From 6ce4b8c58350e458059d51077b9dbde99124fd9d Mon Sep 17 00:00:00 2001
From: MSVSphere Packaging Team <packager@msvsphere-os.ru>
Date: Tue, 26 Nov 2024 17:32:02 +0300
Subject: [PATCH] import mokutil-0.6.0-10.el10

---
 .gitignore                                    |   1 +
 .mokutil.metadata                             |   1 +
 ...age-instead-of-aborting-on-bad-flags.patch |  31 +++
 ...0002-mokutil-bugfix-del-unused-opt-s.patch |  26 +++
 ...-of-list-in-delete_data_from_req_var.patch |  28 +++
 ...4-Fix-leak-of-fd-in-mok_get_variable.patch |  70 +++++++
 SOURCES/mokutil.patches                       |   4 +
 SPECS/mokutil.spec                            | 177 ++++++++++++++++++
 8 files changed, 338 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 .mokutil.metadata
 create mode 100644 SOURCES/0001-Show-usage-instead-of-aborting-on-bad-flags.patch
 create mode 100644 SOURCES/0002-mokutil-bugfix-del-unused-opt-s.patch
 create mode 100644 SOURCES/0003-Fix-leak-of-list-in-delete_data_from_req_var.patch
 create mode 100644 SOURCES/0004-Fix-leak-of-fd-in-mok_get_variable.patch
 create mode 100644 SOURCES/mokutil.patches
 create mode 100644 SPECS/mokutil.spec

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..ca43e0b
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+SOURCES/mokutil-0.6.0.tar.gz
diff --git a/.mokutil.metadata b/.mokutil.metadata
new file mode 100644
index 0000000..ab6e9e9
--- /dev/null
+++ b/.mokutil.metadata
@@ -0,0 +1 @@
+b38fa41703cae749d8f642d3218cdff5d5d9a8ec SOURCES/mokutil-0.6.0.tar.gz
diff --git a/SOURCES/0001-Show-usage-instead-of-aborting-on-bad-flags.patch b/SOURCES/0001-Show-usage-instead-of-aborting-on-bad-flags.patch
new file mode 100644
index 0000000..0f7fda1
--- /dev/null
+++ b/SOURCES/0001-Show-usage-instead-of-aborting-on-bad-flags.patch
@@ -0,0 +1,31 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Tue, 17 May 2022 11:23:28 -0400
+Subject: [PATCH] Show usage instead of aborting on bad flags
+
+Aborting here just confuses users and is sufficiently unexpected to
+cause the filing of bugs.
+
+Related: https://bugzilla.redhat.com/show_bug.cgi?id=2087066
+Signed-off-by: Robbie Harwood <rharwood@redhat.com>
+(cherry picked from commit 82694cb1ce3b29c3705c25ae4cea3d07fe57b558)
+---
+ src/mokutil.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/src/mokutil.c b/src/mokutil.c
+index 5d725c9..e8228af 100644
+--- a/src/mokutil.c
++++ b/src/mokutil.c
+@@ -2087,10 +2087,9 @@ main (int argc, char *argv[])
+ 			goto out;
+ 		case 'h':
+ 		case '?':
++		default:
+ 			command |= HELP;
+ 			break;
+-		default:
+-			abort ();
+ 		}
+ 	}
+ 
diff --git a/SOURCES/0002-mokutil-bugfix-del-unused-opt-s.patch b/SOURCES/0002-mokutil-bugfix-del-unused-opt-s.patch
new file mode 100644
index 0000000..a5ad40b
--- /dev/null
+++ b/SOURCES/0002-mokutil-bugfix-del-unused-opt-s.patch
@@ -0,0 +1,26 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: gaoyusong <gaoyusong2@huawei.com>
+Date: Mon, 30 May 2022 17:54:47 +0800
+Subject: [PATCH] mokutil bugfix: del unused opt "-s"
+
+The -s option can cause unexcepted result.
+
+Signed-off-by: gaoyusong <gaoyusong2@huawei.com>
+(cherry picked from commit 04791c29e198b18808bca519267e31c8d3786a08)
+---
+ src/mokutil.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/mokutil.c b/src/mokutil.c
+index e8228af..6982ade 100644
+--- a/src/mokutil.c
++++ b/src/mokutil.c
+@@ -1851,7 +1851,7 @@ main (int argc, char *argv[])
+ 		};
+ 
+ 		int option_index = 0;
+-		c = getopt_long (argc, argv, "cd:f:g::hi:lmpst:xDNPXv",
++		c = getopt_long (argc, argv, "cd:f:g::hi:lmpt:xDNPXv",
+ 				 long_options, &option_index);
+ 
+ 		if (c == -1)
diff --git a/SOURCES/0003-Fix-leak-of-list-in-delete_data_from_req_var.patch b/SOURCES/0003-Fix-leak-of-list-in-delete_data_from_req_var.patch
new file mode 100644
index 0000000..23633a8
--- /dev/null
+++ b/SOURCES/0003-Fix-leak-of-list-in-delete_data_from_req_var.patch
@@ -0,0 +1,28 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Thu, 2 Jun 2022 12:56:31 -0400
+Subject: [PATCH] Fix leak of list in delete_data_from_req_var()
+
+Signed-off-by: Robbie Harwood <rharwood@redhat.com>
+(cherry picked from commit d978c18f61b877afaab45a82d260b525423b8248)
+---
+ src/util.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/util.c b/src/util.c
+index 621869f..6cd0302 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -295,8 +295,10 @@ delete_data_from_req_var (const MokRequest req, const efi_guid_t *type,
+ 	}
+ 
+ 	/* the key or hash is not in this list */
+-	if (start == NULL)
+-		return 0;
++	if (start == NULL) {
++		ret = 0;
++		goto done;
++	}
+ 
+ 	/* all keys are removed */
+ 	if (total == 0) {
diff --git a/SOURCES/0004-Fix-leak-of-fd-in-mok_get_variable.patch b/SOURCES/0004-Fix-leak-of-fd-in-mok_get_variable.patch
new file mode 100644
index 0000000..f1a48f6
--- /dev/null
+++ b/SOURCES/0004-Fix-leak-of-fd-in-mok_get_variable.patch
@@ -0,0 +1,70 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Robbie Harwood <rharwood@redhat.com>
+Date: Thu, 2 Jun 2022 13:00:22 -0400
+Subject: [PATCH] Fix leak of fd in mok_get_variable()
+
+On success, it was never closed.  Refactor the code to use a single
+egress path so its closure is clear.
+
+Signed-off-by: Robbie Harwood <rharwood@redhat.com>
+(cherry picked from commit e498f6460ff5aea6a7cd61a33087d03e88a2f52a)
+---
+ src/util.c | 24 +++++++++++++-----------
+ 1 file changed, 13 insertions(+), 11 deletions(-)
+
+diff --git a/src/util.c b/src/util.c
+index 6cd0302..f7fc033 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -57,22 +57,21 @@ mok_get_variable(const char *name, uint8_t **datap, size_t *data_sizep)
+ 		return fd;
+ 
+ 	rc = fstat(fd, &sb);
+-	if (rc < 0) {
+-err_close:
+-		close(fd);
+-		return rc;
+-	}
++	if (rc < 0)
++		goto done;
+ 
+ 	if (sb.st_size == 0) {
+ 		errno = ENOENT;
+ 		rc = -1;
+-		goto err_close;
++		goto done;
+ 	}
+ 
+ 	bufsz = sb.st_size;
+ 	buf = calloc(1, bufsz);
+-	if (!buf)
+-		goto err_close;
++	if (!buf) {
++		rc = -1;
++		goto done;
++	}
+ 
+ 	while (pos < bufsz) {
+ 		ssz = read(fd, &buf[pos], bufsz - pos);
+@@ -82,15 +81,18 @@ err_close:
+ 			    errno == EINTR)
+ 				continue;
+ 			free(buf);
+-			goto err_close;
++			rc = -1;
++			goto done;
+ 		}
+ 
+ 		pos += ssz;
+ 	}
+ 	*datap = buf;
+ 	*data_sizep = pos;
+-
+-	return 0;
++	rc = 0;
++done:
++	close(fd);
++	return rc;
+ }
+ 
+ MokListNode*
diff --git a/SOURCES/mokutil.patches b/SOURCES/mokutil.patches
new file mode 100644
index 0000000..c450456
--- /dev/null
+++ b/SOURCES/mokutil.patches
@@ -0,0 +1,4 @@
+Patch0001: 0001-Show-usage-instead-of-aborting-on-bad-flags.patch
+Patch0002: 0002-mokutil-bugfix-del-unused-opt-s.patch
+Patch0003: 0003-Fix-leak-of-list-in-delete_data_from_req_var.patch
+Patch0004: 0004-Fix-leak-of-fd-in-mok_get_variable.patch
diff --git a/SPECS/mokutil.spec b/SPECS/mokutil.spec
new file mode 100644
index 0000000..07cce26
--- /dev/null
+++ b/SPECS/mokutil.spec
@@ -0,0 +1,177 @@
+Name:           mokutil
+Version:        0.6.0
+Release:        10%{?dist}
+Epoch:          2
+Summary:        Tool to manage UEFI Secure Boot MoK Keys
+License:        GPL-3.0-or-later
+URL:            https://github.com/lcp/mokutil
+Source0:        https://github.com/lcp/mokutil/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Source1:        mokutil.patches
+ExclusiveArch:  %{ix86} x86_64 aarch64 %{arm}
+
+BuildRequires:  autoconf
+BuildRequires:  automake
+BuildRequires:  efivar-devel >= 31-1
+BuildRequires:  gcc
+BuildRequires:  git
+BuildRequires:  gnu-efi
+BuildRequires:  keyutils-libs-devel
+BuildRequires:  make
+BuildRequires:  openssl
+BuildRequires:  openssl-devel
+Conflicts:      shim < 0.8-1%{?dist}
+Obsoletes:      mokutil < 0.2.0
+
+%include %{SOURCE1}
+
+%description
+mokutil provides a tool to manage keys for Secure Boot through the MoK
+("Machine's Own Keys") mechanism.
+
+%prep
+%autosetup -S git_am -b 0 -T
+
+%build
+./autogen.sh
+%configure
+%{make_build}
+
+%install
+%{make_install}
+
+%files
+%license COPYING
+%doc README
+%{_bindir}/mokutil
+%{_mandir}/man1/*
+%{_datadir}/bash-completion/completions/mokutil
+
+%changelog
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com>
+- Bump release for June 2024 mass rebuild
+
+* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org>
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org>
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Wed Dec 13 2023 Nicolas Frayer <nfrayer@redhat.com>
+- Migrate to SPDX license
+- Please refer to https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_2
+
+* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org>
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org>
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org>
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Mon Jun 06 2022 Robbie Harwood <rharwood@redhat.com> - 0.6.0-4
+- Fix unused -s option and pull leak fixes
+
+* Wed May 25 2022 Peter Jones <pjones@redhat.com> - 0.6.0-3
+- Fix patch application in the spec file...
+- Resolves: #2087066
+
+* Mon May 23 2022 Robbie Harwood <rharwood@redhat.com> - 2:0.6.0-2
+- Fix abort on unknown argument
+- Resolves: #2087066
+
+* Sat May 07 2022 Peter Robinson <pbrobinson@fedoraproject.org> - 2:0.6.0-1
+- Update to 0.6.0 release
+
+* Mon Mar 28 2022 Robbie Harwood <rharwood@redhat.com> - 2:0.5.0-3
+- Add ability to change fallback verbose mode
+
+* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2:0.5.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Thu Nov 18 2021 Javier Martinez Canillas <javierm@redhat.com> - 2:0.5.0-1
+- Update to 0.5.0 release
+
+* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 2:0.4.0-7
+- Rebuilt with OpenSSL 3.0.0
+
+* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2:0.4.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Sat Mar 20 2021 Peter Robinson <pbrobinson@fedoraproject.org> - 2:0.4.0-5
+- Minor spec cleanups, build on ARMv7
+
+* Wed Mar 17 2021 Javier Martinez Canillas <javierm@redhat.com> - 0.4.0-4
+- Add SBAT and mok-variables support
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2:0.4.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2:0.4.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Thu Jun 11 2020 Javier Martinez Canillas <javierm@redhat.com> - 0.4.0-1
+- Update to 0.4.0 release
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2:0.3.0-15
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Tue Nov 12 2019 Peter Jones <pjones@redhat.com> - 0.3.0-14
+- Pull one more upstream patch to keep this in sync with the f31 build.
+
+* Thu Oct 24 2019 Leigh Scott <leigh123linux@googlemail.com> - 1:0.3.0-14
+- Apply upstream commits to fix FTBFS
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.0-13
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.0-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 1:0.3.0-11
+- Rebuilt for libcrypt.so.2 (#1666033)
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.0-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.0-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 1:0.3.0-8
+- Rebuilt for switch to libxcrypt
+
+* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.0-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Sat Jul 08 2017 Peter Jones <pjones@redhat.com> - 0.3.0-5
+- Rebuild for efivar-31-1.fc26
+  Related: rhbz#1468841
+
+* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Wed Aug 17 2016 Peter Jones <pjones@redhat.com> - 0.3.0-3
+- Rebuild for newer efivar again.
+
+* Wed Aug 10 2016 Peter Jones <pjones@redhat.com> - 0.3.0-2
+- Update for newer efivar.
+
+* Tue Jun 14 2016 Peter Jones <pjones@redhat.com> - 0.3.0-1
+- Update to 0.3.0 release.
+  Resolves: rhbz#1334628
+
+* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.2.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:0.2.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Sat Feb 21 2015 Till Maas <opensource@till.name> - 1:0.2.0-2
+- Rebuilt for Fedora 23 Change
+  https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
+
+* Mon Oct 06 2014 Peter Jones <pjones@redhat.com> - 0.2.0-1
+- First independent package.