import dbxtool-8-5.el8_3.2

SOURCES/0003-fix-relop-in-esl_iter_next.patch

@@ -0,0 +1,70 @@
+From 50b302ea7b6bd41c38d50b2af9d89af5f715068a Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Wed, 16 May 2018 14:06:48 +0200
+Subject: [PATCH] fix relop in esl_iter_next()
+
+esl_iter_next() seeks to the next EFI_SIGNATURE_LIST object in the
+signature database that's being processed.
+
+- The position of the current (just processed) EFI_SIGNATURE_LIST object
+  in the signature database is "iter->offset".
+
+- The size of the same is in "iter->esl->SignatureListSize".
+
+- The size of the whole signature dabatase (containing the current
+  EFI_SIGNATURE_LIST) is in "iter->len".
+
+Thus, we need to advance "iter->offset" by "iter->esl->SignatureListSize",
+to reach the next EFI_SIGNATURE_LIST object.
+
+While advancing, we must not exceed the whole signature database. In other
+words, the (exclusive) end of the just processed EFI_SIGNATURE_LIST object
+is required to precede, or equal, the (exclusive) end of the signature
+database. Hence the "good" condition is:
+
+  iter->offset + iter->esl->SignatureListSize <= iter->len
+
+The "bad" condition is the negation of the above:
+
+  iter->offset + iter->esl->SignatureListSize > iter->len
+
+Because we don't trust "iter->esl->SignatureListSize" (since that was
+simply read from the binary blob, not computed by ourselves), we don't
+want to add to it or subtract from it (integer overflow!), we just want to
+use it naked for comparison. So we subtract "iter->offset" from both
+sides: "iter->offset" and "iter->len" are known-good because we've checked
+and computed them all along, so we can perform integer operations on them.
+After the subtraction, we have the following condition for *bad*:
+
+  iter->esl->SignatureListSize > iter->len - iter->offset
+
+Another way to put the same condition, for *bad*, is to swing the sides
+around the relop (giving a spin to the relop as well):
+
+  iter->len - iter->offset < iter->esl->SignatureListSize
+
+The controlling expression in esl_iter_next() is just this, except for the
+typo in the relational operator. Fix it.
+
+Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1508808
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+---
+ src/iter.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/iter.c b/src/iter.c
+index 45ee059e74c..f19166ab276 100644
+--- a/src/iter.c
++++ b/src/iter.c
+@@ -222,7 +222,7 @@ esl_iter_next(esl_iter *iter, efi_guid_t *type,
+ 		vprintf("Getting next EFI_SIGNATURE_LIST\n");
+ 		efi_guid_t type;
+ 		esl_get_type(iter, &type);
+-		if (iter->len - iter->offset > iter->esl->SignatureListSize) {
++		if (iter->len - iter->offset < iter->esl->SignatureListSize) {
+ 			warnx("EFI Signature List is malformed");
+ 			errx(1, "list has %zd bytes left, element is %"PRIu32" bytes",
+ 			     iter->len - iter->offset,
+-- 
+2.29.2
+

SPECS/dbxtool.spec

@@ -1,6 +1,6 @@
 Name:           dbxtool
 Version:        8
-Release:        5%{?dist}
+Release:        5%{?dist}.2
 Summary:        Secure Boot DBX updater
 License:        GPLv2
 URL:            https://github.com/vathpela/dbxtool
@@ -14,6 +14,7 @@ Source0:        https://github.com/vathpela/dbxtool/releases/download/dbxtool-%{
 Patch0000:      %{name}-8-ccldflags.patch
 Patch0001:      0001-don-t-use-f-in-dbxtool.service.patch
 Patch0002:      0002-Make-quiet-exit-on-missing-PK-KEK-not-return-error-s.patch
+Patch0003:      0003-fix-relop-in-esl_iter_next.patch
 
 %description
 This package contains DBX updates for UEFI Secure Boot.
@@ -55,6 +56,15 @@ rm -f %{buildroot}/%{_docdir}/%{name}/COPYING
 %{_unitdir}/dbxtool.service
 
 %changelog
+* Wed Jan 20 2021 Jan Hlavac <jhlavac@redhat.com> - 8-5.el8_3.2
+- Enable manual gating
+  Related: rhbz#1681753
+  Related: rhbz#1912474
+
+* Fri Jan 15 2021 Javier Martinez Canillas <javierm@redhat.com> - 8-5.el8_3.1
+- Fix 'EFI Signature List is malformed' error (lersek)
+  Resolves: rhbz#1912474
+
 * Thu Apr 12 2018 Petr Šabata <contyk@redhat.com> - 8-5
 - Fix build flags injection (rhbz#1548123)