Add upstream patches to enable SHA3 support
New upstream v31 Resolves: rhbz#2241394
This commit is contained in:
parent
15b926cdb7
commit
2d51006e98
1
.gitignore
vendored
1
.gitignore
vendored
@ -24,3 +24,4 @@
|
||||
/kmod-29.tar.xz
|
||||
/kmod-30.tar.gz
|
||||
/kmod-30.tar.xz
|
||||
/kmod-31.tar.xz
|
||||
|
561
kmod-tip.patch
Normal file
561
kmod-tip.patch
Normal file
@ -0,0 +1,561 @@
|
||||
From 1bb23d7f19d888fbdd96ae0fe929b7086713ef33 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Suchanek <msuchanek@suse.de>
|
||||
Date: Tue, 18 Jul 2023 14:01:52 +0200
|
||||
Subject: [PATCH 1/6] configure: Detect openssl sm3 support
|
||||
|
||||
Older openssl versions do not support sm3. The code has an option to
|
||||
disable the sm3 hash but the lack of openssl support is not detected
|
||||
automatically.
|
||||
|
||||
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
|
||||
Link: https://lore.kernel.org/r/b97e20faa07e9e31c6eaf96683011aa24e80760c.1689681454.git.msuchanek@suse.de
|
||||
Signed-off-by: Lucas De Marchi <lucas.de.marchi@gmail.com>
|
||||
---
|
||||
configure.ac | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 82a8532..e5bceea 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -123,6 +123,13 @@ AC_ARG_WITH([openssl],
|
||||
AS_IF([test "x$with_openssl" != "xno"], [
|
||||
PKG_CHECK_MODULES([libcrypto], [libcrypto >= 1.1.0], [LIBS="$LIBS $libcrypto_LIBS"])
|
||||
AC_DEFINE([ENABLE_OPENSSL], [1], [Enable openssl for modinfo.])
|
||||
+ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <openssl/ssl.h>
|
||||
+ int nid = NID_sm3;]])], [
|
||||
+ AC_MSG_NOTICE([openssl supports sm3])
|
||||
+ ], [
|
||||
+ AC_MSG_NOTICE([openssl sm3 support not detected])
|
||||
+ CPPFLAGS="$CPPFLAGS -DOPENSSL_NO_SM3"
|
||||
+ ])
|
||||
], [
|
||||
AC_MSG_NOTICE([openssl support not requested])
|
||||
])
|
||||
--
|
||||
2.41.0
|
||||
|
||||
|
||||
From 4e7effbdc00307d0d1e83115e0d00cc75aae5cc6 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Suchanek <msuchanek@suse.de>
|
||||
Date: Tue, 18 Jul 2023 14:01:53 +0200
|
||||
Subject: [PATCH 2/6] man/depmod.d: Fix incorrect /usr/lib search path
|
||||
|
||||
depmod searches /lib/depmod.d but the man page says /usr/lib/depmod.d is
|
||||
searched. Align the documentation with the code.
|
||||
|
||||
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
|
||||
Link: https://lore.kernel.org/r/9c5a6356b1a111eb6e17ddb110494b7f1d1b44c0.1689681454.git.msuchanek@suse.de
|
||||
Signed-off-by: Lucas De Marchi <lucas.de.marchi@gmail.com>
|
||||
---
|
||||
man/depmod.d.xml | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/man/depmod.d.xml b/man/depmod.d.xml
|
||||
index 76548e9..8d3d821 100644
|
||||
--- a/man/depmod.d.xml
|
||||
+++ b/man/depmod.d.xml
|
||||
@@ -39,7 +39,7 @@
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
- <para><filename>/usr/lib/depmod.d/*.conf</filename></para>
|
||||
+ <para><filename>/lib/depmod.d/*.conf</filename></para>
|
||||
<para><filename>/usr/local/lib/depmod.d/*.conf</filename></para>
|
||||
<para><filename>/run/depmod.d/*.conf</filename></para>
|
||||
<para><filename>/etc/depmod.d/*.conf</filename></para>
|
||||
--
|
||||
2.41.0
|
||||
|
||||
|
||||
From 8463809f8a29b254b2cab2ce755641bc690f07c9 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Suchanek <msuchanek@suse.de>
|
||||
Date: Tue, 18 Jul 2023 14:01:54 +0200
|
||||
Subject: [PATCH 3/6] libkmod, depmod: Load modprobe.d, depmod.d from
|
||||
${prefix}/lib.
|
||||
|
||||
There is an ongoing effort to limit use of files outside of /usr (or
|
||||
${prefix} on general). Currently all modprobe.d paths are hardcoded to
|
||||
outside of $prefix. Teach kmod to load modprobe.d from ${prefix}/lib.
|
||||
|
||||
On some distributions /usr/lib and /lib are the same directory because
|
||||
of a compatibility symlink, and it is possible to craft configuration
|
||||
files with sideeffects that would behave differently when loaded twice.
|
||||
However, the override semantic ensures that one 'overrides' the other,
|
||||
and only one configuration file of the same name is loaded from any of
|
||||
the search directories.
|
||||
|
||||
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
|
||||
Link: https://lore.kernel.org/r/a290343ce32e2a3c25b134e4f27c13b26e06c9e0.1689681454.git.msuchanek@suse.de
|
||||
Signed-off-by: Lucas De Marchi <lucas.de.marchi@gmail.com>
|
||||
---
|
||||
Makefile.am | 1 +
|
||||
configure.ac | 5 +++++
|
||||
libkmod/libkmod.c | 7 ++++---
|
||||
man/Makefile.am | 9 +++++++--
|
||||
man/depmod.d.xml | 1 +
|
||||
man/modprobe.d.xml | 1 +
|
||||
tools/depmod.c | 1 +
|
||||
7 files changed, 20 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/Makefile.am b/Makefile.am
|
||||
index 5b7abfe..e6630a3 100644
|
||||
--- a/Makefile.am
|
||||
+++ b/Makefile.am
|
||||
@@ -19,6 +19,7 @@ AM_CPPFLAGS = \
|
||||
-include $(top_builddir)/config.h \
|
||||
-I$(top_srcdir) \
|
||||
-DSYSCONFDIR=\""$(sysconfdir)"\" \
|
||||
+ -DDISTCONFDIR=\""$(distconfdir)"\" \
|
||||
${zlib_CFLAGS}
|
||||
|
||||
AM_CFLAGS = $(OUR_CFLAGS)
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index e5bceea..fd88d1f 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -79,6 +79,10 @@ AC_COMPILE_IFELSE(
|
||||
# --with-
|
||||
#####################################################################
|
||||
|
||||
+AC_ARG_WITH([distconfdir], AS_HELP_STRING([--with-distconfdir=DIR], [directory to search for distribution configuration files]),
|
||||
+ [], [with_distconfdir='${prefix}/lib'])
|
||||
+AC_SUBST([distconfdir], [$with_distconfdir])
|
||||
+
|
||||
AC_ARG_WITH([rootlibdir],
|
||||
AS_HELP_STRING([--with-rootlibdir=DIR], [rootfs directory to install shared libraries]),
|
||||
[], [with_rootlibdir=$libdir])
|
||||
@@ -313,6 +317,7 @@ AC_MSG_RESULT([
|
||||
|
||||
prefix: ${prefix}
|
||||
sysconfdir: ${sysconfdir}
|
||||
+ distconfdir: ${distconfdir}
|
||||
libdir: ${libdir}
|
||||
rootlibdir: ${rootlibdir}
|
||||
includedir: ${includedir}
|
||||
diff --git a/libkmod/libkmod.c b/libkmod/libkmod.c
|
||||
index 1b8773c..57fac1c 100644
|
||||
--- a/libkmod/libkmod.c
|
||||
+++ b/libkmod/libkmod.c
|
||||
@@ -65,6 +65,7 @@ static const char *const default_config_paths[] = {
|
||||
SYSCONFDIR "/modprobe.d",
|
||||
"/run/modprobe.d",
|
||||
"/usr/local/lib/modprobe.d",
|
||||
+ DISTCONFDIR "/modprobe.d",
|
||||
"/lib/modprobe.d",
|
||||
NULL
|
||||
};
|
||||
@@ -272,9 +273,9 @@ static enum kmod_file_compression_type get_kernel_compression(struct kmod_ctx *c
|
||||
* to load from user-defined configuration parameters such as
|
||||
* alias, blacklists, commands (install, remove). If NULL
|
||||
* defaults to /etc/modprobe.d, /run/modprobe.d,
|
||||
- * /usr/local/lib/modprobe.d and /lib/modprobe.d. Give an empty
|
||||
- * vector if configuration should not be read. This array must
|
||||
- * be null terminated.
|
||||
+ * /usr/local/lib/modprobe.d, DISTCONFDIR/modprobe.d, and
|
||||
+ * /lib/modprobe.d. Give an empty vector if configuration should
|
||||
+ * not be read. This array must be null terminated.
|
||||
*
|
||||
* Create kmod library context. This reads the kmod configuration
|
||||
* and fills in the default values.
|
||||
diff --git a/man/Makefile.am b/man/Makefile.am
|
||||
index 11514d5..2fea8e4 100644
|
||||
--- a/man/Makefile.am
|
||||
+++ b/man/Makefile.am
|
||||
@@ -17,9 +17,14 @@ EXTRA_DIST = $(MAN5:%.5=%.xml) $(MAN8:%.8=%.xml)
|
||||
CLEANFILES = $(dist_man_MANS)
|
||||
|
||||
%.5 %.8: %.xml
|
||||
- $(AM_V_XSLT)$(XSLT) \
|
||||
+ $(AM_V_XSLT)if [ '$(distconfdir)' != '/lib' ] ; then \
|
||||
+ sed -e 's|@DISTCONFDIR@|$(distconfdir)|g' $< ; \
|
||||
+ else \
|
||||
+ sed -e '/@DISTCONFDIR@/d' $< ; \
|
||||
+ fi | \
|
||||
+ $(XSLT) \
|
||||
-o $@ \
|
||||
--nonet \
|
||||
--stringparam man.output.quietly 1 \
|
||||
--param funcsynopsis.style "'ansi'" \
|
||||
- http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $<
|
||||
+ http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl -
|
||||
diff --git a/man/depmod.d.xml b/man/depmod.d.xml
|
||||
index 8d3d821..f282a39 100644
|
||||
--- a/man/depmod.d.xml
|
||||
+++ b/man/depmod.d.xml
|
||||
@@ -40,6 +40,7 @@
|
||||
|
||||
<refsynopsisdiv>
|
||||
<para><filename>/lib/depmod.d/*.conf</filename></para>
|
||||
+ <para><filename>@DISTCONFDIR@/depmod.d/*.conf</filename></para>
|
||||
<para><filename>/usr/local/lib/depmod.d/*.conf</filename></para>
|
||||
<para><filename>/run/depmod.d/*.conf</filename></para>
|
||||
<para><filename>/etc/depmod.d/*.conf</filename></para>
|
||||
diff --git a/man/modprobe.d.xml b/man/modprobe.d.xml
|
||||
index 0ab3e91..2bf6537 100644
|
||||
--- a/man/modprobe.d.xml
|
||||
+++ b/man/modprobe.d.xml
|
||||
@@ -41,6 +41,7 @@
|
||||
|
||||
<refsynopsisdiv>
|
||||
<para><filename>/lib/modprobe.d/*.conf</filename></para>
|
||||
+ <para><filename>@DISTCONFDIR@/modprobe.d/*.conf</filename></para>
|
||||
<para><filename>/usr/local/lib/modprobe.d/*.conf</filename></para>
|
||||
<para><filename>/run/modprobe.d/*.conf</filename></para>
|
||||
<para><filename>/etc/modprobe.d/*.conf</filename></para>
|
||||
diff --git a/tools/depmod.c b/tools/depmod.c
|
||||
index 1d1d41d..630fef9 100644
|
||||
--- a/tools/depmod.c
|
||||
+++ b/tools/depmod.c
|
||||
@@ -54,6 +54,7 @@ static const char *const default_cfg_paths[] = {
|
||||
SYSCONFDIR "/depmod.d",
|
||||
"/run/depmod.d",
|
||||
"/usr/local/lib/depmod.d",
|
||||
+ DISTCONFDIR "/depmod.d",
|
||||
"/lib/depmod.d",
|
||||
NULL
|
||||
};
|
||||
--
|
||||
2.41.0
|
||||
|
||||
|
||||
From ecef7c131618bbd9c559924ecae55764089db0dd Mon Sep 17 00:00:00 2001
|
||||
From: Michal Suchanek <msuchanek@suse.de>
|
||||
Date: Tue, 18 Jul 2023 14:01:55 +0200
|
||||
Subject: [PATCH 4/6] kmod: Add pkgconfig file with kmod compile time
|
||||
configuration
|
||||
|
||||
Show distconfdir (where system configuration files are searched/to be
|
||||
installed), sysconfdir (where user configuration files are searched),
|
||||
module compressions, and module signatures supported.
|
||||
|
||||
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
|
||||
Link: https://lore.kernel.org/r/468b3f572d3b84f25bb53ec8fcb15ed4871914d4.1689681454.git.msuchanek@suse.de
|
||||
Signed-off-by: Lucas De Marchi <lucas.de.marchi@gmail.com>
|
||||
---
|
||||
Makefile.am | 2 +-
|
||||
configure.ac | 11 +++++++++++
|
||||
tools/kmod.pc.in | 9 +++++++++
|
||||
3 files changed, 21 insertions(+), 1 deletion(-)
|
||||
create mode 100644 tools/kmod.pc.in
|
||||
|
||||
diff --git a/Makefile.am b/Makefile.am
|
||||
index e6630a3..2a54c25 100644
|
||||
--- a/Makefile.am
|
||||
+++ b/Makefile.am
|
||||
@@ -96,7 +96,7 @@ libkmod_libkmod_internal_la_DEPENDENCIES = $(libkmod_libkmod_la_DEPENDENCIES)
|
||||
libkmod_libkmod_internal_la_LIBADD = $(libkmod_libkmod_la_LIBADD)
|
||||
|
||||
pkgconfigdir = $(libdir)/pkgconfig
|
||||
-pkgconfig_DATA = libkmod/libkmod.pc
|
||||
+pkgconfig_DATA = libkmod/libkmod.pc tools/kmod.pc
|
||||
|
||||
bashcompletiondir=@bashcompletiondir@
|
||||
dist_bashcompletion_DATA = \
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index fd88d1f..7bf8d78 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -21,6 +21,9 @@ LT_INIT([disable-static pic-only])
|
||||
AS_IF([test "x$enable_static" = "xyes"], [AC_MSG_ERROR([--enable-static is not supported by kmod])])
|
||||
AS_IF([test "x$enable_largefile" = "xno"], [AC_MSG_ERROR([--disable-largefile is not supported by kmod])])
|
||||
|
||||
+module_compressions=""
|
||||
+module_signatures="legacy"
|
||||
+
|
||||
#####################################################################
|
||||
# Program checks and configurations
|
||||
#####################################################################
|
||||
@@ -94,6 +97,7 @@ AC_ARG_WITH([zstd],
|
||||
AS_IF([test "x$with_zstd" != "xno"], [
|
||||
PKG_CHECK_MODULES([libzstd], [libzstd >= 1.4.4], [LIBS="$LIBS $libzstd_LIBS"])
|
||||
AC_DEFINE([ENABLE_ZSTD], [1], [Enable Zstandard for modules.])
|
||||
+ module_compressions="zstd $module_compressions"
|
||||
], [
|
||||
AC_MSG_NOTICE([Zstandard support not requested])
|
||||
])
|
||||
@@ -105,6 +109,7 @@ AC_ARG_WITH([xz],
|
||||
AS_IF([test "x$with_xz" != "xno"], [
|
||||
PKG_CHECK_MODULES([liblzma], [liblzma >= 4.99], [LIBS="$LIBS $liblzma_LIBS"])
|
||||
AC_DEFINE([ENABLE_XZ], [1], [Enable Xz for modules.])
|
||||
+ module_compressions="xz $module_compressions"
|
||||
], [
|
||||
AC_MSG_NOTICE([Xz support not requested])
|
||||
])
|
||||
@@ -116,6 +121,7 @@ AC_ARG_WITH([zlib],
|
||||
AS_IF([test "x$with_zlib" != "xno"], [
|
||||
PKG_CHECK_MODULES([zlib], [zlib], [LIBS="$LIBS $zlib_LIBS"])
|
||||
AC_DEFINE([ENABLE_ZLIB], [1], [Enable zlib for modules.])
|
||||
+ module_compressions="gzip $module_compressions"
|
||||
], [
|
||||
AC_MSG_NOTICE([zlib support not requested])
|
||||
])
|
||||
@@ -134,6 +140,7 @@ AS_IF([test "x$with_openssl" != "xno"], [
|
||||
AC_MSG_NOTICE([openssl sm3 support not detected])
|
||||
CPPFLAGS="$CPPFLAGS -DOPENSSL_NO_SM3"
|
||||
])
|
||||
+ module_signatures="PKCS7 $module_signatures"
|
||||
], [
|
||||
AC_MSG_NOTICE([openssl support not requested])
|
||||
])
|
||||
@@ -298,6 +305,9 @@ AC_DEFINE_UNQUOTED(KMOD_FEATURES, ["$with_features"], [Features in this build])
|
||||
# Generate files from *.in
|
||||
#####################################################################
|
||||
|
||||
+AC_SUBST([module_compressions], $module_compressions)
|
||||
+AC_SUBST([module_signatures], $module_signatures)
|
||||
+
|
||||
AC_CONFIG_FILES([
|
||||
Makefile
|
||||
man/Makefile
|
||||
@@ -305,6 +315,7 @@ AC_CONFIG_FILES([
|
||||
libkmod/docs/version.xml
|
||||
libkmod/libkmod.pc
|
||||
libkmod/python/kmod/version.py
|
||||
+ tools/kmod.pc
|
||||
])
|
||||
|
||||
|
||||
diff --git a/tools/kmod.pc.in b/tools/kmod.pc.in
|
||||
new file mode 100644
|
||||
index 0000000..2595980
|
||||
--- /dev/null
|
||||
+++ b/tools/kmod.pc.in
|
||||
@@ -0,0 +1,9 @@
|
||||
+prefix=@prefix@
|
||||
+sysconfdir=@sysconfdir@
|
||||
+distconfdir=@distconfdir@
|
||||
+module_compressions=@module_compressions@
|
||||
+module_signatures=@module_signatures@
|
||||
+
|
||||
+Name: kmod
|
||||
+Description: Tools to deal with kernel modules
|
||||
+Version: @VERSION@
|
||||
--
|
||||
2.41.0
|
||||
|
||||
|
||||
From 3af2f475b0b729f20279f2ce488cc9f727f0b763 Mon Sep 17 00:00:00 2001
|
||||
From: Sam James <sam@gentoo.org>
|
||||
Date: Sun, 5 Nov 2023 22:02:25 +0000
|
||||
Subject: [PATCH 5/6] tools: depmod: fix -Walloc-size
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
GCC 14 introduces a new -Walloc-size included in -Wextra which gives:
|
||||
```
|
||||
tools/depmod.c:192:14: warning: allocation of insufficient size ‘1’ for type ‘struct index_node’ with size ‘1048’ [-Walloc-size]
|
||||
tools/depmod.c:255:11: warning: allocation of insufficient size ‘1’ for type ‘struct index_value’ with size ‘16’ [-Walloc-size]
|
||||
tools/depmod.c:286:35: warning: allocation of insufficient size ‘1’ for type ‘struct index_node’ with size ‘1048’ [-Walloc-size]
|
||||
tools/depmod.c:315:44: warning: allocation of insufficient size ‘1’ for type ‘struct index_node’ with size ‘1048’ [-Walloc-size]
|
||||
```
|
||||
|
||||
The calloc prototype is:
|
||||
```
|
||||
void *calloc(size_t nmemb, size_t size);
|
||||
```
|
||||
|
||||
So, just swap the number of members and size arguments to match the prototype, as
|
||||
we're initialising 1 struct of size `sizeof(struct ...)`. GCC then sees we're not
|
||||
doing anything wrong.
|
||||
|
||||
Signed-off-by: Sam James <sam@gentoo.org>
|
||||
---
|
||||
tools/depmod.c | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/tools/depmod.c b/tools/depmod.c
|
||||
index 630fef9..ab8513b 100644
|
||||
--- a/tools/depmod.c
|
||||
+++ b/tools/depmod.c
|
||||
@@ -190,7 +190,7 @@ static struct index_node *index_create(void)
|
||||
{
|
||||
struct index_node *node;
|
||||
|
||||
- node = NOFAIL(calloc(sizeof(struct index_node), 1));
|
||||
+ node = NOFAIL(calloc(1, sizeof(struct index_node)));
|
||||
node->prefix = NOFAIL(strdup(""));
|
||||
node->first = INDEX_CHILDMAX;
|
||||
|
||||
@@ -253,7 +253,7 @@ static int index_add_value(struct index_value **values,
|
||||
values = &(*values)->next;
|
||||
|
||||
len = strlen(value);
|
||||
- v = NOFAIL(calloc(sizeof(struct index_value) + len + 1, 1));
|
||||
+ v = NOFAIL(calloc(1, sizeof(struct index_value) + len + 1));
|
||||
v->next = *values;
|
||||
v->priority = priority;
|
||||
memcpy(v->value, value, len + 1);
|
||||
@@ -284,7 +284,7 @@ static int index_insert(struct index_node *node, const char *key,
|
||||
struct index_node *n;
|
||||
|
||||
/* New child is copy of node with prefix[j+1..N] */
|
||||
- n = NOFAIL(calloc(sizeof(struct index_node), 1));
|
||||
+ n = NOFAIL(calloc(1, sizeof(struct index_node)));
|
||||
memcpy(n, node, sizeof(struct index_node));
|
||||
n->prefix = NOFAIL(strdup(&prefix[j+1]));
|
||||
|
||||
@@ -313,7 +313,7 @@ static int index_insert(struct index_node *node, const char *key,
|
||||
node->first = ch;
|
||||
if (ch > node->last)
|
||||
node->last = ch;
|
||||
- node->children[ch] = NOFAIL(calloc(sizeof(struct index_node), 1));
|
||||
+ node->children[ch] = NOFAIL(calloc(1, sizeof(struct index_node)));
|
||||
|
||||
child = node->children[ch];
|
||||
child->prefix = NOFAIL(strdup(&key[i+1]));
|
||||
--
|
||||
2.41.0
|
||||
|
||||
|
||||
From 510c8b7f7455c6613dd1706e5e41ec7b09cf6703 Mon Sep 17 00:00:00 2001
|
||||
From: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
|
||||
Date: Sun, 29 Oct 2023 03:03:19 +0200
|
||||
Subject: [PATCH 6/6] libkmod: remove pkcs7 obj_to_hash_algo()
|
||||
|
||||
Switch to using OBJ_obj2txt() to calculate and print the pkcs7
|
||||
signature hash name. This eliminates the need to duplicate libcrypto
|
||||
NID to name mapping, detect SM3 openssl compile-time support, and
|
||||
enables using any hashes that openssl and kernel know about. For
|
||||
example SHA3 are being added for v6.7 and with this patch are
|
||||
automatically supported.
|
||||
|
||||
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
|
||||
Link: https://lore.kernel.org/r/20231029010319.157390-1-dimitri.ledkov@canonical.com
|
||||
---
|
||||
configure.ac | 7 -----
|
||||
libkmod/libkmod-signature.c | 59 +++++++++++++------------------------
|
||||
2 files changed, 20 insertions(+), 46 deletions(-)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 7bf8d78..a6b8fa0 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -133,13 +133,6 @@ AC_ARG_WITH([openssl],
|
||||
AS_IF([test "x$with_openssl" != "xno"], [
|
||||
PKG_CHECK_MODULES([libcrypto], [libcrypto >= 1.1.0], [LIBS="$LIBS $libcrypto_LIBS"])
|
||||
AC_DEFINE([ENABLE_OPENSSL], [1], [Enable openssl for modinfo.])
|
||||
- AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <openssl/ssl.h>
|
||||
- int nid = NID_sm3;]])], [
|
||||
- AC_MSG_NOTICE([openssl supports sm3])
|
||||
- ], [
|
||||
- AC_MSG_NOTICE([openssl sm3 support not detected])
|
||||
- CPPFLAGS="$CPPFLAGS -DOPENSSL_NO_SM3"
|
||||
- ])
|
||||
module_signatures="PKCS7 $module_signatures"
|
||||
], [
|
||||
AC_MSG_NOTICE([openssl support not requested])
|
||||
diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
|
||||
index b749a81..80f6447 100644
|
||||
--- a/libkmod/libkmod-signature.c
|
||||
+++ b/libkmod/libkmod-signature.c
|
||||
@@ -127,6 +127,7 @@ struct pkcs7_private {
|
||||
PKCS7 *pkcs7;
|
||||
unsigned char *key_id;
|
||||
BIGNUM *sno;
|
||||
+ char *hash_algo;
|
||||
};
|
||||
|
||||
static void pkcs7_free(void *s)
|
||||
@@ -137,42 +138,11 @@ static void pkcs7_free(void *s)
|
||||
PKCS7_free(pvt->pkcs7);
|
||||
BN_free(pvt->sno);
|
||||
free(pvt->key_id);
|
||||
+ free(pvt->hash_algo);
|
||||
free(pvt);
|
||||
si->private = NULL;
|
||||
}
|
||||
|
||||
-static int obj_to_hash_algo(const ASN1_OBJECT *o)
|
||||
-{
|
||||
- int nid;
|
||||
-
|
||||
- nid = OBJ_obj2nid(o);
|
||||
- switch (nid) {
|
||||
- case NID_md4:
|
||||
- return PKEY_HASH_MD4;
|
||||
- case NID_md5:
|
||||
- return PKEY_HASH_MD5;
|
||||
- case NID_sha1:
|
||||
- return PKEY_HASH_SHA1;
|
||||
- case NID_ripemd160:
|
||||
- return PKEY_HASH_RIPE_MD_160;
|
||||
- case NID_sha256:
|
||||
- return PKEY_HASH_SHA256;
|
||||
- case NID_sha384:
|
||||
- return PKEY_HASH_SHA384;
|
||||
- case NID_sha512:
|
||||
- return PKEY_HASH_SHA512;
|
||||
- case NID_sha224:
|
||||
- return PKEY_HASH_SHA224;
|
||||
-# ifndef OPENSSL_NO_SM3
|
||||
- case NID_sm3:
|
||||
- return PKEY_HASH_SM3;
|
||||
-# endif
|
||||
- default:
|
||||
- return -1;
|
||||
- }
|
||||
- return -1;
|
||||
-}
|
||||
-
|
||||
static const char *x509_name_to_str(X509_NAME *name)
|
||||
{
|
||||
int i;
|
||||
@@ -219,7 +189,8 @@ static bool fill_pkcs7(const char *mem, off_t size,
|
||||
unsigned char *key_id_str;
|
||||
struct pkcs7_private *pvt;
|
||||
const char *issuer_str;
|
||||
- int hash_algo;
|
||||
+ char *hash_algo;
|
||||
+ int hash_algo_len;
|
||||
|
||||
size -= sig_len;
|
||||
pkcs7_raw = mem + size;
|
||||
@@ -278,27 +249,37 @@ static bool fill_pkcs7(const char *mem, off_t size,
|
||||
|
||||
X509_ALGOR_get0(&o, NULL, NULL, dig_alg);
|
||||
|
||||
- hash_algo = obj_to_hash_algo(o);
|
||||
- if (hash_algo < 0)
|
||||
+ // Use OBJ_obj2txt to calculate string length
|
||||
+ hash_algo_len = OBJ_obj2txt(NULL, 0, o, 0);
|
||||
+ if (hash_algo_len < 0)
|
||||
goto err3;
|
||||
- sig_info->hash_algo = pkey_hash_algo[hash_algo];
|
||||
- // hash algo has not been recognized
|
||||
- if (sig_info->hash_algo == NULL)
|
||||
+ hash_algo = malloc(hash_algo_len + 1);
|
||||
+ if (hash_algo == NULL)
|
||||
goto err3;
|
||||
+ hash_algo_len = OBJ_obj2txt(hash_algo, hash_algo_len + 1, o, 0);
|
||||
+ if (hash_algo_len < 0)
|
||||
+ goto err4;
|
||||
+
|
||||
+ // Assign libcrypto hash algo string or number
|
||||
+ sig_info->hash_algo = hash_algo;
|
||||
+
|
||||
sig_info->id_type = pkey_id_type[modsig->id_type];
|
||||
|
||||
pvt = malloc(sizeof(*pvt));
|
||||
if (pvt == NULL)
|
||||
- goto err3;
|
||||
+ goto err4;
|
||||
|
||||
pvt->pkcs7 = pkcs7;
|
||||
pvt->key_id = key_id_str;
|
||||
pvt->sno = sno_bn;
|
||||
+ pvt->hash_algo = hash_algo;
|
||||
sig_info->private = pvt;
|
||||
|
||||
sig_info->free = pkcs7_free;
|
||||
|
||||
return true;
|
||||
+err4:
|
||||
+ free(hash_algo);
|
||||
err3:
|
||||
free(key_id_str);
|
||||
err2:
|
||||
--
|
||||
2.41.0
|
||||
|
17
kmod.spec
17
kmod.spec
@ -16,7 +16,7 @@
|
||||
|
||||
Name: kmod
|
||||
Version: 31
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Summary: Linux kernel module management utilities
|
||||
|
||||
License: GPLv2+
|
||||
@ -24,6 +24,7 @@ URL: https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git
|
||||
Source0: https://www.kernel.org/pub/linux/utils/kernel/kmod/%{name}-%{version}.tar.xz
|
||||
Source1: weak-modules
|
||||
Source2: depmod.conf.dist
|
||||
Patch1: kmod-tip.patch
|
||||
Exclusiveos: Linux
|
||||
|
||||
BuildRequires: gcc
|
||||
@ -34,9 +35,9 @@ BuildRequires: zlib-devel
|
||||
%if %{with xz}
|
||||
BuildRequires: xz-devel
|
||||
%endif
|
||||
BuildRequires: libxslt
|
||||
BuildRequires: libxslt docbook-style-xsl
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: make
|
||||
BuildRequires: make automake
|
||||
%if %{with zstd}
|
||||
BuildRequires: libzstd-devel
|
||||
%endif
|
||||
@ -69,8 +70,6 @@ applications that wish to load or unload Linux kernel modules.
|
||||
|
||||
%prep
|
||||
%autosetup -p1
|
||||
# Avoid rebuilding the autoconf scripts.
|
||||
touch -r aclocal.m4 configure*
|
||||
|
||||
%build
|
||||
%configure \
|
||||
@ -135,7 +134,9 @@ install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf
|
||||
%if %{with dist_conf}
|
||||
%{_sysconfdir}/depmod.d/dist.conf
|
||||
%endif
|
||||
%attr(0644,root,root) %{_mandir}/man5/*.5*
|
||||
%attr(0644,root,root) %{_mandir}/man5/mod*.d*.5*
|
||||
%attr(0644,root,root) %{_mandir}/man5/depmod.d.5*
|
||||
%{_mandir}/man5/modprobe.conf.5*
|
||||
%attr(0644,root,root) %{_mandir}/man8/*.8*
|
||||
%doc NEWS README.md TODO
|
||||
|
||||
@ -145,11 +146,13 @@ install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf
|
||||
|
||||
%files devel
|
||||
%{_includedir}/libkmod.h
|
||||
%{_libdir}/pkgconfig/kmod.pc
|
||||
%{_libdir}/pkgconfig/libkmod.pc
|
||||
%{_libdir}/libkmod.so
|
||||
|
||||
%changelog
|
||||
* Thu Nov 09 2023 Josh Boyer <jwboyer@fedoraproject.org> - 31-1
|
||||
* Thu Nov 09 2023 Josh Boyer <jwboyer@fedoraproject.org> - 31-2
|
||||
- Add upstream patches to enable SHA3 support
|
||||
- New upstream v31
|
||||
- Resolves: rhbz#2241394
|
||||
|
||||
|
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (kmod-30.tar.xz) = e2cd34e600a72e44710760dfda9364b790b8352a99eafbd43e683e4a06f37e6b5c0b5d14e7c28070e30fc5fc6ceddedf7b97f3b6c2c5c2d91204fefd630b9a3e
|
||||
SHA512 (kmod-31.tar.xz) = 05ca70381808bec5f262b94db625662c385408988178a35e4aaf4960ee0716dc0cbfc327160ea4b61098d0c2130ab1b5142ea8156bea8e06ded7f4d288b6d085
|
||||
|
Loading…
Reference in New Issue
Block a user