | Bin 0 -> 920 bytes
 SOURCES/sbat.cloudlinux.csv     |   1 -
 SOURCES/sbat.redhat.csv         |   1 +
 SPECS/shim-unsigned-x64.spec    |  66 +++++++++++---------------------
 7 files changed, 26 insertions(+), 46 deletions(-)
 delete mode 100644 SOURCES/clsecureboot001.cer
 create mode 100644 SOURCES/redhatsecurebootca5.cer
 delete mode 100644 SOURCES/sbat.cloudlinux.csv
 create mode 100644 SOURCES/sbat.redhat.csv

diff --git a/.gitignore b/.gitignore
index 9b85752..296cdd7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/shim-15.4.tar.bz2
+SOURCES/shim-15.5.tar.bz2
diff --git a/.shim-unsigned-x64.metadata b/.shim-unsigned-x64.metadata
index 1a84976..e0f79e9 100644
--- a/.shim-unsigned-x64.metadata
+++ b/.shim-unsigned-x64.metadata
@@ -1 +1 @@
-d70485792a300bfa66f551adf7ae766451dfe7c0 SOURCES/shim-15.4.tar.bz2
+b91f5eaced7ba1dcaef266af10763461889be5df SOURCES/shim-15.5.tar.bz2
diff --git a/SOURCES/clsecureboot001.cer b/SOURCES/clsecureboot001.cer
deleted file mode 100644
index ca9ce5d92a13320a2995ed90f173ea719a132d8f..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1561
zcmZ`(Yfuwc6wXbS1jzzo5X>OBh=_zHxtj+9!bnI+p+=zweAJF{O%_-i65K3=V6`P`
zg!+Oiw$+NM3{cvRbwp7M<Fi^Fr&c?izU+V&99!x@6`xhd?qX>9<FB1_&iCE(?RW0E
z&?}q_y~s1afDicmiPrXi7P+NN-Rg^uj^4IR2t$PvWWGG#!%zUkK|ENy6Bok?LP0Si
zl<*5p_;iSIK?o`>c2G4W<HU+cYnj7oca~D53o|Qp3OorWau_ihrzdHqvK-?+R0(Az
z7|Q9ubd^k*lcpFCo(5Anpa4|{fVtHS>9CPDY!P9nY%kz?r;WtSRH=h<lwx`vX3o>8
zU|e*l3WsV{DvoP4TGbnDs9{5GAcS5Z!6h(4C{7Uq1bAm>@_|6YFE-;+7(G78M}rNd
zop2L0iATV2PECX)*l5Dk>U3O<$HA#wY63bL*TU2^EXQ6+VmX8d(^It7PU5jJhO385
zA`5A%ieN~rfG#CiV@9QqDqzb&l8`jD9Hy((P@^7aCo5+n4C4+6Mny(D>xqpR<A~4@
zqmyQ^`5uyXjdNXZcUIak6XmF^#>~zVhEx6umhZ5RVFal3r5M(h>Ej0sf_MTi2<Nf+
z5WW`xUfsxU^u*bvD~p;BZT`ZlS{`kb44-UksA{RrQuYYu^$hfNSXL8{z3Jxm_5F?=
z<~F*2-+9$rbMCAi1d`_Zr}s=-r<7cKDqWaAboR!y?hlMv-_7Y>%d}hSB1Z;Kc<pEI
zo~_rU(~Ubq_aFXn;F5XqA%9oLTJwXR?&~1GwLE>x_Vo?>QeGcGz_P@TPE#k$jU}t{
z=C4WMHPazOp*1PT3fm+ruI6lS_~q`^8L{y-bu+Gf%@__g=3FU^|HN|Z8E=KQmHrw0
zI*CrQY%Us>cb>W=8$P+bYg<Ipp*uG-uRY9I)=;lh+*`M_f1Y7^OmN1n@88dtY`TB&
z&A#Sjt$r(C0C=Fq3;I|`u0fO?O{@ff=LjG2poWX4A##`kll@8lL|;M~!&GD_l~&rW
zu#R4IMTK2SR#{zE!c|776l?)j3WM1z7!)J|0HI(hl#j&__~HWxjH5WMt_peJFsrki
z-H!kr@_n)ZoF*%rE{bu|o|m*GX*i7&n}AG#QSV0XKPQV|<lQM6!;${WwM^NW&&X&P
z%K^fWC?s;@w!OA)=U3-;uM`$-Z10+y`}^@nFZh!<er@Fc^0NQ?P52te#}GZ#L6I=1
zv=#*dR;*aIp$zyQxcNaq1i5D*pq>w+q?~#eYnR*Y9;aJhXnxTwk!v=F7YKwQfz8bV
zV01@f!?{5q0>0>7n9VhhK+@rCzjllgEbu48Bs8(uEH~tubc=NhbLDzdL9qcd<u52+
zf|(19MO>0ymIeCpOTfNz>=FRp+_ZMjPwTEfKR;4G<Kvk*tA=j<{X^%7$o0qY(8gE4
zMR%(wK0mdkX;<}ikJ4&txj4N+v2)2|^j_8;%~IJBH?iv*pQS1Da&~s<<tNF1ZV-ox
zd5=;=BDJQ)G#DRaNUixX;k_%f4n#+mdpdf2_P0BAXx(kGW6*Q}bZ)=>dG@D`O}rr^
zO(!d6#<-~YhKw(p3S9X|dM{X}bRc<Q#{En72-1ke-=gM9=k_)XXUto3bVId`h?NYq
z5|?y&!&kM(x-dNSru2cWcW+$X;r_TP*<X5nNp2-D%e0u4Vj3;N<42<pz7yr&M!6Ax
W>;161eWzPCUA!^tNx{O73;zPg)%xE6

diff --git a/SOURCES/redhatsecurebootca5.cer b/SOURCES/redhatsecurebootca5.cer
new file mode 100644
index 0000000000000000000000000000000000000000..dfb0284954861282d1a0ce16c8c5cdc71c27659f
GIT binary patch
literal 920
zcmXqLVxD5q#8k6@nTe5!iIbtZm{+@~;bN2lFB_*;n@8JsUPeZ4RtAH3LoovpHs(+k
zE*{>X)D#7e#1b6^&%9(kLq!95kT^4s1XNrhI5oMnC{@8JKfgr5*-^pNP{}|6ZW<?}
zm~e4wa$-(uQHeuQYDz|8iC%Jku7R95uaSX)nSrH&g`ugjS(G@hv4w%5p#_vndj~Wz
zDj|ECk(GhDiIJbdpox)-sfm%1;oPoQj^Z+n3p+UXFTAqySFqmPd3*j?Ys@hSTEP8<
zf#2*zv*WjwCq+F|Q?70*n-_6VPwv(E$rjn}*LF=h`h($l`O@&r`;HrrOo-N1I9RfZ
zxvgQ_lF0WfJ6z&|9Ilj$E@Ww)^ZxU(`JeguueG>6NxP$#b?ru1p1aqn$3D)YB{Qqo
zjCvjz?|=HkE#3AN-xTZpws*U~)f@D<hHx*rr)(NEvzYZp!}C-TDRu*$;<gRCi<g-#
z^KFcsxIBILE9>Z{t~uwMZy8<;F%jD%$u6!n#qYzp^Sryh{C;x9qf@!N=T4ui@b#({
zSD&^p3kNZ=9lAQ9%xdfP9doNToV+k2^LHOF<JVRuW=00a#lZ%F2C~5TmgQp+V-Y!%
zzx26A#x764$+P!na8Gn8n>D{5oE&78StJa^8n7$i2k94PWc<&<YQPMnkb@nV)_}pz
z$RPVX&M7PHOp)E}n3L-lp9;}?o3i@APVs%}E9D|KM%wramRy`J6~x-Y+I90o>xr*#
z`sciS&XK#@>h!OC8{=mczNLHbADCJ+pE=-CsaDOF#s}?5Q)1qq&%R~#cz>QmiAiVx
zk5XXYstAL9d+iK-w@u$FES<YPN5Z<$i*sS8`10oxUvmRDUKTjPckPLhB$Kz)rb~A;
z7pqN`Wn_C2lv%-c*}%nRLuvV$khM?pl$8F*{-4ao^K*vP9Lw!IjTb)uU|-JJoj<4R
z;o3irGXj>ybMIPOFY~9lmn~9nUf%vMc88@((p0B(#qL+!COmt7`j5IhPVzo{cRPw}
Pd!}BnFF!b8N6JS4>O*3Z

literal 0
HcmV?d00001

diff --git a/SOURCES/sbat.cloudlinux.csv b/SOURCES/sbat.cloudlinux.csv
deleted file mode 100644
index c39de2e..0000000
--- a/SOURCES/sbat.cloudlinux.csv
+++ /dev/null
@@ -1 +0,0 @@
-shim.cloudlinux,1,CloudLinux,shim,15.4-4,security@cloudlinux.com
diff --git a/SOURCES/sbat.redhat.csv b/SOURCES/sbat.redhat.csv
new file mode 100644
index 0000000..2135543
--- /dev/null
+++ b/SOURCES/sbat.redhat.csv
@@ -0,0 +1 @@
+shim.redhat,1,Red Hat Inc,shim,15.5,secalert@redhat.com
diff --git a/SPECS/shim-unsigned-x64.spec b/SPECS/shim-unsigned-x64.spec
index b375f68..26331e2 100644
--- a/SPECS/shim-unsigned-x64.spec
+++ b/SPECS/shim-unsigned-x64.spec
@@ -1,7 +1,7 @@
 %global pesign_vre 0.106-1
 %global openssl_vre 1.0.2j
 
-%global efidir almalinux
+%global efidir %(eval echo $(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/'))
 %global shimrootdir %{_datadir}/shim/
 %global shimversiondir %{shimrootdir}/%{version}-%{release}
 %global efiarch x64
@@ -19,23 +19,21 @@
 %global dbxfile %{nil}
 
 Name:		shim-unsigned-%{efiarch}
-Version:	15.4
-Release:	4%{?dist}.alma
+Version:	15.5
+Release:	1.el9
 Summary:	First-stage UEFI bootloader
 ExclusiveArch:	x86_64
 License:	BSD
 URL:		https://github.com/rhboot/shim
 Source0:	https://github.com/rhboot/shim/releases/download/%{version}/shim-%{version}.tar.bz2
-Source1:	clsecureboot001.cer
+Source1:	redhatsecurebootca5.cer
 %if 0%{?dbxfile}
 Source2:	%{dbxfile}
 %endif
-Source3:	sbat.cloudlinux.csv
+Source3:	sbat.redhat.csv
 
 Source100:	shim-find-debuginfo.sh
 
-Patch0001:	0001-Fix-a-broken-file-header-on-ia32.patch
-
 BuildRequires:	gcc make
 BuildRequires:	elfutils-libelf-devel
 BuildRequires:	git openssl-devel openssl
@@ -122,13 +120,6 @@ make ${MAKEFLAGS} \
 	all
 cd ..
 
-cd build-%{efialtarch}
-setarch linux32 -B make ${MAKEFLAGS} \
-	ARCH=%{efialtarch} \
-	DEFAULT_LOADER='\\\\grub%{efialtarch}.efi' \
-	all
-cd ..
-
 %install
 COMMITID=$(cat commit)
 MAKEFLAGS="TOPDIR=.. -f ../Makefile COMMITID=${COMMITID} "
@@ -150,14 +141,6 @@ make ${MAKEFLAGS} \
 	install-as-data install-debuginfo install-debugsource
 cd ..
 
-cd build-%{efialtarch}
-setarch linux32 make ${MAKEFLAGS} \
-	ARCH=%{efialtarch} \
-	DEFAULT_LOADER='\\\\grub%{efialtarch}.efi' \
-	DESTDIR=${RPM_BUILD_ROOT} \
-	install-as-data install-debuginfo install-debugsource
-cd ..
-
 %files
 %license COPYRIGHT
 %dir %{shimrootdir}
@@ -167,24 +150,14 @@ cd ..
 %{shimdir}/*.hash
 %{shimdir}/*.CSV
 
-%files -n shim-unsigned-%{efialtarch}
-%license COPYRIGHT
-%dir %{shimrootdir}
-%dir %{shimversiondir}
-%dir %{shimaltdir}
-%{shimaltdir}/*.efi
-%{shimaltdir}/*.hash
-%{shimaltdir}/*.CSV
-
 %files debuginfo -f build-%{efiarch}/debugfiles.list
 
-%files -n shim-unsigned-%{efialtarch}-debuginfo -f build-%{efialtarch}/debugfiles.list
-
 %files debugsource -f build-%{efiarch}/debugsource.list
 
 %changelog
-* Fri Apr 02 2021 Andrew Lukoshko <alukoshko@almalinux.org> - 15.4-4.alma
-- Use CloudLinux vendor cert and SBAT entry
+* Wed Mar 09 2022 Peter Jones <pjones@redhat.com> - 15.5-1
+- Update to shim-15.5
+  Related: rhbz#1932057
 
 * Thu Apr 01 2021 Peter Jones <pjones@redhat.com> - 15.4-4
 - Fix the sbat data to actually match /this/ product.
@@ -254,17 +227,24 @@ cd ..
 - Fix MoK mirroring issue which breaks kdump without intervention
   Related: rhbz#1668966
 
-* Fri Jul 20 2018 Peter Jones <pjones@redhat.com> - 15-1
+* Thu Apr 05 2018 Peter Jones <pjones@redhat.com> - 15-1
 - Update to shim 15
+- better checking for bad linker output
+- flicker-free console if there's no error output
+- improved http boot support
+- better protocol re-installation
+- dhcp proxy support
+- tpm measurement even when verification is disabled
+- REQUIRE_TPM build flag
+- more reproducable builds
+- measurement of everything verified through shim_verify()
+- coverity and scan-build checker make targets
+- misc cleanups
 
-* Tue Sep 19 2017 Peter Jones <pjones@redhat.com> - 13-3
-- Actually update to the *real* 13 final.
-  Related: rhbz#1489604
+* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 13-0.2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
 
-* Thu Aug 31 2017 Peter Jones <pjones@redhat.com> - 13-2
-- Actually update to 13 final.
-
-* Fri Aug 18 2017 Peter Jones <pjones@redhat.com> - 13-1
+* Fri Aug 18 2017 Peter Jones <pjones@redhat.com> - 13-0.1
 - Make a new shim-unsigned-x64 package like the shim-unsigned-aarch64 one.
 - This will (eventually) supersede what's in the "shim" package so we can
   make "shim" hold the signed one, which will confuse fewer people.