kumquat-buildroot/boot/shim/shim.mk
Peter Korsgaard f29cbc6ce3 boot/shim: security bump to version 15.6
Fixes the following security issue:

CVE-2022-28737: There's a possible overflow in handle_image() when shim
tries to load and execute crafted EFI executables

https://github.com/advisories/GHSA-hmxr-46w2-jjwh

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-08 21:47:06 +01:00

30 lines
774 B
Makefile

################################################################################
#
# shim
#
################################################################################
SHIM_VERSION = 15.6
SHIM_SITE = https://github.com/rhboot/shim/releases/download/$(SHIM_VERSION)
SHIM_SOURCE = shim-$(SHIM_VERSION).tar.bz2
SHIM_LICENSE = BSD-2-Clause
SHIM_LICENSE_FILES = COPYRIGHT
SHIM_CPE_ID_VENDOR = redhat
SHIM_INSTALL_TARGET = NO
SHIM_INSTALL_IMAGES = YES
SHIM_MAKE_OPTS = \
ARCH="$(GNU_EFI_PLATFORM)" \
CROSS_COMPILE="$(TARGET_CROSS)" \
DASHJ="-j$(PARALLEL_JOBS)"
define SHIM_BUILD_CMDS
$(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D) $(SHIM_MAKE_OPTS)
endef
define SHIM_INSTALL_IMAGES_CMDS
$(INSTALL) -m 0755 -t $(BINARIES_DIR) $(@D)/*.efi
endef
$(eval $(generic-package))