From 0d1306317dac790988ce38bc0eccd816aa8a6d41 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 30 Mar 2021 11:34:59 -0400 Subject: [PATCH] import shim-15-16.el8 --- .shim.metadata | 4 ++-- SOURCES/redhatsecureboot501.cer | Bin 0 -> 964 bytes SOURCES/redhatsecurebootca5.cer | Bin 0 -> 920 bytes SOURCES/secureboot.cer | Bin 839 -> 0 bytes SOURCES/securebootca.cer | Bin 977 -> 0 bytes SOURCES/shim.rpmmacros | 6 +++--- SPECS/shim.spec | 30 ++++++++++++++++++++++-------- 7 files changed, 27 insertions(+), 13 deletions(-) create mode 100644 SOURCES/redhatsecureboot501.cer create mode 100644 SOURCES/redhatsecurebootca5.cer delete mode 100644 SOURCES/secureboot.cer delete mode 100644 SOURCES/securebootca.cer diff --git a/.shim.metadata b/.shim.metadata index b655807..f997f90 100644 --- a/.shim.metadata +++ b/.shim.metadata @@ -1,3 +1,3 @@ 750bd7932437b1fb6610c233f69db1b70d67fab1 SOURCES/shimaa64.efi -c3c4d0ccdc07c03c20f133f9f65f6f12accea87a SOURCES/shimia32.efi -6436ae30f3f189f70f9043d91ede90058fbeb00a SOURCES/shimx64.efi +96ea5ec6612ad2d49dfa812897fc2f70ebee6b9d SOURCES/shimia32.efi +b7adea991a31e4392910db8b7ee63faff39e9207 SOURCES/shimx64.efi diff --git a/SOURCES/redhatsecureboot501.cer b/SOURCES/redhatsecureboot501.cer new file mode 100644 index 0000000000000000000000000000000000000000..dfa7afb4699f9da2610ccf889eac6269b4e368ad GIT binary patch literal 964 zcmXqLVm@Hd#I#}oGZP~d6DPygP|MB7r^(JW;AP{~YV&CO&dbQi&B|a9ZzyIU!p0oR z!o|ZIl$xU8kyxUm;F*`KXQ*f(4-#kQk${RT1g9pK7NsgU<>!|uI6Eqs8Y&qmz)j<1 z6ca8^O-{^7Eh=#+N=?Z~EYVBO&oz(}=QT1gFf*_;ur#$aF^m%DHMTG?G_-(n4bpHr zK*K-{;sAMU4hYUn&&$k9S1<({MvOa}7?qIy&dAEZ+{DPwV9>?_b=fyaz_nMgbCq_4}%h&s@!! ze1+-H$r$aU3#Wbib#?#k&uh{GYUM6Zj@vtn;gxywxjzdyRhQhFw_E3gr&3h2=~R{1 zj&**wnV1`gIDK=C)Q=HpH6<5w#musUBRX5*FRT%+S?q^ zlC!X|$Tr`#TvsL{aXYvlkoIbiCkx z5_D~Q*@8!%rFvVIJk+SN&YvaV#ohSi!kzD4u!L^;lrQW*W7-1#!tQ%Ev()B&_RmzfDxh^SOyp9_ zQ{CMgMRQYpd7N(ray<%vF*_r`|Ig1qJ?keW%w>8X>p8K%ckRW_k5{=r91h)XDEdQO n!11X)D#7e#1b6^&%9(kLq!95kT^4s1XNrhI5oMnC{@8JKfgr5*-^pNP{}|6ZW6NxP$#b?ru1p1aqn$3D)YB{Qqo zjCvjz?|=HkE#3AN-xTZpws*U~)f@DZ{t~uwMZy8<;F%jD%$u6!n#qYzp^Sryh{C;x9qf@!N=T4ui@b#({ zSD&^p3kNZ=9lAQ9%xdfP9doNToV+k2^LHOFD{5oE&78StJa^8n7$i2k94PWc<&xr*# z`sciS&XK#@>h!OC8{=mczNLHbADCJ+pE=-CsaDOF#s}?5Q)1qq&%R~#cz>QmiAiVx zk5XXYstAL9d+iK-w@u$FESybMIPOFY~9lmn~9nUf%vMc88@((p0B(#qL+!COmt7`j5IhPVzo{cRPw} Pd!}BnFF!b8N6JS4>O*3Z literal 0 HcmV?d00001 diff --git a/SOURCES/secureboot.cer b/SOURCES/secureboot.cer deleted file mode 100644 index 4ff8b79e6736e566dbf39603e0887a53345aa4e4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 839 zcmXqLVs5=#_OQj1C) zic(WD5=-=w^K%X4#CZ)(42%qc(A3<>AWEFq*xbO#zzobaj4}u^)G^S4Sf`BDy5h|A zyv)3GQtWJER6_O@BP#=Q6C*!^K@%evQxhX2!zT5vqmx`?o`(oz{$eeCezR_cLPyl% zHpefqUbuO&%O^nA}y6#9BjM%~U7Q(5kw6_YN1epR)|xb9Elg4_B`%!~|-ixmyz4P=2K zFU!Xw#v&5#_@80Rp3FS`6#W&an$HJBb(91l2O=d+v%~@6}B_2%&Mg` zDvt6_STWb-ZhXD^RgaJz3Cq5o4B43+oEZD&XVQnj{jXOGHfUJJB>qmC?A`ut>Ahpw zdM-|DZzz7Yc^I3-u|J*vqdKqQ`kIF?LJd~2r8XOg&f%Z+Yj((@r{(*;Y?_w8rSDJJ zntk_K74NJ(drfx5hIZaKImf>p{fSPd=}qfHlV8OA-0dHz$M#&#on!XF_3NjY{(Hxy zbKN4k{8NvC{Y9;Yo!51>R!)l5n2-{5CgAUe(k!NLc|1u*B2w==ttY-NzWb+N=75O& zzv2uf{%c3S9%5x`<-dQv`g=w9>l=;D-vz#WO}UeuefPU1`=|Tw9$I=mIi&>vg+x|L diff --git a/SOURCES/securebootca.cer b/SOURCES/securebootca.cer deleted file mode 100644 index b2354007b9668258683b99a68fa5bdd3067c31b1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 977 zcmXqLVm@oo#I$t*GZP~d6DPykKFO2}lmD>>ylk9WZ60mkc^MhGSs4s`4b=@)*_cCF zn1$tnQd1N>5=#_OQj1C) zic(WD5=-=w^K%X4#CZ)(42%qc(8R>VG)kP;*xbO#zzoWzwslR6O2{5!WMyD(V&rEq zXkz4IYGPz$nC+~vi6EDouC4!V-;tv&JA zN}nf->iaHo2tM8rAb&8=Njdj{a^${=Z?aE)&k<1VH{Q3Wx7jKD-_5CYum4K4d~JV` z`ccOE*<7!m22LI4&u3g0F3h!NN?ysm?c*7~^lIfF3D-Xhnr_&uU!bJ$?ZS8WW+A0- zr9raw{Iep~On)hDAUrqc*pZy>@YoE^;z#ABPp))utMY{K9XOZuN+87Vv97^}gccFK z6&c%&T=rzVyKuJ1S>c?Rq?77kYS zv==`X%}MC|0a-81!fL?G$oL;QPJxLO7^jR3 zp{b9(0{X(lQ;+K%h_CKtxc%nd+9kH!CBia&JkgcqO9LvF9(I1~^2+p(_fBqs&+@+g zjZG)^b(y8?lr#NV`RkoR|I-BpaSiJiPBV7drX0Bbe!0fPB95K&)ygj1YM5%bK;(6L z=7Y@r2hM%A`uyr;o|A^(c{icYtu_B=WuE^MZ_<i|1QMhsQHT z4}wg*#%C!d<*ePQAKPyWoS|9R;jPUx*P-5Ksuo_~6c3tyKHzf+y+r*{_;vOAw> zmv4Wk&h*1hGe;ze)#t#BH;PsH)$e|FOmna8+@9jW!^ymRMf{q+C84h)mppfN*sxn6 NnfI|Q%N6m!6aeL$dME$@ diff --git a/SOURCES/shim.rpmmacros b/SOURCES/shim.rpmmacros index 2e05163..ec33c1d 100644 --- a/SOURCES/shim.rpmmacros +++ b/SOURCES/shim.rpmmacros @@ -14,8 +14,8 @@ #%%global shimefiarm %%{expand:%%{SOURCE23} %global shimveraa64 15-6.el8 -%global shimveria32 15-2.el8 -%global shimverx64 15-2.el8 +%global shimveria32 15-9.el8 +%global shimverx64 15-9.el8 #%%global shimverarm 15-1.el8 %global shimdiraa64 %{_datadir}/shim/%{shimveraa64}/aa64 @@ -90,7 +90,7 @@ version signed by the UEFI signing service. \ # -i %define distrosign(b:a:d:) \ cp -av %{-d*}/%{-b*}%{-a*}.efi %{-b*}%{-a*}-unsigned.efi \ - %{expand:%%sign -i %{-b*}%{-a*}-unsigned.efi -o %{-b*}%{-a*}-signed.efi -n redhatsecureboot301 -a %{SOURCE2} -c %{SOURCE1} }\ + %{expand:%%sign -i %{-b*}%{-a*}-unsigned.efi -o %{-b*}%{-a*}-signed.efi -n redhatsecureboot501 -a %{SOURCE2} -c %{SOURCE1} }\ %{nil} # -a diff --git a/SPECS/shim.spec b/SPECS/shim.spec index e0b899d..c21b6cb 100644 --- a/SPECS/shim.spec +++ b/SPECS/shim.spec @@ -1,11 +1,6 @@ -# this is to make us only expand %%{dist} if we're on a modularity build. -# it's 2 macros make vim's \c not put a brace at the end of the changelog. -%global _dist %{expand:%{?_module_build:%%{?dist}}} -%global dist %{expand:%%{_dist}} - Name: shim Version: 15 -Release: 12%{?dist} +Release: 16%{?dist} Summary: First-stage UEFI bootloader License: BSD URL: https://github.com/rhboot/shim/ @@ -19,8 +14,8 @@ ExcludeArch: %{ix86} ExcludeArch: %{arm} Source0: shim.rpmmacros -Source1: secureboot.cer -Source2: securebootca.cer +Source1: redhatsecureboot501.cer +Source2: redhatsecurebootca5.cer # keep these two lists of sources synched up arch-wise. That is 0 and 10 # match, 1 and 11 match, ... @@ -106,6 +101,25 @@ install -m 0700 %{shimefi} $RPM_BUILD_ROOT%{efi_esp_dir}/shim.efi %endif %changelog +* Mon Sep 21 2020 Javier Martinez Canillas - 15-16 +- Fix an incorrect allocation size + Resolves: rhbz#1877253 + +* Fri Jul 31 2020 Peter Jones - 15-15 +- Update once again for new signed shim builds. + Resolves: rhbz#1861977 + +* Tue Jul 28 2020 Peter Jones - 15-14 +- Get rid of our %%dist hack for now. + +* Tue Jul 28 2020 Peter Jones - 15-13 +- New signing keys + Related: CVE-2020-10713 + Related: CVE-2020-14308 + Related: CVE-2020-14309 + Related: CVE-2020-14310 + Related: CVE-2020-14311 + * Thu Jun 11 2020 Javier Martinez Canillas - 15-12 - Fix firmware update bug in aarch64 caused by shim ignoring arguments Resolves: rhbz#1830871