Update to shim-15.8 for CVE-2023-40547

Resolves: RHEL-56466 Signed-off-by: Peter Jones <pjones@redhat.com> Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
2023-12-02 11:56:29 -05:00 · 2023-12-02 11:56:29 -05:00 · 95f451bef7
commit 95f451bef7
parent 3b90d8001a
5 changed files with 12 additions and 6 deletions
--- a/redhatsecurebootca8.cer
+++ b/redhatsecurebootca8.cer
--- a/sbat.redhat.csv
+++ b/sbat.redhat.csv
@ -1 +1 @@
-shim.redhat,1,Red Hat Inc,shim,15.5,secalert@redhat.com
+shim.redhat,3,Red Hat Inc,shim,15.8,secalert@redhat.com
--- a/shim-unsigned-x64.spec
+++ b/shim-unsigned-x64.spec
@ -19,14 +19,14 @@
 %global dbxfile %{nil}
 Name:		shim-unsigned-%{efiarch}
-Version:	15.6
+Version:	15.8
 Release:	1.el9
 Summary:	First-stage UEFI bootloader
 ExclusiveArch:	x86_64
 License:	BSD
 URL:		https://github.com/rhboot/shim
 Source0:	https://github.com/rhboot/shim/releases/download/%{version}/shim-%{version}.tar.bz2
-Source1:	redhatsecurebootca5.cer
+Source1:	vendordb.esl
 %if 0%{?dbxfile}
 Source2:	%{dbxfile}
 %endif
@ -107,9 +107,10 @@ COMMITID=$(cat commit)
 MAKEFLAGS="TOPDIR=.. -f ../Makefile COMMITID=${COMMITID} "
 MAKEFLAGS+="EFIDIR=%{efidir} PKGNAME=shim RELEASE=%{release} "
 MAKEFLAGS+="ENABLE_SHIM_HASH=true "
 MAKEFLAGS+="SBAT_AUTOMATIC_DATE=2023012900 "
 MAKEFLAGS+="%{_smp_mflags}"
 if [ -f "%{SOURCE1}" ]; then
-	MAKEFLAGS="$MAKEFLAGS VENDOR_CERT_FILE=%{SOURCE1}"
+	MAKEFLAGS="$MAKEFLAGS VENDOR_DB_FILE=%{SOURCE1}"
 fi
 %if 0%{?dbxfile}
 if [ -f "%{SOURCE2}" ]; then
@ -128,8 +129,9 @@ COMMITID=$(cat commit)
 MAKEFLAGS="TOPDIR=.. -f ../Makefile COMMITID=${COMMITID} "
 MAKEFLAGS+="EFIDIR=%{efidir} PKGNAME=shim RELEASE=%{release} "
 MAKEFLAGS+="ENABLE_SHIM_HASH=true "
 MAKEFLAGS+="SBAT_AUTOMATIC_DATE=2023012900 "
 if [ -f "%{SOURCE1}" ]; then
-	MAKEFLAGS="$MAKEFLAGS VENDOR_CERT_FILE=%{SOURCE1}"
+	MAKEFLAGS="$MAKEFLAGS VENDOR_DB_FILE=%{SOURCE1}"
 fi
 %if 0%{?dbxfile}
 if [ -f "%{SOURCE2}" ]; then
@ -158,6 +160,10 @@ cd ..
 %files debugsource -f build-%{efiarch}/debugsource.list
 %changelog
 * Tue Jan 23 2024 Peter Jones <pjones@redhat.com> - 15.8-1.el9
 - Update to shim-15.8 for CVE-2023-40547
  Resolves: RHEL-56466
 * Wed Jun 01 2022 Peter Jones <pjones@redhat.com> - 15.6-1.el9
 - Update to shim-15.6
  Resolves: CVE-2022-28737
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (shim-15.6.tar.bz2) = ddc5d5234851d05ed7124ad748ad3fee2df8a335493948a045653322c873f3f055d34894aeb2ac7495086984ca62183907d341e46e6bdf108856e39c646455fc
+SHA512 (shim-15.8.tar.bz2) = 30b3390ae935121ea6fe728d8f59d37ded7b918ad81bea06e213464298b4bdabbca881b30817965bd397facc596db1ad0b8462a84c87896ce6c1204b19371cd1
--- a/vendordb.esl
+++ b/vendordb.esl
`@ -1 +1 @@`
	`shim.redhat,1,Red Hat Inc,shim,15.5,secalert@redhat.com`	`shim.redhat,3,Red Hat Inc,shim,15.8,secalert@redhat.com`
`@ -1 +1 @@`
	`SHA512 (shim-15.6.tar.bz2) = ddc5d5234851d05ed7124ad748ad3fee2df8a335493948a045653322c873f3f055d34894aeb2ac7495086984ca62183907d341e46e6bdf108856e39c646455fc`	`SHA512 (shim-15.8.tar.bz2) = 30b3390ae935121ea6fe728d8f59d37ded7b918ad81bea06e213464298b4bdabbca881b30817965bd397facc596db1ad0b8462a84c87896ce6c1204b19371cd1`