From 0347139fc69c407f135dfd9956d943e771839a4c Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Mar 30 2021 15:34:59 +0000 Subject: import shim-15-16.el8 --- diff --git a/.shim.metadata b/.shim.metadata index b655807..f997f90 100644 --- a/.shim.metadata +++ b/.shim.metadata @@ -1,3 +1,3 @@ 750bd7932437b1fb6610c233f69db1b70d67fab1 SOURCES/shimaa64.efi -c3c4d0ccdc07c03c20f133f9f65f6f12accea87a SOURCES/shimia32.efi -6436ae30f3f189f70f9043d91ede90058fbeb00a SOURCES/shimx64.efi +96ea5ec6612ad2d49dfa812897fc2f70ebee6b9d SOURCES/shimia32.efi +b7adea991a31e4392910db8b7ee63faff39e9207 SOURCES/shimx64.efi diff --git a/SOURCES/redhatsecureboot501.cer b/SOURCES/redhatsecureboot501.cer new file mode 100644 index 0000000..dfa7afb Binary files /dev/null and b/SOURCES/redhatsecureboot501.cer differ diff --git a/SOURCES/redhatsecurebootca5.cer b/SOURCES/redhatsecurebootca5.cer new file mode 100644 index 0000000..dfb0284 Binary files /dev/null and b/SOURCES/redhatsecurebootca5.cer differ diff --git a/SOURCES/secureboot.cer b/SOURCES/secureboot.cer deleted file mode 100644 index 4ff8b79..0000000 Binary files a/SOURCES/secureboot.cer and /dev/null differ diff --git a/SOURCES/securebootca.cer b/SOURCES/securebootca.cer deleted file mode 100644 index b235400..0000000 Binary files a/SOURCES/securebootca.cer and /dev/null differ diff --git a/SOURCES/shim.rpmmacros b/SOURCES/shim.rpmmacros index 2e05163..ec33c1d 100644 --- a/SOURCES/shim.rpmmacros +++ b/SOURCES/shim.rpmmacros @@ -14,8 +14,8 @@ #%%global shimefiarm %%{expand:%%{SOURCE23} %global shimveraa64 15-6.el8 -%global shimveria32 15-2.el8 -%global shimverx64 15-2.el8 +%global shimveria32 15-9.el8 +%global shimverx64 15-9.el8 #%%global shimverarm 15-1.el8 %global shimdiraa64 %{_datadir}/shim/%{shimveraa64}/aa64 @@ -90,7 +90,7 @@ version signed by the UEFI signing service. \ # -i %define distrosign(b:a:d:) \ cp -av %{-d*}/%{-b*}%{-a*}.efi %{-b*}%{-a*}-unsigned.efi \ - %{expand:%%sign -i %{-b*}%{-a*}-unsigned.efi -o %{-b*}%{-a*}-signed.efi -n redhatsecureboot301 -a %{SOURCE2} -c %{SOURCE1} }\ + %{expand:%%sign -i %{-b*}%{-a*}-unsigned.efi -o %{-b*}%{-a*}-signed.efi -n redhatsecureboot501 -a %{SOURCE2} -c %{SOURCE1} }\ %{nil} # -a diff --git a/SPECS/shim.spec b/SPECS/shim.spec index e0b899d..c21b6cb 100644 --- a/SPECS/shim.spec +++ b/SPECS/shim.spec @@ -1,11 +1,6 @@ -# this is to make us only expand %%{dist} if we're on a modularity build. -# it's 2 macros make vim's \c not put a brace at the end of the changelog. -%global _dist %{expand:%{?_module_build:%%{?dist}}} -%global dist %{expand:%%{_dist}} - Name: shim Version: 15 -Release: 12%{?dist} +Release: 16%{?dist} Summary: First-stage UEFI bootloader License: BSD URL: https://github.com/rhboot/shim/ @@ -19,8 +14,8 @@ ExcludeArch: %{ix86} ExcludeArch: %{arm} Source0: shim.rpmmacros -Source1: secureboot.cer -Source2: securebootca.cer +Source1: redhatsecureboot501.cer +Source2: redhatsecurebootca5.cer # keep these two lists of sources synched up arch-wise. That is 0 and 10 # match, 1 and 11 match, ... @@ -106,6 +101,25 @@ install -m 0700 %{shimefi} $RPM_BUILD_ROOT%{efi_esp_dir}/shim.efi %endif %changelog +* Mon Sep 21 2020 Javier Martinez Canillas - 15-16 +- Fix an incorrect allocation size + Resolves: rhbz#1877253 + +* Fri Jul 31 2020 Peter Jones - 15-15 +- Update once again for new signed shim builds. + Resolves: rhbz#1861977 + +* Tue Jul 28 2020 Peter Jones - 15-14 +- Get rid of our %%dist hack for now. + +* Tue Jul 28 2020 Peter Jones - 15-13 +- New signing keys + Related: CVE-2020-10713 + Related: CVE-2020-14308 + Related: CVE-2020-14309 + Related: CVE-2020-14310 + Related: CVE-2020-14311 + * Thu Jun 11 2020 Javier Martinez Canillas - 15-12 - Fix firmware update bug in aarch64 caused by shim ignoring arguments Resolves: rhbz#1830871