From d3b5b82bbe57530c6a8f5240edeb2b1060a2d1f6 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Thu, 16 Jun 2022 09:12:06 -0400 Subject: [PATCH] import shim-unsigned-x64-15.6-1.el8 --- .gitignore | 2 +- .shim-unsigned-x64.metadata | 2 +- SOURCES/dbx.esl | 0 SOURCES/shim.patches | 0 SPECS/shim-unsigned-x64.spec | 49 ++++++++++++++++++++---------------- 5 files changed, 29 insertions(+), 24 deletions(-) create mode 100644 SOURCES/dbx.esl create mode 100644 SOURCES/shim.patches diff --git a/.gitignore b/.gitignore index 296cdd7..6b84d7a 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/shim-15.5.tar.bz2 +SOURCES/shim-15.6.tar.bz2 diff --git a/.shim-unsigned-x64.metadata b/.shim-unsigned-x64.metadata index e0f79e9..b5fa713 100644 --- a/.shim-unsigned-x64.metadata +++ b/.shim-unsigned-x64.metadata @@ -1 +1 @@ -b91f5eaced7ba1dcaef266af10763461889be5df SOURCES/shim-15.5.tar.bz2 +3df0ab5cefc74fdf865cb36aea0e923cb4b6b3ed SOURCES/shim-15.6.tar.bz2 diff --git a/SOURCES/dbx.esl b/SOURCES/dbx.esl new file mode 100644 index 0000000..e69de29 diff --git a/SOURCES/shim.patches b/SOURCES/shim.patches new file mode 100644 index 0000000..e69de29 diff --git a/SPECS/shim-unsigned-x64.spec b/SPECS/shim-unsigned-x64.spec index f27c7b8..af8e455 100644 --- a/SPECS/shim-unsigned-x64.spec +++ b/SPECS/shim-unsigned-x64.spec @@ -1,6 +1,13 @@ %global pesign_vre 0.106-1 +%global gnuefi_vre 1:3.0.5-6 %global openssl_vre 1.0.2j +%global debug_package %{nil} +%global __debug_package 1 +%global _binaries_in_noarch_packages_terminate_build 0 +%global __debug_install_post %{SOURCE100} x64 ia32 +%undefine _debuginfo_subpackages + %global efidir %(eval echo $(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/')) %global shimrootdir %{_datadir}/shim/ %global shimversiondir %{shimrootdir}/%{version}-%{release} @@ -9,17 +16,8 @@ %global efialtarch ia32 %global shimaltdir %{shimversiondir}/%{efialtarch} -%global debug_package %{nil} -%global __debug_package 1 -%global _binaries_in_noarch_packages_terminate_build 0 -%global __debug_install_post %{SOURCE100} %{efiarch} %{efialtarch} -%undefine _debuginfo_subpackages - -# currently here's what's in our dbx: nothing -%global dbxfile %{nil} - Name: shim-unsigned-%{efiarch} -Version: 15.5 +Version: 15.6 Release: 1.el8 Summary: First-stage UEFI bootloader ExclusiveArch: x86_64 @@ -27,13 +25,16 @@ License: BSD URL: https://github.com/rhboot/shim Source0: https://github.com/rhboot/shim/releases/download/%{version}/shim-%{version}.tar.bz2 Source1: redhatsecurebootca5.cer -%if 0%{?dbxfile} -Source2: %{dbxfile} -%endif +# currently here's what's in our dbx: +# nothing. +Source2: dbx.esl Source3: sbat.redhat.csv +Source4: shim.patches Source100: shim-find-debuginfo.sh +%include %{SOURCE4} + BuildRequires: gcc make BuildRequires: elfutils-libelf-devel BuildRequires: git openssl-devel openssl @@ -94,7 +95,7 @@ BuildArch: noarch %debug_desc %prep -%autosetup -S git -n shim-%{version} +%autosetup -S git_am -n shim-%{version} git config --unset user.email git config --unset user.name mkdir build-%{efiarch} @@ -115,18 +116,22 @@ if [ -s "%{SOURCE2}" ]; then fi cd build-%{efiarch} -make ${MAKEFLAGS} DEFAULT_LOADER='\\\\grub%{efiarch}.efi' all +make ${MAKEFLAGS} \ + DEFAULT_LOADER='\\\\grub%{efiarch}.efi' \ + all cd .. cd build-%{efialtarch} -setarch linux32 -B make ${MAKEFLAGS} ARCH=%{efialtarch} DEFAULT_LOADER='\\\\grub%{efialtarch}.efi' all +setarch linux32 -B make ${MAKEFLAGS} ARCH=%{efialtarch} \ + DEFAULT_LOADER='\\\\grub%{efialtarch}.efi' \ + all cd .. %install COMMITID=$(cat commit) MAKEFLAGS="TOPDIR=.. -f ../Makefile COMMITID=${COMMITID} " MAKEFLAGS+="EFIDIR=%{efidir} PKGNAME=shim RELEASE=%{release} " -MAKEFLAGS+="ENABLE_SHIM_HASH=true " +MAKEFLAGS+="ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true " if [ -s "%{SOURCE1}" ]; then MAKEFLAGS="$MAKEFLAGS VENDOR_CERT_FILE=%{SOURCE1}" fi @@ -153,18 +158,18 @@ cd .. %dir %{shimrootdir} %dir %{shimversiondir} %dir %{shimdir} +%{shimdir}/*.CSV %{shimdir}/*.efi %{shimdir}/*.hash -%{shimdir}/*.CSV %files -n shim-unsigned-%{efialtarch} %license COPYRIGHT %dir %{shimrootdir} %dir %{shimversiondir} %dir %{shimaltdir} +%{shimaltdir}/*.CSV %{shimaltdir}/*.efi %{shimaltdir}/*.hash -%{shimaltdir}/*.CSV %files debuginfo -f build-%{efiarch}/debugfiles.list @@ -173,9 +178,9 @@ cd .. %files debugsource -f build-%{efiarch}/debugsource.list %changelog -* Wed Mar 09 2022 Peter Jones - 15.5-1.el8 -- Update to shim-15.5 - Related: rhbz#1982071 +* Wed Jun 01 2022 Peter Jones - 15.6-1.el8 +- Update to shim-15.6 + Resolves: CVE-2022-28737 * Thu Sep 17 2020 Peter Jones - 15-9.el8 - Fix an incorrect allocation size.