Commit Graph

13 Commits

Author SHA1 Message Date
Peter Jones
6e06d189e6 Update to shim-15.6
Resolves: CVE-2022-28737

Signed-off-by: Peter Jones <pjones@redhat.com>
2022-06-15 11:42:35 -04:00
Javier Martinez Canillas
da8ecaa443
A few fixes for 15.4
- Fix handling of ignore_db and user_insecure_mode (pjones)
- Fix booting on pre-UEFI Macs (pjones)
- Fix mok variable storage allocation region (glin)
  Resolves: rhbz#1948432
- Fix the package version in the .sbat data (pjones)

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-05-05 01:08:46 +02:00
Peter Jones
f4bf84f7c5
Minor updates to fix some minor bugs.
- Mark signed shim packages as protected in dnf.
  Resolves: rhbz#1874541
- Conflict with older fwupd, but don't require it.
  Resolves: rhbz#1877751

Signed-off-by: Peter Jones <pjones@redhat.com>
2021-05-05 01:08:46 +02:00
Peter Jones
4f5f869d14
Update to shim 15.4
- Support for revocations via the ".sbat" section and SBAT EFI variable
- A new unit test framework and a bunch of unit tests
- No external gnu-efi dependency
- Better CI
- No more "shim*-fedora.efi", as a second safety to avoid system vendors
  setting up the scenario for CVE-2020-15705
- enable (unsigned) arm v6 building as an aarch64 subpackage.

Resolves: CVE-2020-14372
Resolves: CVE-2020-25632
Resolves: CVE-2020-25647
Resolves: CVE-2020-27749
Resolves: CVE-2020-27779
Resolves: CVE-2021-20225
Resolves: CVE-2021-20233

Signed-off-by: Peter Jones <pjones@redhat.com>
2021-05-05 01:08:46 +02:00
Peter Jones
3506e57522 Revert "More %%dist shenanigans."
It's pointless, because doesn't actually get around the real problem.

This reverts commit aa0e9e6fd1.
2018-10-02 14:19:54 -04:00
Peter Jones
aa0e9e6fd1 More %%dist shenanigans.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-10-02 14:12:05 -04:00
Peter Jones
3e21f6d5ec Rework the .spec to use efi-rpm-macros.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-05-04 15:28:05 -04:00
Peter Jones
f54022bf7f Make sure all of our macros always expand
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-05-04 15:07:21 -04:00
Peter Jones
a8752f8f14 Rework the .spec to use efi-rpm-macros.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-05-04 14:22:38 -04:00
Peter Jones
9d062d358d Temporarily revert everything to the last build that worked
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-05-04 14:02:26 -04:00
Peter Jones
e2500aced2 still working on this... 2018-05-04 14:00:25 -04:00
Peter Jones
74e692706d still working on this... 2018-05-04 10:30:18 -04:00
Peter Jones
35825dbe33 dammit 2018-05-03 17:25:10 -04:00