Update to shim-15.8 for CVE-2023-40547

Resolves: RHEL-56466

Signed-off-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
This commit is contained in:
Peter Jones 2023-12-02 11:56:29 -05:00 committed by Nicolas Frayer
parent 3b90d8001a
commit 95f451bef7
5 changed files with 12 additions and 6 deletions

BIN
redhatsecurebootca8.cer Normal file

Binary file not shown.

View File

@ -1 +1 @@
shim.redhat,1,Red Hat Inc,shim,15.5,secalert@redhat.com
shim.redhat,3,Red Hat Inc,shim,15.8,secalert@redhat.com

1 shim.redhat 1 3 Red Hat Inc shim 15.5 15.8 secalert@redhat.com

View File

@ -19,14 +19,14 @@
%global dbxfile %{nil}
Name: shim-unsigned-%{efiarch}
Version: 15.6
Version: 15.8
Release: 1.el9
Summary: First-stage UEFI bootloader
ExclusiveArch: x86_64
License: BSD
URL: https://github.com/rhboot/shim
Source0: https://github.com/rhboot/shim/releases/download/%{version}/shim-%{version}.tar.bz2
Source1: redhatsecurebootca5.cer
Source1: vendordb.esl
%if 0%{?dbxfile}
Source2: %{dbxfile}
%endif
@ -107,9 +107,10 @@ COMMITID=$(cat commit)
MAKEFLAGS="TOPDIR=.. -f ../Makefile COMMITID=${COMMITID} "
MAKEFLAGS+="EFIDIR=%{efidir} PKGNAME=shim RELEASE=%{release} "
MAKEFLAGS+="ENABLE_SHIM_HASH=true "
MAKEFLAGS+="SBAT_AUTOMATIC_DATE=2023012900 "
MAKEFLAGS+="%{_smp_mflags}"
if [ -f "%{SOURCE1}" ]; then
MAKEFLAGS="$MAKEFLAGS VENDOR_CERT_FILE=%{SOURCE1}"
MAKEFLAGS="$MAKEFLAGS VENDOR_DB_FILE=%{SOURCE1}"
fi
%if 0%{?dbxfile}
if [ -f "%{SOURCE2}" ]; then
@ -128,8 +129,9 @@ COMMITID=$(cat commit)
MAKEFLAGS="TOPDIR=.. -f ../Makefile COMMITID=${COMMITID} "
MAKEFLAGS+="EFIDIR=%{efidir} PKGNAME=shim RELEASE=%{release} "
MAKEFLAGS+="ENABLE_SHIM_HASH=true "
MAKEFLAGS+="SBAT_AUTOMATIC_DATE=2023012900 "
if [ -f "%{SOURCE1}" ]; then
MAKEFLAGS="$MAKEFLAGS VENDOR_CERT_FILE=%{SOURCE1}"
MAKEFLAGS="$MAKEFLAGS VENDOR_DB_FILE=%{SOURCE1}"
fi
%if 0%{?dbxfile}
if [ -f "%{SOURCE2}" ]; then
@ -158,6 +160,10 @@ cd ..
%files debugsource -f build-%{efiarch}/debugsource.list
%changelog
* Tue Jan 23 2024 Peter Jones <pjones@redhat.com> - 15.8-1.el9
- Update to shim-15.8 for CVE-2023-40547
Resolves: RHEL-56466
* Wed Jun 01 2022 Peter Jones <pjones@redhat.com> - 15.6-1.el9
- Update to shim-15.6
Resolves: CVE-2022-28737

View File

@ -1 +1 @@
SHA512 (shim-15.6.tar.bz2) = ddc5d5234851d05ed7124ad748ad3fee2df8a335493948a045653322c873f3f055d34894aeb2ac7495086984ca62183907d341e46e6bdf108856e39c646455fc
SHA512 (shim-15.8.tar.bz2) = 30b3390ae935121ea6fe728d8f59d37ded7b918ad81bea06e213464298b4bdabbca881b30817965bd397facc596db1ad0b8462a84c87896ce6c1204b19371cd1

BIN
vendordb.esl Normal file

Binary file not shown.