10 changed files with 122 additions and 214 deletions
--- a/0.4.0.tar.gz
+++ b/0.4.0.tar.gz
--- a/0.6.0.tar.gz
+++ b/0.6.0.tar.gz
--- a/0001-Avoid-taking-pointer-to-packed-struct.patch
+++ b/0001-Avoid-taking-pointer-to-packed-struct.patch
@ -0,0 +1,117 @@
 From 19e8c9071b3d9306ca7b7329b313b31f86c2936d Mon Sep 17 00:00:00 2001
 From: Harry Youd <harry@harryyoud.co.uk>
 Date: Wed, 31 Jul 2019 19:44:53 +0100
 Subject: [PATCH] Avoid taking pointer to packed struct
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 Fixes:
 error: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Werror=address-of-packed-member]
 ---
 src/mokutil.c | 38 ++++++++++++++++++++++----------------
 1 file changed, 22 insertions(+), 16 deletions(-)
 diff --git a/src/mokutil.c b/src/mokutil.c
 index e2d567d..8892613 100644
 --- a/src/mokutil.c
 +++ b/src/mokutil.c
@@ -270,20 +270,22 @@ build_mok_list (void *data, unsigned long data_size, uint32_t *mok_num)
 			return NULL;
 		}
 -		if ((efi_guid_cmp (&CertList->SignatureType, &efi_guid_x509_cert) != 0) &&
 -		    (efi_guid_cmp (&CertList->SignatureType, &efi_guid_sha1) != 0) &&
 -		    (efi_guid_cmp (&CertList->SignatureType, &efi_guid_sha224) != 0) &&
 -		    (efi_guid_cmp (&CertList->SignatureType, &efi_guid_sha256) != 0) &&
 -		    (efi_guid_cmp (&CertList->SignatureType, &efi_guid_sha384) != 0) &&
 -		    (efi_guid_cmp (&CertList->SignatureType, &efi_guid_sha512) != 0)) {
 +		efi_guid_t sigtype = CertList->SignatureType;
 +
 +		if ((efi_guid_cmp (&sigtype, &efi_guid_x509_cert) != 0) &&
 +		    (efi_guid_cmp (&sigtype, &efi_guid_sha1) != 0) &&
 +		    (efi_guid_cmp (&sigtype, &efi_guid_sha224) != 0) &&
 +		    (efi_guid_cmp (&sigtype, &efi_guid_sha256) != 0) &&
 +		    (efi_guid_cmp (&sigtype, &efi_guid_sha384) != 0) &&
 +		    (efi_guid_cmp (&sigtype, &efi_guid_sha512) != 0)) {
 			dbsize -= CertList->SignatureListSize;
 			CertList = (EFI_SIGNATURE_LIST *)((uint8_t *) CertList +
 						  CertList->SignatureListSize);
 			continue;
 		}
 -		if ((efi_guid_cmp (&CertList->SignatureType, &efi_guid_x509_cert) != 0) &&
 -		    (CertList->SignatureSize != signature_size (&CertList->SignatureType))) {
 +		if ((efi_guid_cmp (&sigtype, &efi_guid_x509_cert) != 0) &&
 +		    (CertList->SignatureSize != signature_size (&sigtype))) {
 			dbsize -= CertList->SignatureListSize;
 			CertList = (EFI_SIGNATURE_LIST *)((uint8_t *) CertList +
 						  CertList->SignatureListSize);
@@ -312,7 +314,7 @@ build_mok_list (void *data, unsigned long data_size, uint32_t *mok_num)
 		}
 		list[count].header = CertList;
 -		if (efi_guid_cmp (&CertList->SignatureType, &efi_guid_x509_cert) == 0) {
 +		if (efi_guid_cmp (&sigtype, &efi_guid_x509_cert) == 0) {
 			/* X509 certificate */
 			list[count].mok_size = CertList->SignatureSize -
 					       sizeof(efi_guid_t);
@@ -442,10 +444,11 @@ list_keys (uint8_t *data, size_t data_size)
 	for (unsigned int i = 0; i < mok_num; i++) {
 		printf ("[key %d]\n", i+1);
 -		if (efi_guid_cmp (&list[i].header->SignatureType, &efi_guid_x509_cert) == 0) {
 +		efi_guid_t sigtype = list[i].header->SignatureType;
 +		if (efi_guid_cmp (&sigtype, &efi_guid_x509_cert) == 0) {
 			print_x509 ((char *)list[i].mok, list[i].mok_size);
 		} else {
 -			print_hash_array (&list[i].header->SignatureType,
 +			print_hash_array (&sigtype,
 					  list[i].mok, list[i].mok_size);
 		}
 		if (i < mok_num - 1)
@@ -523,7 +526,8 @@ delete_data_from_list (const efi_guid_t *var_guid, const char *var_name,
 	remain = total;
 	for (unsigned int i = 0; i < mok_num; i++) {
 		remain -= list[i].header->SignatureListSize;
 -		if (efi_guid_cmp (&list[i].header->SignatureType, type) != 0)
 +		efi_guid_t sigtype = list[i].header->SignatureType;
 +		if (efi_guid_cmp (&sigtype, type) != 0)
 			continue;
 		sig_list_size = list[i].header->SignatureListSize;
@@ -1057,7 +1061,8 @@ is_duplicate (const efi_guid_t *type, const void *data, const uint32_t data_size
 	}
 	for (unsigned int i = 0; i < node_num; i++) {
 -		if (efi_guid_cmp (&list[i].header->SignatureType, type) != 0)
 +		efi_guid_t sigtype = list[i].header->SignatureType;
 +		if (efi_guid_cmp (&sigtype, type) != 0)
 			continue;
 		if (efi_guid_cmp (type, &efi_guid_x509_cert) == 0) {
@@ -1510,8 +1515,8 @@ issue_hash_request (const char *hash_str, MokRequest req,
 			goto error;
 		/* Check if there is a signature list with the same type */
 		for (unsigned int i = 0; i < mok_num; i++) {
 -			if (efi_guid_cmp (&mok_list[i].header->SignatureType,
 -					 &hash_type) == 0) {
 +			efi_guid_t sigtype = mok_list[i].header->SignatureType;
 +			if (efi_guid_cmp (&sigtype, &hash_type) == 0) {
 				merge_ind = i;
 				list_size -= sizeof(EFI_SIGNATURE_LIST);
 				break;
@@ -1678,8 +1683,9 @@ export_db_keys (const DBName db_name)
 	for (unsigned i = 0; i < mok_num; i++) {
 		off_t offset = 0;
 		ssize_t write_size;
 +		efi_guid_t sigtype = list[i].header->SignatureType;
 -		if (efi_guid_cmp (&list[i].header->SignatureType, &efi_guid_x509_cert) != 0)
 +		if (efi_guid_cmp (&sigtype, &efi_guid_x509_cert) != 0)
 			continue;
 		/* Dump X509 certificate to files */
 -- 
 1.8.3.1
--- a/0001-Show-usage-instead-of-aborting-on-bad-flags.patch
+++ b/0001-Show-usage-instead-of-aborting-on-bad-flags.patch
@ -1,33 +0,0 @@
 From 82694cb1ce3b29c3705c25ae4cea3d07fe57b558 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Tue, 17 May 2022 11:23:28 -0400
 Subject: [PATCH 1/5] Show usage instead of aborting on bad flags
 Aborting here just confuses users and is sufficiently unexpected to
 cause the filing of bugs.
 Related: https://bugzilla.redhat.com/show_bug.cgi?id=2087066
 Signed-off-by: Robbie Harwood <rharwood@redhat.com>
 ---
 src/mokutil.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)
 diff --git a/src/mokutil.c b/src/mokutil.c
 index 5d725c9..e8228af 100644
 --- a/src/mokutil.c
 +++ b/src/mokutil.c
@@ -2087,10 +2087,9 @@ main (int argc, char *argv[])
 			goto out;
 		case 'h':
 		case '?':
 +		default:
 			command |= HELP;
 			break;
 -		default:
 -			abort ();
 		}
 	}
 -- 
 2.33.0
--- a/0002-mokutil-bugfix-del-unused-opt-s.patch
+++ b/0002-mokutil-bugfix-del-unused-opt-s.patch
@ -1,28 +0,0 @@
 From 04791c29e198b18808bca519267e31c8d3786a08 Mon Sep 17 00:00:00 2001
 From: gaoyusong <gaoyusong2@huawei.com>
 Date: Mon, 30 May 2022 17:54:47 +0800
 Subject: [PATCH 2/5] mokutil bugfix: del unused opt "-s"
 The -s option can cause unexcepted result.
 Signed-off-by: gaoyusong <gaoyusong2@huawei.com>
 ---
 src/mokutil.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/src/mokutil.c b/src/mokutil.c
 index e8228af..6982ade 100644
 --- a/src/mokutil.c
 +++ b/src/mokutil.c
@@ -1851,7 +1851,7 @@ main (int argc, char *argv[])
 		};
 		int option_index = 0;
 -		c = getopt_long (argc, argv, "cd:f:g::hi:lmpst:xDNPXv",
 +		c = getopt_long (argc, argv, "cd:f:g::hi:lmpt:xDNPXv",
 				 long_options, &option_index);
 		if (c == -1)
 -- 
 2.33.0
--- a/0003-Fix-leak-of-list-in-delete_data_from_req_var.patch
+++ b/0003-Fix-leak-of-list-in-delete_data_from_req_var.patch
@ -1,30 +0,0 @@
 From d978c18f61b877afaab45a82d260b525423b8248 Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Thu, 2 Jun 2022 12:56:31 -0400
 Subject: [PATCH 3/5] Fix leak of list in delete_data_from_req_var()
 Signed-off-by: Robbie Harwood <rharwood@redhat.com>
 ---
 src/util.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)
 diff --git a/src/util.c b/src/util.c
 index 621869f..6cd0302 100644
 --- a/src/util.c
 +++ b/src/util.c
@@ -295,8 +295,10 @@ delete_data_from_req_var (const MokRequest req, const efi_guid_t *type,
 	}
 	/* the key or hash is not in this list */
 -	if (start == NULL)
 -		return 0;
 +	if (start == NULL) {
 +		ret = 0;
 +		goto done;
 +	}
 	/* all keys are removed */
 	if (total == 0) {
 -- 
 2.33.0
--- a/0004-Fix-leak-of-fd-in-mok_get_variable.patch
+++ b/0004-Fix-leak-of-fd-in-mok_get_variable.patch
@ -1,72 +0,0 @@
 From e498f6460ff5aea6a7cd61a33087d03e88a2f52a Mon Sep 17 00:00:00 2001
 From: Robbie Harwood <rharwood@redhat.com>
 Date: Thu, 2 Jun 2022 13:00:22 -0400
 Subject: [PATCH 4/5] Fix leak of fd in mok_get_variable()
 On success, it was never closed.  Refactor the code to use a single
 egress path so its closure is clear.
 Signed-off-by: Robbie Harwood <rharwood@redhat.com>
 ---
 src/util.c | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)
 diff --git a/src/util.c b/src/util.c
 index 6cd0302..f7fc033 100644
 --- a/src/util.c
 +++ b/src/util.c
@@ -57,22 +57,21 @@ mok_get_variable(const char *name, uint8_t **datap, size_t *data_sizep)
 		return fd;
 	rc = fstat(fd, &sb);
 -	if (rc < 0) {
 -err_close:
 -		close(fd);
 -		return rc;
 -	}
 +	if (rc < 0)
 +		goto done;
 	if (sb.st_size == 0) {
 		errno = ENOENT;
 		rc = -1;
 -		goto err_close;
 +		goto done;
 	}
 	bufsz = sb.st_size;
 	buf = calloc(1, bufsz);
 -	if (!buf)
 -		goto err_close;
 +	if (!buf) {
 +		rc = -1;
 +		goto done;
 +	}
 	while (pos < bufsz) {
 		ssz = read(fd, &buf[pos], bufsz - pos);
@@ -82,15 +81,18 @@ err_close:
 			    errno == EINTR)
 				continue;
 			free(buf);
 -			goto err_close;
 +			rc = -1;
 +			goto done;
 		}
 		pos += ssz;
 	}
 	*datap = buf;
 	*data_sizep = pos;
 -
 -	return 0;
 +	rc = 0;
 +done:
 +	close(fd);
 +	return rc;
 }
 MokListNode*
 -- 
 2.33.0
--- a/0005-mokutil-Fix-memory-leak-in-export_db_keys.patch
+++ b/0005-mokutil-Fix-memory-leak-in-export_db_keys.patch
@ -1,25 +0,0 @@
 From 71140ef59ac8f7bbe445fca2ba90a6833d3cb8c6 Mon Sep 17 00:00:00 2001
 From: gaoyusong <a869920004@163.com>
 Date: Thu, 22 Sep 2022 16:43:39 +0800
 Subject: [PATCH] mokutil: Fix memory leak in export_db_keys
 Signed-off-by: gaoyusong <a869920004@163.com>
 ---
 src/mokutil.c | 1 +
 1 file changed, 1 insertion(+)
 diff --git a/src/mokutil.c b/src/mokutil.c
 index d445311..9e947d5 100644
 --- a/src/mokutil.c
 +++ b/src/mokutil.c
@@ -1233,6 +1233,7 @@ export_db_keys (const DBName db_name)
 	list = build_mok_list (data, data_size, &mok_num);
 	if (list == NULL) {
 +		free(data);
 		return -1;
 	}
 -- 
 2.33.0
--- a/mokutil.spec
+++ b/mokutil.spec
@ -1,21 +1,17 @@
 Name:     mokutil
-Version:  0.6.0
+Version:  0.4.0
-Release:  3
+Release:  2
 Epoch:    1
 Summary:  Tools for manipulating machine owner keys
 License:  GPLv3+
 URL:      https://github.com/lcp/mokutil
 Source0:  https://github.com/lcp/mokutil/archive/%{version}.tar.gz
-BuildRequires:gcc autoconf automake gnu-efi openssl-devel openssl keyutils-libs-devel efivar-devel >= 31-1 git
+BuildRequires:gcc autoconf automake gnu-efi git openssl-devel openssl efivar-devel >= 31-1 git
 Conflicts:      shim < 0.8-1
 Obsoletes:      mokutil < 0.2.0
-Patch0000:	0001-Show-usage-instead-of-aborting-on-bad-flags.patch
+Patch0000: 0001-Avoid-taking-pointer-to-packed-struct.patch
 Patch0001:	0002-mokutil-bugfix-del-unused-opt-s.patch
 Patch0002:	0003-Fix-leak-of-list-in-delete_data_from_req_var.patch
 Patch0003:	0004-Fix-leak-of-fd-in-mok_get_variable.patch
 Patch0004:	0005-mokutil-Fix-memory-leak-in-export_db_keys.patch
 %description
 The utility to manipulate machines owner keys which managed in shim.
@ -29,7 +25,7 @@ Requires:  man info
 Man page and other related documents for %{name}.
 %prep
-%autosetup -n %{name}-%{version} -p1
+%autosetup -n %{name}-%{version} -p1 -Sgit
 %build
 ./autogen.sh
@ -63,19 +59,6 @@ make check
 %{_mandir}/man1/*
 %changelog
 * Thu Jun 06 2024 fuanan <fuanan3@h-partners.com> - 1:0.6.0-3
 - DESC: mokutil: Fix memory leak in export_db_keys
 * Sat Feb 4 2023 gaoyusong <gaoyusong2@huawei.com> - 1:0.6.0-2
 - DESC: Fix build error
 * Tue Aug 2 2022 gaoyusong <gaoyusong2@huawei.com> - 1:0.6.0-1
 - DESC: Update to 0.6.0 with latest bug fix
 * Fri Jul 30 2021 chenyanpanHW <chenyanpan@huawei.com> - 0.4.0-3
 - DESC: delete -Sgit from %autosetup, and delete BuildRequires git
 git
 * Mon Jun 22 2020 openEuler Buildteam <buildteam@openeuler.org> - 1:0.4.0-2
 - fix build err of -Waddress-of-packed-member for gcc update to 9.3.1
--- a/mokutil.yaml
+++ b/mokutil.yaml
@ -1,4 +0,0 @@
 version_control: github
 src_repo: lcp/mokutil
 tag_prefix: ^
 seperator: .