diff -uprN pesign-115.org/include/libdpe/libdpe.h pesign-115.mod/include/libdpe/libdpe.h
--- pesign-115.org/include/libdpe/libdpe.h	2022-03-09 02:46:30.000000000 +0900
+++ pesign-115.mod/include/libdpe/libdpe.h	2022-11-04 20:32:53.789209000 +0900
@@ -66,7 +66,7 @@ extern Pe *pe_begin(int fildes, Pe_Cmd c
 extern Pe *pe_clone(Pe *pe, Pe_Cmd cmd);
 extern Pe *pe_memory(char *image, size_t size);
 extern int pe_end(Pe *pe);
-extern loff_t pe_update(Pe *pe, Pe_Cmd cmd);
+extern off_t pe_update(Pe *pe, Pe_Cmd cmd);
 extern Pe_Kind pe_kind(Pe *Pe) __attribute__ ((__pure__));
 extern Pe_Scn *pe_nextscn(Pe *pe, Pe_Scn *scn);
 extern Pe_Scn *pe_getscn(Pe *pe, size_t idx);
diff -uprN pesign-115.org/libdpe/common.h pesign-115.mod/libdpe/common.h
--- pesign-115.org/libdpe/common.h	2022-03-09 02:46:30.000000000 +0900
+++ pesign-115.mod/libdpe/common.h	2022-11-04 22:28:59.295413000 +0900
@@ -13,11 +13,11 @@
 #include <sys/mman.h>
 
 #define pwrite_retry(fd, buf,  len, off) \
-	TEMP_FAILURE_RETRY (pwrite (fd, buf, len, off))
+	pwrite (fd, buf, len, off)
 #define write_retry(fd, buf, n) \
-	TEMP_FAILURE_RETRY (write (fd, buf, n))
+	write (fd, buf, n)
 #define pread_retry(fd, buf,  len, off) \
-	TEMP_FAILURE_RETRY (pread (fd, buf, len, off))
+	pread (fd, buf, len, off)
 
 #define is_64_bit(pe) ((pe)->flags & IMAGE_FILE_32BIT_MACHINE)
 
diff -uprN pesign-115.org/libdpe/endian.h pesign-115.mod/libdpe/endian.h
--- pesign-115.org/libdpe/endian.h	2022-03-09 02:46:30.000000000 +0900
+++ pesign-115.mod/libdpe/endian.h	2022-11-04 20:36:10.769722000 +0900
@@ -7,7 +7,7 @@
 #ifndef ENDIAN_H
 #define ENDIAN_H
 
-#include <endian.h>
+#include <sys/endian.h>
 #include <stdint.h>
 #include <string.h>
 
diff -uprN pesign-115.org/libdpe/pe_allocspace.c pesign-115.mod/libdpe/pe_allocspace.c
--- pesign-115.org/libdpe/pe_allocspace.c	2022-03-09 02:46:30.000000000 +0900
+++ pesign-115.mod/libdpe/pe_allocspace.c	2022-11-04 20:48:07.803860000 +0900
@@ -6,6 +6,7 @@
  */
 #include "libdpe_priv.h"
 
+#include <err.h>
 #include <unistd.h>
 #include <sys/mman.h>
 #include <sys/types.h>
@@ -83,6 +84,7 @@ pe_extend_file(Pe *pe, size_t size, uint
 		return -1;
 	}
 
+	int error;
 	void *new = NULL;
 
 	if (align)
@@ -93,9 +95,13 @@ pe_extend_file(Pe *pe, size_t size, uint
 	if (rc < 0)
 		return -1;
 
-	new = mremap(pe->map_address, pe->maximum_size,
-		pe->maximum_size + extra, MREMAP_MAYMOVE);
+	error = munmap(pe->map_address, pe->maximum_size);
+	if (error != 0)
+		err(1, "munmap");
+	new = mmap(pe->map_address, pe->maximum_size + extra,
+	    PROT_WRITE | PROT_READ, MAP_SHARED, pe->fildes, 0);
 	if (new == MAP_FAILED) {
+		err(1, "mmap");
 		__libpe_seterrno (PE_E_NOMEM);
 		return -1;
 	}
@@ -115,15 +121,20 @@ pe_extend_file(Pe *pe, size_t size, uint
 int
 pe_shorten_file(Pe *pe, size_t size)
 {
+	int error;
 	void *new = NULL;
 
 	if (!pe) {
 		errno = EINVAL;
 		return -1;
 	}
-	new = mremap(pe->map_address, pe->maximum_size,
-		pe->maximum_size - size, 0);
+	error = munmap(pe->map_address, pe->maximum_size);
+	if (error != 0)
+		err(1, "munmap");
+
+	new = mmap(pe->map_address, pe->maximum_size - size, PROT_READ | PROT_WRITE, MAP_SHARED, pe->fildes, 0);
 	if (new == MAP_FAILED) {
+		err(1, "mmap");
 		__libpe_seterrno (PE_E_NOMEM);
 		return -1;
 	}
diff -uprN pesign-115.org/libdpe/pe_update.c pesign-115.mod/libdpe/pe_update.c
--- pesign-115.org/libdpe/pe_update.c	2022-03-09 02:46:30.000000000 +0900
+++ pesign-115.mod/libdpe/pe_update.c	2022-11-04 20:34:03.367225000 +0900
@@ -61,7 +61,7 @@ write_file(Pe *pe, off_t size, size_t sh
 	return size;
 }
 
-loff_t
+off_t
 pe_update(Pe *pe, Pe_Cmd cmd)
 {
 	if (cmd != PE_C_NULL && cmd != PE_C_WRITE && cmd != PE_C_WRITE_MMAP) {
diff -uprN pesign-115.org/Make.defaults pesign-115.mod/Make.defaults
--- pesign-115.org/Make.defaults	2022-03-09 02:46:30.000000000 +0900
+++ pesign-115.mod/Make.defaults	2022-11-04 22:21:00.600407000 +0900
@@ -57,10 +57,9 @@ ifneq (,$(wildcard /usr/lib/gcc/x86_64-r
 endif
 
 cflags	= $(CFLAGS) $(ARCH3264) \
-	-Wall -Wextra -Wsign-compare -Wno-unused-result \
+	-Wextra -Wsign-compare -Wno-unused-result \
 	-Wno-unused-function -Wno-missing-field-initializers \
-	-Wno-analyzer-malloc-leak \
-	-Werror -Wno-error=cpp -Wno-free-nonheap-object \
+	-Wno-error=cpp -Wno-free-nonheap-object \
 	-std=gnu11 -fshort-wchar -fPIC -fno-strict-aliasing \
 	-D_GNU_SOURCE -DCONFIG_$(ARCH) -I${TOPDIR}/include \
 	'-DRUNDIR="$(rundir)"' \
@@ -83,7 +82,7 @@ CPPFLAGS ?= -D_FORTIFY_SOURCE=2
 RANLIBFLAGS	?= $(if $(filter $(CC),gcc),-D)
 ARFLAGS ?= $(if $(filter $(CC),gcc),-Dcvqs)$(if $(filter $(CC),clang),-cqvs)
 
-LDLIBS	= $(foreach lib,$(LIBS),-l$(lib)) $(call pkg-config-ldlibs)
+LDLIBS	= -L/usr/local/lib $(foreach lib,$(LIBS),-l$(lib)) $(call pkg-config-ldlibs)
 
 ifeq ($(ARCH),ia64)
   efi_cflags += -mfixed-range=f32-f127
diff -uprN pesign-115.org/src/actions.c pesign-115.mod/src/actions.c
--- pesign-115.org/src/actions.c	2022-03-09 02:46:30.000000000 +0900
+++ pesign-115.mod/src/actions.c	2022-11-04 21:59:05.948962000 +0900
@@ -403,7 +403,7 @@ void
 check_signature_space(pesign_context *ctx)
 {
 	ssize_t available = available_cert_space(ctx->outpe);
-	ssize_t target = ctx->cms_ctx->newsig.len + sizeof (win_certificate_header_t);
+	ssize_t target = ctx->cms_ctx->newsig.len + sizeof (win_certificate);
 
 	target += ALIGNMENT_PADDING(target, 8);
 
diff -uprN pesign-115.org/src/authvar_context.c pesign-115.mod/src/authvar_context.c
--- pesign-115.org/src/authvar_context.c	2022-03-09 02:46:30.000000000 +0900
+++ pesign-115.mod/src/authvar_context.c	2022-11-04 21:34:50.142106000 +0900
@@ -74,7 +74,7 @@ authvar_context_fini(authvar_context *ct
 int
 generate_descriptor(authvar_context *ctx)
 {
-	win_certificate_uefi_guid_t *authinfo;
+	win_cert_uefi_guid_t *authinfo;
 	SECItem sd_der;
 	char *name_ptr;
 	uint8_t *buf, *ptr;
@@ -127,7 +127,7 @@ generate_descriptor(authvar_context *ctx
 	if (rc < 0)
 		cmsreterr(-1, ctx->cms_ctx, "could not create signed data");
 
-        offset = offsetof(win_certificate_uefi_guid_t, data);
+        offset = offsetof(win_cert_uefi_guid_t, data);
 
 	authinfo = calloc(offset + sd_der.len, 1);
 	if (!authinfo)
@@ -147,7 +147,7 @@ generate_descriptor(authvar_context *ctx
 int
 write_authvar(authvar_context *ctx)
 {
-	efi_variable_authentication_2_t *descriptor;
+	efi_var_auth_2_t *descriptor;
 	void *buffer, *ptr;
 	size_t buf_len, des_len, remain;
 	ssize_t wlen;
@@ -155,9 +155,9 @@ write_authvar(authvar_context *ctx)
 	if (!ctx->authinfo)
 		cmsreterr(-1, ctx->cms_ctx, "Not a valid authvar");
 
-	des_len = sizeof(efi_variable_authentication_2_t)
+	des_len = sizeof(efi_var_auth_2_t)
                   + ctx->authinfo->hdr.length
-                  - sizeof(win_certificate_uefi_guid_t);
+                  - sizeof(win_cert_uefi_guid_t);
 	buf_len = sizeof(ctx->attr) + des_len + ctx->value_size;
 
 	buffer = calloc(buf_len, 1);
@@ -170,9 +170,9 @@ write_authvar(authvar_context *ctx)
 	ptr += sizeof(ctx->attr);
 
 	/* EFI_VARIABLE_AUTHENTICATION_2 */
-	descriptor = (efi_variable_authentication_2_t *)ptr;
+	descriptor = (efi_var_auth_2_t *)ptr;
 	memcpy(&descriptor->timestamp, &ctx->timestamp, sizeof(efi_time_t));
-	memcpy(&descriptor->auth_info, ctx->authinfo, ctx->authinfo->hdr.length);
+	memcpy(&descriptor->authinfo, ctx->authinfo, ctx->authinfo->hdr.length);
 	ptr += des_len;
 
 	/* Data */
diff -uprN pesign-115.org/src/authvar_context.h pesign-115.mod/src/authvar_context.h
--- pesign-115.org/src/authvar_context.h	2022-03-09 02:46:30.000000000 +0900
+++ pesign-115.mod/src/authvar_context.h	2022-11-04 21:33:48.957563000 +0900
@@ -7,8 +7,9 @@
 #ifndef AUTHVAR_CONTEXT_H
 #define AUTHVAR_CONTEXT_H 1
 
+#include "efitypes.h"
 #include <efivar.h>
-#include <efisec.h>
+
 
 typedef struct {
 	long verbose;
@@ -32,7 +33,7 @@ typedef struct {
 	int   exportfd;
 	uint8_t to_firmware;
 
-	win_certificate_uefi_guid_t *authinfo;
+	win_cert_uefi_guid_t *authinfo;
 
 	cms_context *cms_ctx;
 } authvar_context;
diff -uprN pesign-115.org/src/authvar.h pesign-115.mod/src/authvar.h
--- pesign-115.org/src/authvar.h	2022-03-09 02:46:30.000000000 +0900
+++ pesign-115.mod/src/authvar.h	2022-11-04 22:20:15.164176000 +0900
@@ -8,7 +8,6 @@
 #define AUTHVAR_H 1
 
 #include <efivar.h>
-#include <efisec.h>
 
 #include <libdpe/libdpe.h>
 #include <libdpe/pe.h>
diff -uprN pesign-115.org/src/cms_common.c pesign-115.mod/src/cms_common.c
--- pesign-115.org/src/cms_common.c	2022-03-09 02:46:30.000000000 +0900
+++ pesign-115.mod/src/cms_common.c	2022-11-04 21:47:54.440593000 +0900
@@ -513,6 +513,7 @@ resolve_pkcs11_token_in_place(char *toke
 	dprintf("token name is \"%s\"", tokenname);
 }
 
+#define strdupa(s) strcpy(alloca(strlen(s) + 1), s)
 #define resolve_token_name(tn) ({					\
 	char *s_ = tn;							\
 	if (!strncmp(tn, "pkcs11:", 7))	{				\
diff -uprN pesign-115.org/src/cms_common.h pesign-115.mod/src/cms_common.h
--- pesign-115.org/src/cms_common.h	2022-03-09 02:46:30.000000000 +0900
+++ pesign-115.mod/src/cms_common.h	2022-11-04 21:36:36.319646000 +0900
@@ -25,7 +25,7 @@
 #include "password.h"
 
 #define save_port_err() \
-	for (error_t saved_errno_0_ = 0, saved_errno_1_ = PORT_GetError(); saved_errno_0_ < 1; saved_errno_0_++, PORT_SetError(saved_errno_1_))
+	for (errno_t saved_errno_0_ = 0, saved_errno_1_ = PORT_GetError(); saved_errno_0_ < 1; saved_errno_0_++, PORT_SetError(saved_errno_1_))
 
 #define for_each_cert(cl, node) \
 	for (CERTCertListNode *node = CERT_LIST_HEAD(cl); !CERT_LIST_END(node, cl); node = CERT_LIST_NEXT(node))
diff -uprN pesign-115.org/src/daemon.c pesign-115.mod/src/daemon.c
--- pesign-115.org/src/daemon.c	2022-03-09 02:46:30.000000000 +0900
+++ pesign-115.mod/src/daemon.c	2022-11-04 22:00:37.700534000 +0900
@@ -17,7 +17,7 @@
 #include <stdio.h>
 #include <string.h>
 #include <sys/mman.h>
-#include <sys/prctl.h>
+/*#include <sys/prctl.h>*/
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
@@ -1289,7 +1289,7 @@ daemonize(cms_context *cms_ctx, char *ce
 		close(fd);
 	}
 
-	prctl(PR_SET_NAME, "pesignd", 0, 0, 0);
+	/*prctl(PR_SET_NAME, "pesignd", 0, 0, 0);*/
 
 	setsid();
 
diff -uprN pesign-115.org/src/efikeygen.c pesign-115.mod/src/efikeygen.c
--- pesign-115.org/src/efikeygen.c	2022-03-09 02:46:30.000000000 +0900
+++ pesign-115.mod/src/efikeygen.c	2022-11-04 22:23:38.687712000 +0900
@@ -588,7 +588,7 @@ get_pw_env(pk12_file_t *file, const char
 {
 	if (!file)
 		errx(1, "--pk12-pw-env must be paired with --pk12-in or --pk12-out");
-	file->pw = secure_getenv(arg);
+	file->pw = getenv(arg);
 	if (file->pw == NULL)
 		errx(1, "Environment variable \"%s\" is not set.", arg);
 	file->pw = xstrdup(file->pw);
diff -uprN pesign-115.org/src/efitypes.h pesign-115.mod/src/efitypes.h
--- pesign-115.org/src/efitypes.h	1970-01-01 09:00:00.000000000 +0900
+++ pesign-115.mod/src/efitypes.h	2022-11-04 21:29:38.792257000 +0900
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2012 Red Hat, Inc.
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * Author(s): Peter Jones <pjones@redhat.com>
+ */
+#ifndef EFI_TYPES_H
+#define EFI_TYPES_H 1
+
+#include <efivar.h>
+
+typedef unsigned long efi_status_t;
+typedef uint16_t efi_char16_t;
+
+typedef struct {
+	uint16_t	year;
+	uint8_t		month;
+	uint8_t		day;
+	uint8_t		hour;
+	uint8_t		minute;
+	uint8_t		second;
+	uint8_t		pad1;
+	uint32_t	nanosecond;
+	int16_t		timezone;
+	uint8_t		daylight;
+	uint8_t		pad2;
+} efi_time_t;
+
+struct efi_variable {
+	efi_char16_t *VariableName;
+	efi_guid_t VendorGuid;
+	unsigned long DataSize;
+	uint8_t *Data;
+	efi_status_t Status;
+	uint32_t Attributes;
+};
+
+#define EFI_VARIABLE_NON_VOLATILE	0x0000000000000001
+#define EFI_VARIABLE_BOOTSERVICE_ACCESS	0x0000000000000002
+#define EFI_VARIABLE_RUNTIME_ACCESS	0x0000000000000004
+#define EFI_VARIABLE_HARDWARE_ERROR_RECORD	0x0000000000000008
+#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS	0x0000000000000010
+#define EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS 0x0000000000000020
+#define EFI_VARIABLE_APPEND_WRITE	0x0000000000000040
+
+#define EFI_GLOBAL_PLATFORM_KEY L"PK"
+#define EFI_GLOBAL_KEY_EXCHANGE_KEY L"KEK"
+#define EFI_IMAGE_SECURITY_DATABASE L"db"
+#define EFI_IMAGE_SECURITY_DATABASE1 L"dbx"
+
+#endif /* EFI_TYPES_H */
diff -uprN pesign-115.org/src/endian.h pesign-115.mod/src/endian.h
--- pesign-115.org/src/endian.h	2022-03-09 02:46:30.000000000 +0900
+++ pesign-115.mod/src/endian.h	2022-11-04 21:03:43.889166000 +0900
@@ -7,7 +7,7 @@
 #ifndef ENDIAN_H
 #define ENDIAN_H
 
-#include <endian.h>
+#include <sys/endian.h>
 
 #if __BYTE_ORDER == __LITTLE_ENDIAN
 #define cpu_to_le16(x) (x)
diff -uprN pesign-115.org/src/err.h pesign-115.mod/src/err.h
--- pesign-115.org/src/err.h	2022-03-09 02:46:30.000000000 +0900
+++ pesign-115.mod/src/err.h	2022-11-04 21:02:10.266482000 +0900
@@ -3,7 +3,7 @@
 #define _LINUX_ERR_H
 
 #include <stdbool.h>
-#include <asm/errno.h>
+#include <errno.h>
 
 #include "compiler.h"
 
diff -uprN pesign-115.org/src/file_pe.c pesign-115.mod/src/file_pe.c
--- pesign-115.org/src/file_pe.c	2022-03-09 02:46:30.000000000 +0900
+++ pesign-115.mod/src/file_pe.c	2022-11-04 22:02:49.499968000 +0900
@@ -305,7 +305,7 @@ pe_handle_action(pesign_context *ctxp, i
 			break;
 		default:
 			fprintf(stderr, "%s: Incompatible flags (0x%08x): ",
-				program_invocation_short_name, action);
+				"", action);
 			for (int i = 1; i < FLAG_LIST_END; i <<= 1) {
 				if (action & i)
 					print_flag_name(stderr, i);
diff -uprN pesign-115.org/src/Makefile pesign-115.mod/src/Makefile
--- pesign-115.org/src/Makefile	2022-03-09 02:46:30.000000000 +0900
+++ pesign-115.mod/src/Makefile	2022-11-04 22:08:46.155410000 +0900
@@ -36,6 +36,7 @@ ALL_SOURCES=$(COMMON_SOURCES) $(AUTHVAR_
 
 authvar : $(call objects-of,$(AUTHVAR_SOURCES) $(COMMON_SOURCES))
 # authvar : LDLIBS+=$(TOPDIR)/libdpe/libdpe.a
+authvar : LDLIBS+=-lgeom
 authvar : PKGS=efivar nss nspr popt
 
 client : $(call objects-of,$(CLIENT_SOURCES) $(COMMON_SOURCES) $(COMMON_PE_SOURCES))
@@ -50,7 +51,7 @@ pesigcheck : LDLIBS+=$(TOPDIR)/libdpe/li
 pesigcheck : PKGS=efivar nss nspr popt
 
 pesign : $(call objects-of,$(PESIGN_SOURCES) $(COMMON_SOURCES) $(COMMON_PE_SOURCES))
-pesign : LDLIBS+=$(TOPDIR)/libdpe/libdpe.a
+pesign : LDLIBS+=$(TOPDIR)/libdpe/libdpe.a -lgeom
 pesign : PKGS=efivar nss nspr popt
 
 deps : PKGS=efivar nss nspr popt uuid
diff -uprN pesign-115.org/src/password.c pesign-115.mod/src/password.c
--- pesign-115.org/src/password.c	2022-03-09 02:46:30.000000000 +0900
+++ pesign-115.mod/src/password.c	2022-11-04 22:23:07.065583000 +0900
@@ -67,7 +67,7 @@ get_env(const char *name)
 {
 	char *value;
 
-	value = secure_getenv(name);
+	value = getenv(name);
 	if (value)
 		value = strdup(value);
 	return value;
diff -uprN pesign-115.org/src/pesigcheck.h pesign-115.mod/src/pesigcheck.h
--- pesign-115.org/src/pesigcheck.h	2022-03-09 02:46:30.000000000 +0900
+++ pesign-115.mod/src/pesigcheck.h	2022-11-04 22:24:46.042282000 +0900
@@ -7,11 +7,11 @@
 #ifndef PESIGN_H
 #define PESIGN_H 1
 
-#include <efisec.h>
-
 #include <libdpe/libdpe.h>
 #include <libdpe/pe.h>
 
+#include "efitypes.h"
+
 #include "util.h"
 #include "cms_common.h"
 #include "pesigcheck_context.h"
diff -uprN pesign-115.org/src/pesign_kmod.c pesign-115.mod/src/pesign_kmod.c
--- pesign-115.org/src/pesign_kmod.c	2022-03-09 02:46:30.000000000 +0900
+++ pesign-115.mod/src/pesign_kmod.c	2022-11-04 22:03:21.298684000 +0900
@@ -139,7 +139,7 @@ kmod_handle_action(pesign_context *ctxp,
 
 		default:
 			fprintf(stderr, "%s: Incompatible flags (0x%08x): ",
-				program_invocation_short_name, action);
+				"", action);
 			for (int i = 1; i < FLAG_LIST_END; i <<= 1) {
 				if (action & i)
 					print_flag_name(stderr, i);
diff -uprN pesign-115.org/src/pesign.c pesign-115.mod/src/pesign.c
--- pesign-115.org/src/pesign.c	2022-03-09 02:46:30.000000000 +0900
+++ pesign-115.mod/src/pesign.c	2022-11-04 22:30:05.625806000 +0900
@@ -6,6 +6,7 @@
  */
 #include "fix_coverity.h"
 
+#include <limits.h>
 #include <err.h>
 #include <glob.h>
 #include <stdio.h>
@@ -390,9 +391,9 @@ main(int argc, char *argv[])
 	dprintf("pwdata.source:%d %schecking for PESIGN_TOKEN_PIN",
 		pwdata.source,
 		pwdata.source == PW_SOURCE_INVALID ? "" : "not ");
-	if (pwdata.source == PW_SOURCE_INVALID && secure_getenv("PESIGN_TOKEN_PIN")) {
+	if (pwdata.source == PW_SOURCE_INVALID && getenv("PESIGN_TOKEN_PIN")) {
 		pwdata.source = PW_FROMENV;
-		pwdata.data = strdup(secure_getenv("PESIGN_TOKEN_PIN"));
+		pwdata.data = strdup(getenv("PESIGN_TOKEN_PIN"));
 		if (!pwdata.data)
 			err(1, "could not allocate memory");
 	}
diff -uprN pesign-115.org/src/pesign.h pesign-115.mod/src/pesign.h
--- pesign-115.org/src/pesign.h	2022-03-09 02:46:30.000000000 +0900
+++ pesign-115.mod/src/pesign.h	2022-11-04 21:35:14.207541000 +0900
@@ -10,7 +10,6 @@
 #include "fix_coverity.h"
 
 #include <efivar.h>
-#include <efisec.h>
 
 #include <libdpe/libdpe.h>
 #include <libdpe/pe.h>
diff -uprN pesign-115.org/src/wincert.c pesign-115.mod/src/wincert.c
--- pesign-115.org/src/wincert.c	2022-03-09 02:46:30.000000000 +0900
+++ pesign-115.mod/src/wincert.c	2022-11-04 22:07:22.101787000 +0900
@@ -6,7 +6,10 @@
  */
 #include "pesign.h"
 
-typedef win_certificate_pkcs_signed_data_t cert_list_entry_t;
+struct cert_list_entry_t {
+	win_certificate hdr;
+	uint8_t data[];
+};
 
 /*
  * gcc's leak checker simply cannot believe that this code does not leak the
@@ -22,7 +25,7 @@ generate_cert_list(SECItem **signatures,
 {
 	size_t cl_size = 0;
 	for (int i = 0; i < num_signatures; i++) {
-		cl_size += sizeof (win_certificate_header_t);
+		cl_size += sizeof (win_certificate);
 		cl_size += signatures[i]->len;
 		cl_size += ALIGNMENT_PADDING(cl_size, 8);
 	}
@@ -38,14 +41,14 @@ generate_cert_list(SECItem **signatures,
 		/* pe-coff 8.2 adds some text that says each cert list
 		 * entry is 8-byte aligned, so that means we need to align
 		 * them here. */
-		cert_list_entry_t *cle = (cert_list_entry_t *)data;
+		struct cert_list_entry_t *cle = (struct cert_list_entry_t *)data;
 		cle->hdr.length = signatures[i]->len +
-			sizeof (win_certificate_header_t);
+			sizeof (win_certificate);
 		cle->hdr.revision = WIN_CERT_REVISION_2_0;
 		cle->hdr.cert_type = WIN_CERT_TYPE_PKCS_SIGNED_DATA;
 		memcpy(&cle->data[0], signatures[i]->data,
 					signatures[i]->len);
-		data += sizeof (win_certificate_header_t) + signatures[i]->len;
+		data += sizeof (win_certificate) + signatures[i]->len;
 		data += ALIGNMENT_PADDING(signatures[i]->len, 8);
 	}
 
@@ -152,11 +155,11 @@ done:
 		return 0;
 
 	while (1) {
-		win_certificate_header_t *tmpcert;
+		win_certificate *tmpcert;
 		if (n + sizeof (*tmpcert) >= size)
 			goto done;
 
-		tmpcert = (win_certificate_header_t *)((uint8_t *)certs + n);
+		tmpcert = (win_certificate *)((uint8_t *)certs + n);
 
 		if ((intptr_t)tmpcert > (intptr_t)((intptr_t)map + map_size))
 			return -1;
@@ -265,7 +268,7 @@ get_total_sigspace_size(cms_context *cms
 	/* at this point ret is any amount of padding we need plus any number
 	 * of previous entries.  Add the amount for this entry, which *doesn't*
 	 * yet include any padding. */
-	ret += sizeof(win_certificate_header_t);
+	ret += sizeof(win_certificate);
 	ret += sig->len;
 
 	/* and finally, the spec actually says:
diff -uprN pesign-115.org/src/wincert.h pesign-115.mod/src/wincert.h
--- pesign-115.org/src/wincert.h	2022-03-09 02:46:30.000000000 +0900
+++ pesign-115.mod/src/wincert.h	2022-11-04 22:08:16.565185000 +0900
@@ -8,7 +8,20 @@
 #ifndef PESIGN_WINCERT_H
 #define PESIGN_WINCERT_H 1
 
-#include <efisec.h>
+#include "efitypes.h"
+
+#define WIN_CERT_TYPE_PKCS_SIGNED_DATA	0x0002
+#define WIN_CERT_TYPE_EFI_PKCS115	0x0EF0
+#define WIN_CERT_TYPE_EFI_GUID		0x0EF1
+
+#define WIN_CERT_REVISION_1_0	0x0100
+#define WIN_CERT_REVISION_2_0	0x0200
+
+typedef struct win_certificate {
+	uint32_t length;
+	uint16_t revision;
+	uint16_t cert_type;
+} win_certificate;
 
 typedef struct cert_iter {
 	Pe *pe;
@@ -17,6 +30,17 @@ typedef struct cert_iter {
 	size_t size;
 } cert_iter;
 
+typedef struct {
+	win_certificate	hdr;
+	efi_guid_t	type;
+	uint8_t		data[1];
+} win_cert_uefi_guid_t;
+
+typedef struct {
+	efi_time_t		timestamp;
+	win_cert_uefi_guid_t	authinfo;
+} efi_var_auth_2_t;
+
 extern int cert_iter_init(cert_iter *iter, Pe *pe);
 extern int next_cert(cert_iter *iter, void **cert, ssize_t *cert_size);
 extern ssize_t available_cert_space(Pe *pe);