Update shimaa64.efi

.shim.metadata

@@ -1,3 +1,3 @@
-8ab193ad7addd71e4a820081f36d47e5ef727d28 SOURCES/shimaa64.efi
-d3178fb0a2d662e2457e4a5cd13d1224e2aac1c2 SOURCES/shimia32.efi
-9fb692b46fc70fd07a9acbbabc8e1c50d0e9a481 SOURCES/shimx64.efi
+bfee65ae45498fefd64b16edf9993415b625cb3c SOURCES/shimaa64.efi
+ea800341a41765d0a06611220063d3aef8453dab SOURCES/shimia32.efi
+9f0ee5b4f212db7d228c8f985d4f15410c4922ed SOURCES/shimx64.efi

SOURCES/shim.rpmmacros

@@ -13,9 +13,9 @@
 %global shimefix64 %{expand:%{SOURCE22}}
 #%%global shimefiarm %%{expand:%%{SOURCE23}
 
-%global shimveraa64 15-7.el8_1
-%global shimveria32 15.4-4.el8_1
-%global shimverx64 15.4-4.el8_1
+%global shimveraa64 15-6.el9.alma
+%global shimveria32 15.4-4.el9.alma
+%global shimverx64 15.4-4.el9.alma
 #%%global shimverarm 15-1.el8
 
 %global shimdiraa64 %{_datadir}/shim/%{shimveraa64}/aa64
@@ -48,6 +48,7 @@ Requires: mokutil >= 1:0.3.0-1						\
 Requires: efi-filesystem						\
 Provides: shim-signed-%{-a*} = %{version}-%{release}			\
 Requires: dbxtool >= 0.6-3						\
+Requires: %{efi_esp_dir}/grub%{-a*}.efi					\
 %{expand:%%if 0%%{-p*}							\
 Provides: shim = %{version}-%{release}					\
 Provides: shim-signed = %{version}-%{release}				\
@@ -90,7 +91,7 @@ version signed by the UEFI signing service.				\
 # -i <input>
 %define distrosign(b:a:d:)						\
 	cp -av %{-d*}/%{-b*}%{-a*}.efi %{-b*}%{-a*}-unsigned.efi	\
-	%{expand:%%sign -i %{-b*}%{-a*}-unsigned.efi -o %{-b*}%{-a*}-signed.efi -n redhatsecureboot501 -a %{SOURCE2} -c %{SOURCE1} }\
+	%{expand:%%sign -i %{-b*}%{-a*}-unsigned.efi -o %{-b*}%{-a*}-signed.efi -n clsecureboot001 -a %{SOURCE1} -c %{SOURCE1} }\
 	%{nil}
 
 # -a <efiarch>

SPECS/shim.spec

@@ -1,3 +1,8 @@
+%global dist %{?dist}.alma
+%global efi_vendor almalinux
+%global efidir almalinux
+%global efi_esp_dir /boot/efi/EFI/%{efidir}
+
 Name:		shim
 Version:	15.4
 Release:	2%{?dist}
@@ -14,8 +19,7 @@ ExcludeArch:	%{ix86}
 ExcludeArch:	%{arm}
 
 Source0:	shim.rpmmacros
-Source1:	redhatsecureboot501.cer
-Source2:	redhatsecurebootca5.cer
+Source1:	clsecureboot001.cer
 
 # keep these two lists of sources synched up arch-wise.  That is 0 and 10
 # match, 1 and 11 match, ...
@@ -101,27 +105,20 @@ install -m 0700 %{shimefi} $RPM_BUILD_ROOT%{efi_esp_dir}/shim.efi
 %endif
 
 %changelog
-* Tue Apr 06 2021 Peter Jones <pjones@redhat.com> - 15.4-2
-- Fix build-deps on our shim-unsigned-* packages.
-  Related: CVE-2020-14372 (and others)
+* Wed Apr 21 2021 Andrew Lukoshko <alukoshko@almalinux.org> - 15.4-2.alma
+- Update to upstream 15.4 version
+- Add support for Secure Boot
 
-* Mon Apr 05 2021 Peter Jones <pjones@redhat.com> - 15.4-1
-- Update to shim 15.4
-  - Support for revocations via the ".sbat" section and SBAT EFI variable
-  - A new unit test framework and a bunch of unit tests
-  - No external gnu-efi dependency
-  - Better CI
-  Resolves: CVE-2020-14372
-  Resolves: CVE-2020-25632
-  Resolves: CVE-2020-25647
-  Resolves: CVE-2020-27749
-  Resolves: CVE-2020-27779
-  Resolves: CVE-2021-20225
-  Resolves: CVE-2021-20233
+* Mon Mar 15 2021 Andrei Lukoshko <alukoshko@almalinux.org> - 15-16.alma.1
+- AlmaLinux changes
+
+* Mon Sep 21 2020 Javier Martinez Canillas <javierm@redhat.com> - 15-16
+- Fix an incorrect allocation size
+  Resolves: rhbz#1877253
 
 * Fri Jul 31 2020 Peter Jones <pjones@redhat.com> - 15-15
 - Update once again for new signed shim builds.
-  Resolves: rhbz#1862231
+  Resolves: rhbz#1861977
 
 * Tue Jul 28 2020 Peter Jones <pjones@redhat.com> - 15-14
 - Get rid of our %%dist hack for now.
@@ -136,7 +133,9 @@ install -m 0700 %{shimefi} $RPM_BUILD_ROOT%{efi_esp_dir}/shim.efi
 
 * Thu Jun 11 2020 Javier Martinez Canillas <javierm@redhat.com> - 15-12
 - Fix firmware update bug in aarch64 caused by shim ignoring arguments
+  Resolves: rhbz#1830871
 - Fix a shim crash when attempting to netboot
+  Resolves: rhbz#1795654
 
 * Fri Jun 07 2019 Javier Martinez Canillas <javierm@redhat.com> - 15-11
 - Update the shim-unsigned-aarch64 version number