diff --git a/0.5.0.tar.gz b/0.5.0.tar.gz deleted file mode 100644 index c4348c806eaf835c460f2051cfa0cd1a4569b45b..0000000000000000000000000000000000000000 Binary files a/0.5.0.tar.gz and /dev/null differ diff --git a/0.6.0.tar.gz b/0.6.0.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..b63521a01d728844925ee7ade875f92a1577a7a2 Binary files /dev/null and b/0.6.0.tar.gz differ diff --git a/0001-Show-usage-instead-of-aborting-on-bad-flags.patch b/0001-Show-usage-instead-of-aborting-on-bad-flags.patch new file mode 100644 index 0000000000000000000000000000000000000000..3a096cdbf53674e84924b9e9dab6a42eabea1025 --- /dev/null +++ b/0001-Show-usage-instead-of-aborting-on-bad-flags.patch @@ -0,0 +1,33 @@ +From 82694cb1ce3b29c3705c25ae4cea3d07fe57b558 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Tue, 17 May 2022 11:23:28 -0400 +Subject: [PATCH 1/5] Show usage instead of aborting on bad flags + +Aborting here just confuses users and is sufficiently unexpected to +cause the filing of bugs. + +Related: https://bugzilla.redhat.com/show_bug.cgi?id=2087066 +Signed-off-by: Robbie Harwood +--- + src/mokutil.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/mokutil.c b/src/mokutil.c +index 5d725c9..e8228af 100644 +--- a/src/mokutil.c ++++ b/src/mokutil.c +@@ -2087,10 +2087,9 @@ main (int argc, char *argv[]) + goto out; + case 'h': + case '?': ++ default: + command |= HELP; + break; +- default: +- abort (); + } + } + +-- +2.33.0 + diff --git a/0002-mokutil-bugfix-del-unused-opt-s.patch b/0002-mokutil-bugfix-del-unused-opt-s.patch new file mode 100644 index 0000000000000000000000000000000000000000..33ca04e890399436efa898ca95ed240f54f423e1 --- /dev/null +++ b/0002-mokutil-bugfix-del-unused-opt-s.patch @@ -0,0 +1,28 @@ +From 04791c29e198b18808bca519267e31c8d3786a08 Mon Sep 17 00:00:00 2001 +From: gaoyusong +Date: Mon, 30 May 2022 17:54:47 +0800 +Subject: [PATCH 2/5] mokutil bugfix: del unused opt "-s" + +The -s option can cause unexcepted result. + +Signed-off-by: gaoyusong +--- + src/mokutil.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/mokutil.c b/src/mokutil.c +index e8228af..6982ade 100644 +--- a/src/mokutil.c ++++ b/src/mokutil.c +@@ -1851,7 +1851,7 @@ main (int argc, char *argv[]) + }; + + int option_index = 0; +- c = getopt_long (argc, argv, "cd:f:g::hi:lmpst:xDNPXv", ++ c = getopt_long (argc, argv, "cd:f:g::hi:lmpt:xDNPXv", + long_options, &option_index); + + if (c == -1) +-- +2.33.0 + diff --git a/0003-Fix-leak-of-list-in-delete_data_from_req_var.patch b/0003-Fix-leak-of-list-in-delete_data_from_req_var.patch new file mode 100644 index 0000000000000000000000000000000000000000..bc7c7587e89c071b6e0254ff599382b3c5538141 --- /dev/null +++ b/0003-Fix-leak-of-list-in-delete_data_from_req_var.patch @@ -0,0 +1,30 @@ +From d978c18f61b877afaab45a82d260b525423b8248 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Thu, 2 Jun 2022 12:56:31 -0400 +Subject: [PATCH 3/5] Fix leak of list in delete_data_from_req_var() + +Signed-off-by: Robbie Harwood +--- + src/util.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/util.c b/src/util.c +index 621869f..6cd0302 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -295,8 +295,10 @@ delete_data_from_req_var (const MokRequest req, const efi_guid_t *type, + } + + /* the key or hash is not in this list */ +- if (start == NULL) +- return 0; ++ if (start == NULL) { ++ ret = 0; ++ goto done; ++ } + + /* all keys are removed */ + if (total == 0) { +-- +2.33.0 + diff --git a/0004-Fix-leak-of-fd-in-mok_get_variable.patch b/0004-Fix-leak-of-fd-in-mok_get_variable.patch new file mode 100644 index 0000000000000000000000000000000000000000..91d07043a4d8c89b3b4d63c638be38c4ea65ae63 --- /dev/null +++ b/0004-Fix-leak-of-fd-in-mok_get_variable.patch @@ -0,0 +1,72 @@ +From e498f6460ff5aea6a7cd61a33087d03e88a2f52a Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Thu, 2 Jun 2022 13:00:22 -0400 +Subject: [PATCH 4/5] Fix leak of fd in mok_get_variable() + +On success, it was never closed. Refactor the code to use a single +egress path so its closure is clear. + +Signed-off-by: Robbie Harwood +--- + src/util.c | 24 +++++++++++++----------- + 1 file changed, 13 insertions(+), 11 deletions(-) + +diff --git a/src/util.c b/src/util.c +index 6cd0302..f7fc033 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -57,22 +57,21 @@ mok_get_variable(const char *name, uint8_t **datap, size_t *data_sizep) + return fd; + + rc = fstat(fd, &sb); +- if (rc < 0) { +-err_close: +- close(fd); +- return rc; +- } ++ if (rc < 0) ++ goto done; + + if (sb.st_size == 0) { + errno = ENOENT; + rc = -1; +- goto err_close; ++ goto done; + } + + bufsz = sb.st_size; + buf = calloc(1, bufsz); +- if (!buf) +- goto err_close; ++ if (!buf) { ++ rc = -1; ++ goto done; ++ } + + while (pos < bufsz) { + ssz = read(fd, &buf[pos], bufsz - pos); +@@ -82,15 +81,18 @@ err_close: + errno == EINTR) + continue; + free(buf); +- goto err_close; ++ rc = -1; ++ goto done; + } + + pos += ssz; + } + *datap = buf; + *data_sizep = pos; +- +- return 0; ++ rc = 0; ++done: ++ close(fd); ++ return rc; + } + + MokListNode* +-- +2.33.0 + diff --git a/mokutil.spec b/mokutil.spec index 87c21946ce62a9b266eb107f4811c62cc1dd48d5..2028429eb5666b5c201f4b658f0daef55639026b 100644 --- a/mokutil.spec +++ b/mokutil.spec @@ -1,11 +1,15 @@ Name: mokutil -Version: 0.5.0 +Version: 0.6.0 Release: 1 Epoch: 1 Summary: Tools for manipulating machine owner keys License: GPLv3+ URL: https://github.com/lcp/mokutil Source0: https://github.com/lcp/mokutil/archive/%{version}.tar.gz +Patch0001: 0001-Show-usage-instead-of-aborting-on-bad-flags.patch +Patch0002: 0002-mokutil-bugfix-del-unused-opt-s.patch +Patch0003: 0003-Fix-leak-of-list-in-delete_data_from_req_var.patch +Patch0004: 0004-Fix-leak-of-fd-in-mok_get_variable.patch BuildRequires:gcc autoconf automake gnu-efi git openssl-devel openssl efivar-devel >= 31-1 git Conflicts: shim < 0.8-1 @@ -57,6 +61,9 @@ make check %{_mandir}/man1/* %changelog +* Wed Jun 29 2022 Chenxi Mao - 1:0.6.0-1 +- Update to 0.6.0 with latest bug fix + * Mon Dec 27 2021 openEuler Buildteam - 1:0.5.0-1 - Update to 0.5.0