diff --git a/pesign-bsc1087742-fix-efisiglist.patch b/pesign-bsc1087742-fix-efisiglist.patch
new file mode 100644
index 0000000..b9dfa87
--- /dev/null
+++ b/pesign-bsc1087742-fix-efisiglist.patch
@@ -0,0 +1,33 @@
+From 4279d9a36d6c0d09295a76160e26cbe1bbf37591 Mon Sep 17 00:00:00 2001
+From: Gary Lin <glin@suse.com>
+Date: Fri, 30 Mar 2018 12:25:34 +0800
+Subject: [PATCH] efisiglist: Copy the header correctly
+
+signature_list wasn't copied corretly to efi_signature_list because
+SignatureType in signature_list is a pointer while that in
+efi_signature_list is not.
+
+Signed-off-by: Gary Lin <glin@suse.com>
+---
+ src/siglist.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/siglist.c b/src/siglist.c
+index 6e59164..e74eb10 100644
+--- a/src/siglist.c
++++ b/src/siglist.c
+@@ -217,7 +217,10 @@ signature_list_realize(signature_list *sl, void **out, size_t *outsize)
+ 		return -1;
+ 	esl = ret;
+ 
+-	memcpy(esl, sl, sizeof (*esl));
++	memcpy(&esl->SignatureType, sl->SignatureType, sizeof(efi_guid_t));
++	esl->SignatureListSize = sl->SignatureListSize;
++	esl->SignatureHeaderSize = sl->SignatureHeaderSize;
++	esl->SignatureSize = sl->SignatureSize;
+ 
+ 	uint8_t *pos = ret + sizeof (*esl);
+ 	for (int i = 0; i < count; i++) {
+-- 
+2.16.2
+
diff --git a/pesign.changes b/pesign.changes
index 96a1acb..a07abb5 100644
--- a/pesign.changes
+++ b/pesign.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Apr  2 09:37:36 UTC 2018 - glin@suse.com
+
+- Add pesign-bsc1087742-fix-efisiglist.patch to fix the generation
+  of efi signature list. (bsc#1087742)
+
 -------------------------------------------------------------------
 Thu Aug 11 03:22:18 UTC 2016 - glin@suse.com
 
diff --git a/pesign.spec b/pesign.spec
index 1d288eb..a9ec3af 100644
--- a/pesign.spec
+++ b/pesign.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package pesign
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -20,7 +20,7 @@ Name:           pesign
 Version:        0.112
 Release:        0
 Summary:        Signing tool for PE-COFF binaries
-License:        GPL-2.0
+License:        GPL-2.0-only
 Group:          Productivity/Security
 Url:            https://github.com/rhinstaller/pesign
 Source:         https://github.com/rhinstaller/pesign/releases/download/%{version}/%{name}-%{version}.tar.bz2
@@ -36,6 +36,8 @@ Patch5:         pesign-run.patch
 Patch6:         pesign-fix-authvar-write-loop.patch
 # PATCH-FIX-UPSTREAM pesign-fix-argument-list.patch glin@suse.com -- Fix the argument list parsing
 Patch7:         pesign-fix-argument-list.patch
+# PATCH-FIX-UPSTREAM bsc#1087742 pesign-bsc1087742-fix-efisiglist.patch glin@suse.com -- Fix efi signature list generation
+Patch8:         pesign-bsc1087742-fix-efisiglist.patch
 BuildRequires:  efivar-devel
 BuildRequires:  libuuid-devel
 BuildRequires:  mozilla-nss-devel
@@ -58,6 +60,7 @@ with the PE and Authenticode specifications.
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
+%patch8 -p1
 
 %build
 make %{?_smp_mflags} CFLAGS="$RPM_OPT_FLAGS"