dragora/patches/efivar/efivar-upstream.patch

From 197a0874ea4010061b98b4b55eff65b33b1cd741 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Mon, 17 Jan 2022 12:34:55 -0500
Subject: [PATCH 1/7] Add -T workaround for GNU ld 2.36

Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Resolves: #195
---
 src/include/workarounds.mk | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/include/workarounds.mk b/src/include/workarounds.mk
index 3118834..143e790 100644
--- a/src/include/workarounds.mk
+++ b/src/include/workarounds.mk
@@ -4,12 +4,12 @@
 
 LD_FLAVOR := $(shell $(LD) --version | grep -E '^(LLD|GNU ld)'|sed 's/ .*//g')
 LD_VERSION := $(shell $(LD) --version | grep -E '^(LLD|GNU ld)'|sed 's/.* //')
-# I haven't tested 2.36 here; 2.35 is definitely broken and 2.37 seems to work
+# 2.35 is definitely broken and 2.36 seems to work
 LD_DASH_T := $(shell \
 	if [ "x${LD_FLAVOR}" = xLLD ] ; then \
 		echo '-T' ; \
 	elif [ "x${LD_FLAVOR}" = xGNU ] ; then \
-		if echo "${LD_VERSION}" | grep -q -E '^2\.3[789]|^2\.[456789]|^[3456789]|^[[:digit:]][[:digit:]]' ; then \
+		if echo "${LD_VERSION}" | grep -q -E '^2\.3[6789]|^2\.[456789]|^[3456789]|^[[:digit:]][[:digit:]]' ; then \
 			echo '-T' ; \
 		else \
 			echo "" ; \
-- 
2.20.1


From 28789d12ea9f88548263b5f0f4a30841e3a24f0a Mon Sep 17 00:00:00 2001
From: Ted Brandston <tbrandston@google.com>
Date: Mon, 31 Jan 2022 10:33:38 -0500
Subject: [PATCH 2/7] Add `extern "C"` to headers for easier use by C++

Add `extern "C"` directly to all headers except efivar-guids.h, which
is generated. Because it interferes with C compilers, wrap each
`extern` in an `#ifdef __cplusplus`. For efivar-guids.h update the
generator, makeguids.c, to add the desired code.

From https://en.cppreference.com/w/cpp/language/language_linkage:
> extern "C" makes it possible to include header files containing
> declarations of C library functions in a C++ program, but if the
> same header file is shared with a C program, extern "C" (which
> is not allowed in C) must be hidden with an appropriate #ifdef,
> typically __cplusplus.

Signed-off-by: Ted Brandston <tbrandston@google.com>
---
 src/include/efivar/efiboot-creator.h | 8 ++++++++
 src/include/efivar/efiboot-loadopt.h | 8 ++++++++
 src/include/efivar/efiboot.h         | 8 ++++++++
 src/include/efivar/efisec-secdb.h    | 8 ++++++++
 src/include/efivar/efisec-types.h    | 8 ++++++++
 src/include/efivar/efisec.h          | 8 ++++++++
 src/include/efivar/efivar-dp.h       | 9 +++++++++
 src/include/efivar/efivar-time.h     | 8 ++++++++
 src/include/efivar/efivar-types.h    | 8 ++++++++
 src/include/efivar/efivar.h          | 8 ++++++++
 src/makeguids.c                      | 8 ++++++++
 11 files changed, 89 insertions(+)

diff --git a/src/include/efivar/efiboot-creator.h b/src/include/efivar/efiboot-creator.h
index 308ea49..175417d 100644
--- a/src/include/efivar/efiboot-creator.h
+++ b/src/include/efivar/efiboot-creator.h
@@ -7,6 +7,10 @@
 #ifndef _EFIBOOT_CREATOR_H
 #define _EFIBOOT_CREATOR_H
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 #define EFIBOOT_ABBREV_NONE		0x00000001
 #define EFIBOOT_ABBREV_HD		0x00000002
 #define EFIBOOT_ABBREV_FILE		0x00000004
@@ -43,6 +47,10 @@ extern ssize_t efi_generate_ipv4_device_path(uint8_t *buf, ssize_t size,
 	__attribute__((__nonnull__ (3,4,5,6,7)))
 	__attribute__((__visibility__ ("default")));
 
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
 #endif /* _EFIBOOT_CREATOR_H */
 
 // vim:fenc=utf-8:tw=75:noet
diff --git a/src/include/efivar/efiboot-loadopt.h b/src/include/efivar/efiboot-loadopt.h
index 3c723a1..76dc45a 100644
--- a/src/include/efivar/efiboot-loadopt.h
+++ b/src/include/efivar/efiboot-loadopt.h
@@ -7,6 +7,10 @@
 #ifndef _EFIBOOT_LOADOPT_H
 #define _EFIBOOT_LOADOPT_H 1
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 typedef struct efi_load_option_s efi_load_option;
 
 extern ssize_t efi_loadopt_create(uint8_t *buf, ssize_t size,
@@ -59,6 +63,10 @@ extern int efi_loadopt_is_valid(efi_load_option *opt, size_t size)
 	__attribute__((__nonnull__ (1)))
 	__attribute__((__visibility__ ("default")));
 
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
 #endif /* _EFIBOOT_LOADOPT_H */
 
 // vim:fenc=utf-8:tw=75:noet
diff --git a/src/include/efivar/efiboot.h b/src/include/efivar/efiboot.h
index e52ab8f..b5dfb20 100644
--- a/src/include/efivar/efiboot.h
+++ b/src/include/efivar/efiboot.h
@@ -21,9 +21,17 @@
 #include <efivar/efiboot-creator.h>
 #include <efivar/efiboot-loadopt.h>
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 extern uint32_t efi_get_libefiboot_version(void)
 	__attribute__((__visibility__("default")));
 
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
 #endif /* EFIBOOT_H */
 
 // vim:fenc=utf-8:tw=75:noet
diff --git a/src/include/efivar/efisec-secdb.h b/src/include/efivar/efisec-secdb.h
index 37ddcc2..ece4a7d 100644
--- a/src/include/efivar/efisec-secdb.h
+++ b/src/include/efivar/efisec-secdb.h
@@ -7,6 +7,10 @@
 #ifndef EFISEC_SECDB_H_
 #define EFISEC_SECDB_H_
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 typedef struct efi_secdb efi_secdb_t;
 
 typedef union {
@@ -90,5 +94,9 @@ extern int efi_secdb_visit_entries(efi_secdb_t *secdb,
 				   efi_secdb_visitor_t *visitor,
 				   void *closure);
 
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
 #endif /* !EFISEC_SECDB_H_ */
 // vim:fenc=utf-8:tw=75:noet
diff --git a/src/include/efivar/efisec-types.h b/src/include/efivar/efisec-types.h
index 4ba04ab..d3e1fe0 100644
--- a/src/include/efivar/efisec-types.h
+++ b/src/include/efivar/efisec-types.h
@@ -10,6 +10,10 @@
 #include <stdint.h>
 #include <efivar/efivar-types.h>
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /*
  * Storage for specific hashes and cryptographic (pkcs1, not pkcs7)
  * signatures
@@ -231,5 +235,9 @@ typedef struct {
 	// uint8_t				signing_cert[];
 } efi_variable_nonced_authentication_3 __attribute__((aligned (1)));
 
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
 #endif /* !SECURITY_H_ */
 // vim:fenc=utf-8:tw=75:noet
diff --git a/src/include/efivar/efisec.h b/src/include/efivar/efisec.h
index 2072e5c..22cfda8 100644
--- a/src/include/efivar/efisec.h
+++ b/src/include/efivar/efisec.h
@@ -12,9 +12,17 @@
 #include <efivar/efisec-types.h>
 #include <efivar/efisec-secdb.h>
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 extern uint32_t efi_get_libefisec_version(void)
 	__attribute__((__visibility__("default")));
 
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
 #endif /* EFISEC_H */
 
 // vim:fenc=utf-8:tw=75:noet
diff --git a/src/include/efivar/efivar-dp.h b/src/include/efivar/efivar-dp.h
index c3b34be..bfbf874 100644
--- a/src/include/efivar/efivar-dp.h
+++ b/src/include/efivar/efivar-dp.h
@@ -8,6 +8,10 @@
 
 #include <limits.h>
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 #define efidp_encode_bitfield_(name, shift, mask)			\
 	(((name) << (shift)) & (mask))
 #define efidp_decode_bitfield_(value, name, shift, mask)		\
@@ -1213,6 +1217,11 @@ extern ssize_t efidp_make_generic(uint8_t *buf, ssize_t size, uint8_t type,
 #if defined(__clang__)
 #pragma clang diagnostic pop
 #endif
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
 #endif /* _EFIVAR_DP_H */
 
 // vim:fenc=utf-8:tw=75:noet
diff --git a/src/include/efivar/efivar-time.h b/src/include/efivar/efivar-time.h
index 284e5b4..6783dac 100644
--- a/src/include/efivar/efivar-time.h
+++ b/src/include/efivar/efivar-time.h
@@ -14,6 +14,10 @@
 
 #include <stdbool.h>
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 extern int tm_to_efi_time(const struct tm *const s, efi_time_t *d, bool tzadj);
 extern int efi_time_to_tm(const efi_time_t * const s, struct tm *d);
 
@@ -29,5 +33,9 @@ extern char *efi_strptime(const char *s, const char *format, efi_time_t *time);
 extern size_t efi_strftime(char *s, size_t max, const char *format,
 			   const efi_time_t *time);
 
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
 #endif /* !EFIVAR_TIME_H_ */
 // vim:fenc=utf-8:tw=75:noet
diff --git a/src/include/efivar/efivar-types.h b/src/include/efivar/efivar-types.h
index 1d48943..34b333f 100644
--- a/src/include/efivar/efivar-types.h
+++ b/src/include/efivar/efivar-types.h
@@ -10,6 +10,10 @@
 
 #include <stdint.h>
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 typedef struct {
 	uint32_t	a;
 	uint16_t	b;
@@ -95,5 +99,9 @@ typedef struct {
 #define EFI_VARIABLE_APPEND_WRITE				((uint64_t)0x0000000000000040)
 #define EFI_VARIABLE_ENHANCED_AUTHENTICATED_ACCESS		((uint64_t)0x0000000000000080)
 
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
 #endif /* EFI_TYPES_H */
 // vim:fenc=utf-8:tw=75:noet
diff --git a/src/include/efivar/efivar.h b/src/include/efivar/efivar.h
index 7518a32..91a8323 100644
--- a/src/include/efivar/efivar.h
+++ b/src/include/efivar/efivar.h
@@ -24,6 +24,10 @@
 #include <efivar/efivar-guids.h>
 #endif
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 #define EFI_VARIABLE_HAS_AUTH_HEADER	0x0000000100000000
 #define EFI_VARIABLE_HAS_SIGNATURE	0x0000000200000000
 
@@ -200,6 +204,10 @@ extern FILE * efi_get_logfile(void)
 extern uint32_t efi_get_libefivar_version(void)
 	__attribute__((__visibility__("default")));
 
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
 #include <efivar/efivar-dp.h>
 #include <efivar/efivar-time.h>
 
diff --git a/src/makeguids.c b/src/makeguids.c
index e4ff411..376bffb 100644
--- a/src/makeguids.c
+++ b/src/makeguids.c
@@ -163,6 +163,10 @@ main(int argc, char *argv[])
 	char *strtab = guidnames->strtab;
 
 	fprintf(header, "#ifndef EFIVAR_GUIDS_H\n#define EFIVAR_GUIDS_H 1\n\n");
+	fprintf(header, "\
+#ifdef __cplusplus\n\
+extern \"C\" {\n\
+#endif\n");
 	fprintf(header, "\n\
 struct efivar_guidname {\n\
 	efi_guid_t guid;\n\
@@ -283,6 +287,10 @@ struct efivar_guidname {\n\
 	 * Emit the end from here as well.
 	 */
 
+	fprintf(header, "\n\
+#ifdef __cplusplus\n\
+} /* extern \"C\" */\n\
+#endif\n");
 	fprintf(header, "\n#endif /* EFIVAR_GUIDS_H */\n");
 	fclose(header);
 
-- 
2.20.1


From 15622b7e5761f3dde3f0e42081380b2b41639a48 Mon Sep 17 00:00:00 2001
From: itd0 <69421122+itd0@users.noreply.github.com>
Date: Mon, 4 Apr 2022 19:59:58 +0200
Subject: [PATCH 3/7] Avoid format error on i686

On i686 definition of off_t and ssize_t differ.  Update format length
modifiers as needed to avoid format errors with GCC.

Signed-off-by: itd0 <69421122+itd0@users.noreply.github.com>
---
 src/esl-iter.c   | 18 +++++++++---------
 src/secdb-dump.c |  2 +-
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/src/esl-iter.c b/src/esl-iter.c
index 26b5cb5..4a1938a 100644
--- a/src/esl-iter.c
+++ b/src/esl-iter.c
@@ -308,13 +308,13 @@ esl_list_iter_next_with_size_correction(esl_list_iter *iter, efi_guid_t *type,
 		return -1;
 	}
 	if (iter->offset < 0) {
-		efi_error("iter->offset (%zd) < 0", iter->offset);
+		efi_error("iter->offset (%jd) < 0", (intmax_t)iter->offset);
 		errno = EINVAL;
 		return -1;
 	}
 	if ((uint32_t)iter->offset >= iter->len) {
-		efi_error("iter->offset (%zd) >= iter->len (%zd)",
-			  iter->offset, iter->len);
+		efi_error("iter->offset (%jd) >= iter->len (%zd)",
+			  (intmax_t)iter->offset, iter->len);
 		errno = EINVAL;
 		return -1;
 	}
@@ -335,9 +335,9 @@ esl_list_iter_next_with_size_correction(esl_list_iter *iter, efi_guid_t *type,
 			      iter->len - iter->offset, iter->len - iter->offset,
 			      iter->esl->signature_list_size, iter->esl->signature_list_size);
 			if (correct_size && (iter->len - iter->offset) > 0) {
-				warnx("correcting ESL size from %d to %zd at %lx",
+				warnx("correcting ESL size from %d to %jd at %lx",
 				      iter->esl->signature_list_size,
-				      iter->len - iter->offset, iter->offset);
+				      (intmax_t)(iter->len - iter->offset), iter->offset);
 				debug("correcting ESL size from %d to %zd at %lx",
 				      iter->esl->signature_list_size,
 				      iter->len - iter->offset, iter->offset);
@@ -360,9 +360,9 @@ esl_list_iter_next_with_size_correction(esl_list_iter *iter, efi_guid_t *type,
 		if (iter->len - iter->offset < iter->esl->signature_list_size) {
 			debug("EFI_SIGNATURE_LIST is malformed");
 			if (correct_size && (iter->len - iter->offset) > 0) {
-				warnx("correcting ESL size from %d to %zd at 0x%lx",
+				warnx("correcting ESL size from %d to %jd at 0x%lx",
 				      iter->esl->signature_list_size,
-				      iter->len - iter->offset, iter->offset);
+				      (intmax_t)(iter->len - iter->offset), iter->offset);
 				debug("correcting ESL size from %d to %zd at 0x%lx",
 				      iter->esl->signature_list_size,
 				      iter->len - iter->offset, iter->offset);
@@ -411,9 +411,9 @@ esl_list_iter_next_with_size_correction(esl_list_iter *iter, efi_guid_t *type,
 	if (iter->esl->signature_list_size > iter->len - iter->offset) {
 		debug("EFI_SIGNATURE_LIST is malformed");
 		if (correct_size && (iter->len - iter->offset) > 0) {
-			warnx("correcting ESL size from %d to %zd at 0x%lx",
+			warnx("correcting ESL size from %d to %jd at 0x%lx",
 			      iter->esl->signature_list_size,
-			      iter->len - iter->offset, iter->offset);
+			      (intmax_t)(iter->len - iter->offset), iter->offset);
 			debug("correcting ESL size from %d to %zd at 0x%lx",
 			      iter->esl->signature_list_size,
 			      iter->len - iter->offset, iter->offset);
diff --git a/src/secdb-dump.c b/src/secdb-dump.c
index 02fb915..17f6441 100644
--- a/src/secdb-dump.c
+++ b/src/secdb-dump.c
@@ -248,7 +248,7 @@ secdb_dump(efi_secdb_t *secdb, bool annotations)
 		esln += 1;
 	}
 	secdb_dump_finish();
-	printf("%08lx\n", offset);
+	printf("%08zx\n", offset);
 
 	fflush(stdout);
 }
-- 
2.20.1


From aab4e9b10ac9e98588a1b19771cf6f4c8c0a3096 Mon Sep 17 00:00:00 2001
From: Wei Fu <wefu@redhat.com>
Date: Sat, 2 Apr 2022 22:53:36 +0800
Subject: [PATCH 4/7] Fix the -march issue for riscv64

There is an issue on riscv64 system when compiling it natively:
gcc: error: '-march=native': ISA string must begin with rv32 or rv64

This patch set HOST_MARCH= like ia64 to resolve the issue.

Signed-off-by: Wei Fu <wefu@redhat.com>
---
 src/include/defaults.mk | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/include/defaults.mk b/src/include/defaults.mk
index 632b155..b8cc590 100644
--- a/src/include/defaults.mk
+++ b/src/include/defaults.mk
@@ -73,10 +73,14 @@ override SOFLAGS = $(_SOFLAGS) \
 
 HOST_ARCH=$(shell uname -m)
 ifneq ($(HOST_ARCH),ia64)
+ifneq ($(HOST_ARCH),riscv64)
 	HOST_MARCH=-march=native
 else
 	HOST_MARCH=
 endif
+else
+	HOST_MARCH=
+endif
 HOST_CPPFLAGS ?= $(CPPFLAGS)
 override _HOST_CPPFLAGS := $(HOST_CPPFLAGS)
 override HOST_CPPFLAGS = $(_HOST_CPPFLAGS) \
-- 
2.20.1


From cece3ffd5be2f8641eb694513f2b73e5eb97ffd3 Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Fri, 28 Jan 2022 12:13:30 +0100
Subject: [PATCH 5/7] efisecdb: fix build with musl libc

Refactor code to use POSIX atexit(3) instead of the GNU specific
on_exit(3).

Resolves: #197
Resolves: #202
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
---
 src/compiler.h |  2 --
 src/efisecdb.c | 68 +++++++++++++++++++-------------------------------
 2 files changed, 26 insertions(+), 44 deletions(-)

diff --git a/src/compiler.h b/src/compiler.h
index e2f18f0..d95fb01 100644
--- a/src/compiler.h
+++ b/src/compiler.h
@@ -7,8 +7,6 @@
 #ifndef COMPILER_H_
 #define COMPILER_H_
 
-#include <sys/cdefs.h>
-
 /* GCC version checking borrowed from glibc. */
 #if defined(__GNUC__) && defined(__GNUC_MINOR__)
 #  define GNUC_PREREQ(maj,min) \
diff --git a/src/efisecdb.c b/src/efisecdb.c
index f882373..6bd5ad9 100644
--- a/src/efisecdb.c
+++ b/src/efisecdb.c
@@ -25,6 +25,10 @@
 extern char *optarg;
 extern int optind, opterr, optopt;
 
+static efi_secdb_t *secdb = NULL;
+static list_t infiles;
+static list_t actions;
+
 struct hash_param {
 	char *name;
 	efi_secdb_type_t algorithm;
@@ -187,12 +191,11 @@ add_action(list_t *list, action_type_t action_type, const efi_guid_t *owner,
 }
 
 static void
-free_actions(int status UNUSED, void *actionsp)
+free_actions(void)
 {
-	list_t *actions = (list_t *)actionsp;
 	list_t *pos, *tmp;
 
-	for_each_action_safe(pos, tmp, actions) {
+	for_each_action_safe(pos, tmp, &actions) {
 		action_t *action = list_entry(pos, action_t, list);
 
 		list_del(&action->list);
@@ -202,12 +205,11 @@ free_actions(int status UNUSED, void *actionsp)
 }
 
 static void
-free_infiles(int status UNUSED, void *infilesp)
+free_infiles(void)
 {
-	list_t *infiles = (list_t *)infilesp;
 	list_t *pos, *tmp;
 
-	for_each_ptr_safe(pos, tmp, infiles) {
+	for_each_ptr_safe(pos, tmp, &infiles) {
 		ptrlist_t *entry = list_entry(pos, ptrlist_t, list);
 
 		list_del(&entry->list);
@@ -216,27 +218,12 @@ free_infiles(int status UNUSED, void *infilesp)
 }
 
 static void
-maybe_free_secdb(int status UNUSED, void *voidp)
+maybe_free_secdb(void)
 {
-	efi_secdb_t **secdbp = (efi_secdb_t **)voidp;
-
-	if (secdbp == NULL || *secdbp == NULL)
+	if (secdb == NULL)
 		return;
 
-	efi_secdb_free(*secdbp);
-}
-
-static void
-maybe_do_unlink(int status, void *filep)
-{
-	char **file = (char **)filep;
-
-	if (status == 0)
-		return;
-	if (file == NULL || *file == NULL)
-		return;
-
-	unlink(*file);
+	efi_secdb_free(secdb);
 }
 
 static void
@@ -323,15 +310,6 @@ parse_input_files(list_t *infiles, char **outfile, efi_secdb_t **secdb,
 	return status;
 }
 
-/*
- * These need to be static globals so that they're not on main's stack when
- * on_exit() fires.
- */
-static efi_secdb_t *secdb = NULL;
-static list_t infiles;
-static list_t actions;
-static char *outfile = NULL;
-
 int
 main(int argc, char *argv[])
 {
@@ -351,6 +329,7 @@ main(int argc, char *argv[])
 	bool do_sort_data = false;
 	bool sort_descending = false;
 	int status = 0;
+	char *outfile = NULL;
 
 	const char sopts[] = ":aAc:dfg:h:i:Lo:rs:t:v?";
 	const struct option lopts[] = {
@@ -376,10 +355,9 @@ main(int argc, char *argv[])
 	INIT_LIST_HEAD(&infiles);
 	INIT_LIST_HEAD(&actions);
 
-	on_exit(free_actions, &actions);
-	on_exit(free_infiles, &infiles);
-	on_exit(maybe_free_secdb, &secdb);
-	on_exit(maybe_do_unlink, &outfile);
+	atexit(free_actions);
+	atexit(free_infiles);
+	atexit(maybe_free_secdb);
 
 	/*
 	 * parse the command line.
@@ -587,24 +565,30 @@ sort_err:
 	outfd = open(outfile, flags, 0600);
 	if (outfd < 0) {
 		char *tmpoutfile = outfile;
-		if (errno == EEXIST)
-			outfile = NULL;
+		if (errno != EEXIST)
+			unlink(outfile);
 		err(1, "could not open \"%s\"", tmpoutfile);
 	}
 
 	rc = ftruncate(outfd, 0);
-	if (rc < 0)
+	if (rc < 0) {
+		unlink(outfile);
 		err(1, "could not truncate output file \"%s\"", outfile);
+	}
 
 	void *output;
 	size_t size = 0;
 	rc = efi_secdb_realize(secdb, &output, &size);
-	if (rc < 0)
+	if (rc < 0) {
+		unlink(outfile);
 		secdb_err(1, "could not realize signature list");
+	}
 
 	rc = write(outfd, output, size);
-	if (rc < 0)
+	if (rc < 0) {
+		unlink(outfile);
 		err(1, "could not write signature list");
+	}
 
 	close(outfd);
 	xfree(output);
-- 
2.20.1


From df09b472419466987f2f30176dd00937e640aa9a Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Fri, 28 Jan 2022 12:29:00 +0100
Subject: [PATCH 6/7] efisecdb: do not free optarg

The *outfile passed to parse_input_files can only be either set to
optarg or be NULL. optarg should not be free'd and NULL does not need
to.

Since we no longer use on_exit to unlink outfile we also don't need to
set *outfile to NULL.

Fixes commit d91787035bc1 (efisecdb: add efisecdb)

Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
---
 src/efisecdb.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/src/efisecdb.c b/src/efisecdb.c
index 6bd5ad9..70fa184 100644
--- a/src/efisecdb.c
+++ b/src/efisecdb.c
@@ -255,8 +255,7 @@ list_guids(void)
  * failure.
  */
 static int
-parse_input_files(list_t *infiles, char **outfile, efi_secdb_t **secdb,
-		  bool dump)
+parse_input_files(list_t *infiles, efi_secdb_t **secdb, bool dump)
 {
 	int status = 0;
 	list_t *pos, *tmp;
@@ -297,8 +296,6 @@ parse_input_files(list_t *infiles, char **outfile, efi_secdb_t **secdb,
 				if (!dump)
 					exit(1);
 				status = 1;
-				xfree(*outfile);
-				*outfile = NULL;
 				break;
 			}
 		}
@@ -528,7 +525,7 @@ sort_err:
 	efi_secdb_set_bool(secdb, EFI_SECDB_SORT_DATA, do_sort_data);
 	efi_secdb_set_bool(secdb, EFI_SECDB_SORT_DESCENDING, sort_descending);
 
-	status = parse_input_files(&infiles, &outfile, &secdb, dump);
+	status = parse_input_files(&infiles, &secdb, dump);
 	if (status == 0) {
 		for_each_action_safe(pos, tmp, &actions) {
 			action_t *action = list_entry(pos, action_t, list);
-- 
2.20.1


From 6be2cb1c0139ac177e754b0767abf1ca1533847f Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Mon, 18 Apr 2022 13:08:18 -0400
Subject: [PATCH 7/7] Fix invalid free in main()

data is allocated by mmap() in prepare_data().

Resolves: #173
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
---
 src/efivar.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/efivar.c b/src/efivar.c
index 5cd1eb2..09f85ed 100644
--- a/src/efivar.c
+++ b/src/efivar.c
@@ -633,7 +633,7 @@ int main(int argc, char *argv[])
 				if (sz < 0)
 					err(1, "Could not import data from \"%s\"", infile);
 
-				free(data);
+				munmap(data, data_size);
 				data = NULL;
 				data_size = 0;
 
-- 
2.20.1