Update to shim-15.5

Related: rhbz#1932057 Signed-off-by: Peter Jones <pjones@redhat.com>
2022-03-02 10:13:48 -05:00 · 2022-03-02 10:13:48 -05:00 · de170311c8
commit de170311c8
parent 267499774a
5 changed files with 8 additions and 64 deletions
--- a/0001-Fix-a-broken-file-header-on-ia32.patch
+++ b/0001-Fix-a-broken-file-header-on-ia32.patch
@ -1,32 +0,0 @@
-From 1bea91ba72165d97c3b453cf769cb4bc5c07207a Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Wed, 31 Mar 2021 14:54:52 -0400
-Subject: [PATCH] Fix a broken file header on ia32
-
-Commit c6281c6a195edee61185 needs to have included a ". = ALIGN(4096)"
-directive before .reloc, but fails to do so.
-
-As a result, binutils, which does not care about the actual binary
-format's constraints in any way, does not enforce the section alignment,
-and it will not load.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
---
- elf_ia32_efi.lds | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/elf_ia32_efi.lds b/elf_ia32_efi.lds
-index 742e0a47a73..497a3a15265 100644
--- a/elf_ia32_efi.lds
-+++ b/elf_ia32_efi.lds
-@@ -15,6 +15,7 @@ SECTIONS
-    *(.gnu.linkonce.t.*)
-    _etext = .;
-   }
-+  . = ALIGN(4096);
-   .reloc :
-   {
-    *(.reloc)
-- 
-2.30.2
-
--- a/dbx.esl
+++ b/dbx.esl
--- a/sbat.redhat.csv
+++ b/sbat.redhat.csv
@ -1 +1 @@
-shim.redhat,1,Red Hat,shim,15.4-4,secalert@redhat.com
+shim.redhat,1,Red Hat Inc,shim,15.5,secalert@redhat.com
--- a/shim-unsigned-x64.spec
+++ b/shim-unsigned-x64.spec
@ -19,8 +19,8 @@
 %global dbxfile %{nil}

 Name:		shim-unsigned-%{efiarch}
-Version:	15.4
-Release:	4%{?dist}
+Version:	15.5
+Release:	1%{?dist}
 Summary:	First-stage UEFI bootloader
 ExclusiveArch:	x86_64
 License:	BSD
@ -34,8 +34,6 @@ Source3:	sbat.redhat.csv

 Source100:	shim-find-debuginfo.sh

-Patch0001:	0001-Fix-a-broken-file-header-on-ia32.patch
-
 BuildRequires:	gcc make
 BuildRequires:	elfutils-libelf-devel
 BuildRequires:	git openssl-devel openssl
@ -122,13 +120,6 @@ make ${MAKEFLAGS} \
 	all
 cd ..

-cd build-%{efialtarch}
-setarch linux32 -B make ${MAKEFLAGS} \
-	ARCH=%{efialtarch} \
-	DEFAULT_LOADER='\\\\grub%{efialtarch}.efi' \
-	all
-cd ..
-
 %install
 COMMITID=$(cat commit)
 MAKEFLAGS="TOPDIR=.. -f ../Makefile COMMITID=${COMMITID} "
@ -150,14 +141,6 @@ make ${MAKEFLAGS} \
 	install-as-data install-debuginfo install-debugsource
 cd ..

-cd build-%{efialtarch}
-setarch linux32 make ${MAKEFLAGS} \
-	ARCH=%{efialtarch} \
-	DEFAULT_LOADER='\\\\grub%{efialtarch}.efi' \
-	DESTDIR=${RPM_BUILD_ROOT} \
-	install-as-data install-debuginfo install-debugsource
-cd ..
-
 %files
 %license COPYRIGHT
 %dir %{shimrootdir}
@ -167,22 +150,15 @@ cd ..
 %{shimdir}/*.hash
 %{shimdir}/*.CSV

-%files -n shim-unsigned-%{efialtarch}
-%license COPYRIGHT
-%dir %{shimrootdir}
-%dir %{shimversiondir}
-%dir %{shimaltdir}
-%{shimaltdir}/*.efi
-%{shimaltdir}/*.hash
-%{shimaltdir}/*.CSV
-
 %files debuginfo -f build-%{efiarch}/debugfiles.list

-%files -n shim-unsigned-%{efialtarch}-debuginfo -f build-%{efialtarch}/debugfiles.list
-
 %files debugsource -f build-%{efiarch}/debugsource.list

 %changelog
+* Wed Mar 09 2022 Peter Jones <pjones@redhat.com> - 15.5-1
+- Update to shim-15.5
+  Related: rhbz#1932057
+
 * Thu Apr 01 2021 Peter Jones <pjones@redhat.com> - 15.4-4
 - Fix the sbat data to actually match /this/ product.
  Resolves: CVE-2020-14372
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (shim-15.4.tar.bz2) = b9712fe6964f60de251f1bff83914c4aac0f6430474c44741c059f31b72c2d5987c313cbb5e8bc07bfd04e61e6b511ea2d19a9975cde8c6127bc05f2de834526
+SHA512 (shim-15.5.tar.bz2) = 91fbda1ef0b4ea36538b57179488169f37eb8522d8dbbbf2eeb40708bc013073b4454b4205a957df13e1e15b9151c6013a8292691f9e3ab28ba7d0935fcc4fab