From de170311c881e5acdecf128a9ed6a49766b51e58 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 2 Mar 2022 10:13:48 -0500 Subject: [PATCH] Update to shim-15.5 Related: rhbz#1932057 Signed-off-by: Peter Jones --- 0001-Fix-a-broken-file-header-on-ia32.patch | 32 ------------------ dbx.esl | 0 sbat.redhat.csv | 2 +- shim-unsigned-x64.spec | 36 ++++----------------- sources | 2 +- 5 files changed, 8 insertions(+), 64 deletions(-) delete mode 100644 0001-Fix-a-broken-file-header-on-ia32.patch delete mode 100644 dbx.esl diff --git a/0001-Fix-a-broken-file-header-on-ia32.patch b/0001-Fix-a-broken-file-header-on-ia32.patch deleted file mode 100644 index 1fbcb33..0000000 --- a/0001-Fix-a-broken-file-header-on-ia32.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 1bea91ba72165d97c3b453cf769cb4bc5c07207a Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Wed, 31 Mar 2021 14:54:52 -0400 -Subject: [PATCH] Fix a broken file header on ia32 - -Commit c6281c6a195edee61185 needs to have included a ". = ALIGN(4096)" -directive before .reloc, but fails to do so. - -As a result, binutils, which does not care about the actual binary -format's constraints in any way, does not enforce the section alignment, -and it will not load. - -Signed-off-by: Peter Jones ---- - elf_ia32_efi.lds | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/elf_ia32_efi.lds b/elf_ia32_efi.lds -index 742e0a47a73..497a3a15265 100644 ---- a/elf_ia32_efi.lds -+++ b/elf_ia32_efi.lds -@@ -15,6 +15,7 @@ SECTIONS - *(.gnu.linkonce.t.*) - _etext = .; - } -+ . = ALIGN(4096); - .reloc : - { - *(.reloc) --- -2.30.2 - diff --git a/dbx.esl b/dbx.esl deleted file mode 100644 index e69de29..0000000 diff --git a/sbat.redhat.csv b/sbat.redhat.csv index bc47dae..2135543 100644 --- a/sbat.redhat.csv +++ b/sbat.redhat.csv @@ -1 +1 @@ -shim.redhat,1,Red Hat,shim,15.4-4,secalert@redhat.com +shim.redhat,1,Red Hat Inc,shim,15.5,secalert@redhat.com diff --git a/shim-unsigned-x64.spec b/shim-unsigned-x64.spec index a946ccb..32ec96b 100644 --- a/shim-unsigned-x64.spec +++ b/shim-unsigned-x64.spec @@ -19,8 +19,8 @@ %global dbxfile %{nil} Name: shim-unsigned-%{efiarch} -Version: 15.4 -Release: 4%{?dist} +Version: 15.5 +Release: 1%{?dist} Summary: First-stage UEFI bootloader ExclusiveArch: x86_64 License: BSD @@ -34,8 +34,6 @@ Source3: sbat.redhat.csv Source100: shim-find-debuginfo.sh -Patch0001: 0001-Fix-a-broken-file-header-on-ia32.patch - BuildRequires: gcc make BuildRequires: elfutils-libelf-devel BuildRequires: git openssl-devel openssl @@ -122,13 +120,6 @@ make ${MAKEFLAGS} \ all cd .. -cd build-%{efialtarch} -setarch linux32 -B make ${MAKEFLAGS} \ - ARCH=%{efialtarch} \ - DEFAULT_LOADER='\\\\grub%{efialtarch}.efi' \ - all -cd .. - %install COMMITID=$(cat commit) MAKEFLAGS="TOPDIR=.. -f ../Makefile COMMITID=${COMMITID} " @@ -150,14 +141,6 @@ make ${MAKEFLAGS} \ install-as-data install-debuginfo install-debugsource cd .. -cd build-%{efialtarch} -setarch linux32 make ${MAKEFLAGS} \ - ARCH=%{efialtarch} \ - DEFAULT_LOADER='\\\\grub%{efialtarch}.efi' \ - DESTDIR=${RPM_BUILD_ROOT} \ - install-as-data install-debuginfo install-debugsource -cd .. - %files %license COPYRIGHT %dir %{shimrootdir} @@ -167,22 +150,15 @@ cd .. %{shimdir}/*.hash %{shimdir}/*.CSV -%files -n shim-unsigned-%{efialtarch} -%license COPYRIGHT -%dir %{shimrootdir} -%dir %{shimversiondir} -%dir %{shimaltdir} -%{shimaltdir}/*.efi -%{shimaltdir}/*.hash -%{shimaltdir}/*.CSV - %files debuginfo -f build-%{efiarch}/debugfiles.list -%files -n shim-unsigned-%{efialtarch}-debuginfo -f build-%{efialtarch}/debugfiles.list - %files debugsource -f build-%{efiarch}/debugsource.list %changelog +* Wed Mar 09 2022 Peter Jones - 15.5-1 +- Update to shim-15.5 + Related: rhbz#1932057 + * Thu Apr 01 2021 Peter Jones - 15.4-4 - Fix the sbat data to actually match /this/ product. Resolves: CVE-2020-14372 diff --git a/sources b/sources index 470fcf2..fe04942 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (shim-15.4.tar.bz2) = b9712fe6964f60de251f1bff83914c4aac0f6430474c44741c059f31b72c2d5987c313cbb5e8bc07bfd04e61e6b511ea2d19a9975cde8c6127bc05f2de834526 +SHA512 (shim-15.5.tar.bz2) = 91fbda1ef0b4ea36538b57179488169f37eb8522d8dbbbf2eeb40708bc013073b4454b4205a957df13e1e15b9151c6013a8292691f9e3ab28ba7d0935fcc4fab