Compare commits
No commits in common. "c10-beta" and "c8" have entirely different histories.
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
||||
kmod-31.tar.xz
|
||||
SOURCES/kmod-25.tar.xz
|
||||
|
1
.kmod.metadata
Normal file
1
.kmod.metadata
Normal file
@ -0,0 +1 @@
|
||||
761ee76bc31f5db10d470dad607a5f9d68acef68 SOURCES/kmod-25.tar.xz
|
@ -1,44 +0,0 @@
|
||||
From 5c22362b6b97af9c6b7587f0c3450001e9893115 Mon Sep 17 00:00:00 2001
|
||||
From: Eugene Syromiatnikov <esyr@redhat.com>
|
||||
Date: Tue, 13 Aug 2024 16:17:27 +0200
|
||||
Subject: [PATCH] libkmod: avoid undefined behaviour in
|
||||
libkmod-builtin.c:get_string
|
||||
|
||||
Static analysis has reported a potential UB:
|
||||
|
||||
kmod-31/libkmod/libkmod-builtin.c:125: use_invalid: Using "nullp", which points to an out-of-scope variable "buf".
|
||||
# 123| size_t linesz = 0;
|
||||
# 124|
|
||||
# 125|-> while (!nullp) {
|
||||
# 126| char buf[BUFSIZ];
|
||||
# 127| ssize_t sz;
|
||||
|
||||
It seems to be indeed an UB, as nullp is getting assined an address
|
||||
inside object buf, which has a lifetime of the while loop body,
|
||||
and is not available outside of it (specifically, in the while
|
||||
condition, where nullp is checked for NULL). Fix it by putting
|
||||
buf definition in the outer block.
|
||||
---
|
||||
libkmod/libkmod-builtin.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/libkmod/libkmod-builtin.c b/libkmod/libkmod-builtin.c
|
||||
index fd0f549..40a7d61 100644
|
||||
--- a/libkmod/libkmod-builtin.c
|
||||
+++ b/libkmod/libkmod-builtin.c
|
||||
@@ -105,11 +105,11 @@ static off_t get_string(struct kmod_builtin_iter *iter, off_t offset,
|
||||
char **line, size_t *size)
|
||||
{
|
||||
int sv_errno;
|
||||
+ char buf[BUFSIZ];
|
||||
char *nullp = NULL;
|
||||
size_t linesz = 0;
|
||||
|
||||
while (!nullp) {
|
||||
- char buf[BUFSIZ];
|
||||
ssize_t sz;
|
||||
size_t partsz;
|
||||
|
||||
--
|
||||
2.13.6
|
||||
|
@ -0,0 +1,33 @@
|
||||
From c2996b5fa880e81f63c25e80a4157b2239e32c5d Mon Sep 17 00:00:00 2001
|
||||
From: Michal Suchanek <msuchanek@suse.de>
|
||||
Date: Mon, 10 Dec 2018 22:29:32 +0100
|
||||
Subject: [PATCH 1/2] depmod: prevent module dependency files missing during
|
||||
depmod invocation
|
||||
|
||||
depmod deletes the module dependency files before moving the temporary
|
||||
files in their place. This results in user seeing no dependency files
|
||||
while they are updated. Remove the unlink call. The rename call should
|
||||
suffice to move the new file in place and unlink the old one. It should
|
||||
also do both atomically so there is no window when no dependency file
|
||||
exists.
|
||||
|
||||
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
|
||||
---
|
||||
tools/depmod.c | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/tools/depmod.c b/tools/depmod.c
|
||||
index 989d9077926c..18c0d61b2db3 100644
|
||||
--- a/tools/depmod.c
|
||||
+++ b/tools/depmod.c
|
||||
@@ -2451,7 +2451,6 @@ static int depmod_output(struct depmod *depmod, FILE *out)
|
||||
break;
|
||||
}
|
||||
|
||||
- unlinkat(dfd, itr->name, 0);
|
||||
if (renameat(dfd, tmp, dfd, itr->name) != 0) {
|
||||
err = -errno;
|
||||
CRIT("renameat(%s, %s, %s, %s): %m\n",
|
||||
--
|
||||
2.33.0
|
||||
|
@ -0,0 +1,62 @@
|
||||
From a06bacf500d56b72b5f9b121ebf7f6af9e3df185 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Suchanek <msuchanek@suse.de>
|
||||
Date: Mon, 17 Dec 2018 23:46:28 +0100
|
||||
Subject: [PATCH 2/2] depmod: prevent module dependency files corruption due to
|
||||
parallel invocation.
|
||||
|
||||
Depmod does not use unique filename for temporary files. There is no
|
||||
guarantee the user does not attempt to run mutiple depmod processes in
|
||||
parallel. If that happens a temporary file might be created by
|
||||
depmod(1st), truncated by depmod(2nd), and renamed to final name by
|
||||
depmod(1st) resulting in corrupted file seen by user.
|
||||
|
||||
Due to missing mkstempat() this is more complex than it should be.
|
||||
Adding PID and timestamp to the filename should be reasonably reliable.
|
||||
Adding O_EXCL as mkstemp does fails creating the file rather than
|
||||
corrupting existing file.
|
||||
|
||||
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
|
||||
---
|
||||
tools/depmod.c | 9 +++++++--
|
||||
1 file changed, 7 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/tools/depmod.c b/tools/depmod.c
|
||||
index 18c0d61b2db3..0f7e33ccfd59 100644
|
||||
--- a/tools/depmod.c
|
||||
+++ b/tools/depmod.c
|
||||
@@ -29,6 +29,7 @@
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <sys/stat.h>
|
||||
+#include <sys/time.h>
|
||||
#include <sys/utsname.h>
|
||||
|
||||
#include <shared/array.h>
|
||||
@@ -2398,6 +2399,9 @@ static int depmod_output(struct depmod *depmod, FILE *out)
|
||||
};
|
||||
const char *dname = depmod->cfg->dirname;
|
||||
int dfd, err = 0;
|
||||
+ struct timeval tv;
|
||||
+
|
||||
+ gettimeofday(&tv, NULL);
|
||||
|
||||
if (out != NULL)
|
||||
dfd = -1;
|
||||
@@ -2416,11 +2420,12 @@ static int depmod_output(struct depmod *depmod, FILE *out)
|
||||
int r, ferr;
|
||||
|
||||
if (fp == NULL) {
|
||||
- int flags = O_CREAT | O_TRUNC | O_WRONLY;
|
||||
+ int flags = O_CREAT | O_EXCL | O_WRONLY;
|
||||
int mode = 0644;
|
||||
int fd;
|
||||
|
||||
- snprintf(tmp, sizeof(tmp), "%s.tmp", itr->name);
|
||||
+ snprintf(tmp, sizeof(tmp), "%s.%i.%li.%li", itr->name, getpid(),
|
||||
+ tv.tv_usec, tv.tv_sec);
|
||||
fd = openat(dfd, tmp, flags, mode);
|
||||
if (fd < 0) {
|
||||
ERR("openat(%s, %s, %o, %o): %m\n",
|
||||
--
|
||||
2.33.0
|
||||
|
@ -0,0 +1,328 @@
|
||||
From 391b4714b495183baefa9cb10ac8e1600c166a59 Mon Sep 17 00:00:00 2001
|
||||
From: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
|
||||
Date: Fri, 1 Feb 2019 22:20:02 +0200
|
||||
Subject: [PATCH] libkmod-signature: implement pkcs7 parsing with openssl
|
||||
|
||||
The patch adds data fetching from the PKCS#7 certificate using
|
||||
openssl library (which is used by scripts/sign-file.c in the linux
|
||||
kernel to sign modules).
|
||||
|
||||
In general the certificate can contain many signatures, but since
|
||||
kmod (modinfo) supports only one signature at the moment, only first
|
||||
one is taken.
|
||||
|
||||
With the current sign-file.c certificate doesn't contain signer
|
||||
key's fingerprint, so "serial number" is used for the key id.
|
||||
|
||||
Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
|
||||
---
|
||||
Makefile.am | 4 +-
|
||||
configure.ac | 11 ++
|
||||
libkmod/libkmod-internal.h | 3 +
|
||||
libkmod/libkmod-module.c | 3 +
|
||||
libkmod/libkmod-signature.c | 197 +++++++++++++++++++++++++++++++++++-
|
||||
5 files changed, 213 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/Makefile.am b/Makefile.am
|
||||
index 1ab1db585316..de1026f8bd46 100644
|
||||
--- a/Makefile.am
|
||||
+++ b/Makefile.am
|
||||
@@ -35,6 +35,8 @@ SED_PROCESS = \
|
||||
-e 's,@liblzma_LIBS\@,${liblzma_LIBS},g' \
|
||||
-e 's,@zlib_CFLAGS\@,${zlib_CFLAGS},g' \
|
||||
-e 's,@zlib_LIBS\@,${zlib_LIBS},g' \
|
||||
+ -e 's,@openssl_CFLAGS\@,${openssl_CFLAGS},g' \
|
||||
+ -e 's,@openssl_LIBS\@,${openssl_LIBS},g' \
|
||||
< $< > $@ || rm $@
|
||||
|
||||
%.pc: %.pc.in Makefile
|
||||
@@ -87,7 +89,7 @@ libkmod_libkmod_la_DEPENDENCIES = \
|
||||
${top_srcdir}/libkmod/libkmod.sym
|
||||
libkmod_libkmod_la_LIBADD = \
|
||||
shared/libshared.la \
|
||||
- ${liblzma_LIBS} ${zlib_LIBS}
|
||||
+ ${liblzma_LIBS} ${zlib_LIBS} ${openssl_LIBS}
|
||||
|
||||
noinst_LTLIBRARIES += libkmod/libkmod-internal.la
|
||||
libkmod_libkmod_internal_la_SOURCES = $(libkmod_libkmod_la_SOURCES)
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index fbc7391b2d1b..2e33380a0cc2 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -106,6 +106,17 @@ AS_IF([test "x$with_zlib" != "xno"], [
|
||||
])
|
||||
CC_FEATURE_APPEND([with_features], [with_zlib], [ZLIB])
|
||||
|
||||
+AC_ARG_WITH([openssl],
|
||||
+ AS_HELP_STRING([--with-openssl], [handle PKCS7 signatures @<:@default=disabled@:>@]),
|
||||
+ [], [with_openssl=no])
|
||||
+AS_IF([test "x$with_openssl" != "xno"], [
|
||||
+ PKG_CHECK_MODULES([openssl], [openssl])
|
||||
+ AC_DEFINE([ENABLE_OPENSSL], [1], [Enable openssl for modinfo.])
|
||||
+], [
|
||||
+ AC_MSG_NOTICE([openssl support not requested])
|
||||
+])
|
||||
+CC_FEATURE_APPEND([with_features], [with_openssl], [OPENSSL])
|
||||
+
|
||||
AC_ARG_WITH([bashcompletiondir],
|
||||
AS_HELP_STRING([--with-bashcompletiondir=DIR], [Bash completions directory]),
|
||||
[],
|
||||
diff --git a/libkmod/libkmod-internal.h b/libkmod/libkmod-internal.h
|
||||
index 346579c71aab..a65ddd156f18 100644
|
||||
--- a/libkmod/libkmod-internal.h
|
||||
+++ b/libkmod/libkmod-internal.h
|
||||
@@ -188,5 +188,8 @@ struct kmod_signature_info {
|
||||
const char *algo, *hash_algo, *id_type;
|
||||
const char *sig;
|
||||
size_t sig_len;
|
||||
+ void (*free)(void *);
|
||||
+ void *private;
|
||||
};
|
||||
bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signature_info *sig_info) _must_check_ __attribute__((nonnull(1, 2)));
|
||||
+void kmod_module_signature_info_free(struct kmod_signature_info *sig_info) __attribute__((nonnull));
|
||||
diff --git a/libkmod/libkmod-module.c b/libkmod/libkmod-module.c
|
||||
index 889f26479a98..bffe715cdef4 100644
|
||||
--- a/libkmod/libkmod-module.c
|
||||
+++ b/libkmod/libkmod-module.c
|
||||
@@ -2357,6 +2357,9 @@ KMOD_EXPORT int kmod_module_get_info(const struct kmod_module *mod, struct kmod_
|
||||
ret = count;
|
||||
|
||||
list_error:
|
||||
+ /* aux structures freed in normal case also */
|
||||
+ kmod_module_signature_info_free(&sig_info);
|
||||
+
|
||||
if (ret < 0) {
|
||||
kmod_module_info_free_list(*list);
|
||||
*list = NULL;
|
||||
diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
|
||||
index 429ffbd8a957..48d0145a7552 100644
|
||||
--- a/libkmod/libkmod-signature.c
|
||||
+++ b/libkmod/libkmod-signature.c
|
||||
@@ -19,6 +19,10 @@
|
||||
|
||||
#include <endian.h>
|
||||
#include <inttypes.h>
|
||||
+#ifdef ENABLE_OPENSSL
|
||||
+#include <openssl/cms.h>
|
||||
+#include <openssl/ssl.h>
|
||||
+#endif
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
@@ -115,15 +119,194 @@ static bool fill_default(const char *mem, off_t size,
|
||||
return true;
|
||||
}
|
||||
|
||||
-static bool fill_unknown(const char *mem, off_t size,
|
||||
- const struct module_signature *modsig, size_t sig_len,
|
||||
- struct kmod_signature_info *sig_info)
|
||||
+#ifdef ENABLE_OPENSSL
|
||||
+
|
||||
+struct pkcs7_private {
|
||||
+ CMS_ContentInfo *cms;
|
||||
+ unsigned char *key_id;
|
||||
+ BIGNUM *sno;
|
||||
+};
|
||||
+
|
||||
+static void pkcs7_free(void *s)
|
||||
+{
|
||||
+ struct kmod_signature_info *si = s;
|
||||
+ struct pkcs7_private *pvt = si->private;
|
||||
+
|
||||
+ CMS_ContentInfo_free(pvt->cms);
|
||||
+ BN_free(pvt->sno);
|
||||
+ free(pvt->key_id);
|
||||
+ free(pvt);
|
||||
+ si->private = NULL;
|
||||
+}
|
||||
+
|
||||
+static int obj_to_hash_algo(const ASN1_OBJECT *o)
|
||||
+{
|
||||
+ int nid;
|
||||
+
|
||||
+ nid = OBJ_obj2nid(o);
|
||||
+ switch (nid) {
|
||||
+ case NID_md4:
|
||||
+ return PKEY_HASH_MD4;
|
||||
+ case NID_md5:
|
||||
+ return PKEY_HASH_MD5;
|
||||
+ case NID_sha1:
|
||||
+ return PKEY_HASH_SHA1;
|
||||
+ case NID_ripemd160:
|
||||
+ return PKEY_HASH_RIPE_MD_160;
|
||||
+ case NID_sha256:
|
||||
+ return PKEY_HASH_SHA256;
|
||||
+ case NID_sha384:
|
||||
+ return PKEY_HASH_SHA384;
|
||||
+ case NID_sha512:
|
||||
+ return PKEY_HASH_SHA512;
|
||||
+ case NID_sha224:
|
||||
+ return PKEY_HASH_SHA224;
|
||||
+ default:
|
||||
+ return -1;
|
||||
+ }
|
||||
+ return -1;
|
||||
+}
|
||||
+
|
||||
+static const char *x509_name_to_str(X509_NAME *name)
|
||||
+{
|
||||
+ int i;
|
||||
+ X509_NAME_ENTRY *e;
|
||||
+ ASN1_STRING *d;
|
||||
+ ASN1_OBJECT *o;
|
||||
+ int nid = -1;
|
||||
+ const char *str;
|
||||
+
|
||||
+ for (i = 0; i < X509_NAME_entry_count(name); i++) {
|
||||
+ e = X509_NAME_get_entry(name, i);
|
||||
+ o = X509_NAME_ENTRY_get_object(e);
|
||||
+ nid = OBJ_obj2nid(o);
|
||||
+ if (nid == NID_commonName)
|
||||
+ break;
|
||||
+ }
|
||||
+ if (nid == -1)
|
||||
+ return NULL;
|
||||
+
|
||||
+ d = X509_NAME_ENTRY_get_data(e);
|
||||
+ str = (const char *)ASN1_STRING_get0_data(d);
|
||||
+
|
||||
+ return str;
|
||||
+}
|
||||
+
|
||||
+static bool fill_pkcs7(const char *mem, off_t size,
|
||||
+ const struct module_signature *modsig, size_t sig_len,
|
||||
+ struct kmod_signature_info *sig_info)
|
||||
+{
|
||||
+ const char *pkcs7_raw;
|
||||
+ CMS_ContentInfo *cms;
|
||||
+ STACK_OF(CMS_SignerInfo) *sis;
|
||||
+ CMS_SignerInfo *si;
|
||||
+ int rc;
|
||||
+ ASN1_OCTET_STRING *key_id;
|
||||
+ X509_NAME *issuer;
|
||||
+ ASN1_INTEGER *sno;
|
||||
+ ASN1_OCTET_STRING *sig;
|
||||
+ BIGNUM *sno_bn;
|
||||
+ X509_ALGOR *dig_alg;
|
||||
+ X509_ALGOR *sig_alg;
|
||||
+ const ASN1_OBJECT *o;
|
||||
+ BIO *in;
|
||||
+ int len;
|
||||
+ unsigned char *key_id_str;
|
||||
+ struct pkcs7_private *pvt;
|
||||
+ const char *issuer_str;
|
||||
+
|
||||
+ size -= sig_len;
|
||||
+ pkcs7_raw = mem + size;
|
||||
+
|
||||
+ in = BIO_new_mem_buf(pkcs7_raw, sig_len);
|
||||
+
|
||||
+ cms = d2i_CMS_bio(in, NULL);
|
||||
+ if (cms == NULL) {
|
||||
+ BIO_free(in);
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ BIO_free(in);
|
||||
+
|
||||
+ sis = CMS_get0_SignerInfos(cms);
|
||||
+ if (sis == NULL)
|
||||
+ goto err;
|
||||
+
|
||||
+ si = sk_CMS_SignerInfo_value(sis, 0);
|
||||
+ if (si == NULL)
|
||||
+ goto err;
|
||||
+
|
||||
+ rc = CMS_SignerInfo_get0_signer_id(si, &key_id, &issuer, &sno);
|
||||
+ if (rc == 0)
|
||||
+ goto err;
|
||||
+
|
||||
+ sig = CMS_SignerInfo_get0_signature(si);
|
||||
+ if (sig == NULL)
|
||||
+ goto err;
|
||||
+
|
||||
+ CMS_SignerInfo_get0_algs(si, NULL, NULL, &dig_alg, &sig_alg);
|
||||
+
|
||||
+ sig_info->sig = (const char *)ASN1_STRING_get0_data(sig);
|
||||
+ sig_info->sig_len = ASN1_STRING_length(sig);
|
||||
+
|
||||
+ sno_bn = ASN1_INTEGER_to_BN(sno, NULL);
|
||||
+ if (sno_bn == NULL)
|
||||
+ goto err;
|
||||
+
|
||||
+ len = BN_num_bytes(sno_bn);
|
||||
+ key_id_str = malloc(len);
|
||||
+ if (key_id_str == NULL)
|
||||
+ goto err2;
|
||||
+ BN_bn2bin(sno_bn, key_id_str);
|
||||
+
|
||||
+ sig_info->key_id = (const char *)key_id_str;
|
||||
+ sig_info->key_id_len = len;
|
||||
+
|
||||
+ issuer_str = x509_name_to_str(issuer);
|
||||
+ if (issuer_str != NULL) {
|
||||
+ sig_info->signer = issuer_str;
|
||||
+ sig_info->signer_len = strlen(issuer_str);
|
||||
+ }
|
||||
+
|
||||
+ X509_ALGOR_get0(&o, NULL, NULL, dig_alg);
|
||||
+
|
||||
+ sig_info->hash_algo = pkey_hash_algo[obj_to_hash_algo(o)];
|
||||
+ sig_info->id_type = pkey_id_type[modsig->id_type];
|
||||
+
|
||||
+ pvt = malloc(sizeof(*pvt));
|
||||
+ if (pvt == NULL)
|
||||
+ goto err3;
|
||||
+
|
||||
+ pvt->cms = cms;
|
||||
+ pvt->key_id = key_id_str;
|
||||
+ pvt->sno = sno_bn;
|
||||
+ sig_info->private = pvt;
|
||||
+
|
||||
+ sig_info->free = pkcs7_free;
|
||||
+
|
||||
+ return true;
|
||||
+err3:
|
||||
+ free(key_id_str);
|
||||
+err2:
|
||||
+ BN_free(sno_bn);
|
||||
+err:
|
||||
+ CMS_ContentInfo_free(cms);
|
||||
+ return false;
|
||||
+}
|
||||
+
|
||||
+#else /* ENABLE OPENSSL */
|
||||
+
|
||||
+static bool fill_pkcs7(const char *mem, off_t size,
|
||||
+ const struct module_signature *modsig, size_t sig_len,
|
||||
+ struct kmod_signature_info *sig_info)
|
||||
{
|
||||
sig_info->hash_algo = "unknown";
|
||||
sig_info->id_type = pkey_id_type[modsig->id_type];
|
||||
return true;
|
||||
}
|
||||
|
||||
+#endif /* ENABLE OPENSSL */
|
||||
+
|
||||
#define SIG_MAGIC "~Module signature appended~\n"
|
||||
|
||||
/*
|
||||
@@ -167,8 +350,14 @@ bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signat
|
||||
|
||||
switch (modsig->id_type) {
|
||||
case PKEY_ID_PKCS7:
|
||||
- return fill_unknown(mem, size, modsig, sig_len, sig_info);
|
||||
+ return fill_pkcs7(mem, size, modsig, sig_len, sig_info);
|
||||
default:
|
||||
return fill_default(mem, size, modsig, sig_len, sig_info);
|
||||
}
|
||||
}
|
||||
+
|
||||
+void kmod_module_signature_info_free(struct kmod_signature_info *sig_info)
|
||||
+{
|
||||
+ if (sig_info->free)
|
||||
+ sig_info->free(sig_info);
|
||||
+}
|
||||
--
|
||||
2.20.1
|
||||
|
@ -0,0 +1,83 @@
|
||||
From 52a0ba82e1ad180f9f91920db70a758fac49466a Mon Sep 17 00:00:00 2001
|
||||
From: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
|
||||
Date: Thu, 31 Oct 2019 20:12:53 +0200
|
||||
Subject: [PATCH] modprobe: ignore builtin module on recursive removing
|
||||
|
||||
If there are built-in dependencies and any of them is built-in in
|
||||
the kernel, modprobe -r fails with
|
||||
|
||||
modprobe: FATAL: Module module_name is builtin.
|
||||
|
||||
It makes sense to ignore such dependencies for the case when
|
||||
removing is called for non-top level module.
|
||||
|
||||
Example: cifs module, it declares bunch of softdeps and the first
|
||||
one fails on some kernel configs:
|
||||
|
||||
modprobe: FATAL: Module gcm is builtin.
|
||||
|
||||
Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
|
||||
---
|
||||
tools/modprobe.c | 18 ++++++++++++------
|
||||
1 file changed, 12 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/tools/modprobe.c b/tools/modprobe.c
|
||||
index a9e2331567af..44cd15c2bf57 100644
|
||||
--- a/tools/modprobe.c
|
||||
+++ b/tools/modprobe.c
|
||||
@@ -353,7 +353,8 @@ static int rmmod_do_remove_module(struct kmod_module *mod)
|
||||
return err;
|
||||
}
|
||||
|
||||
-static int rmmod_do_module(struct kmod_module *mod, bool do_dependencies);
|
||||
+static int rmmod_do_module(struct kmod_module *mod, bool do_dependencies,
|
||||
+ bool ignore_builtin);
|
||||
|
||||
static int rmmod_do_deps_list(struct kmod_list *list, bool stop_on_errors)
|
||||
{
|
||||
@@ -361,7 +362,7 @@ static int rmmod_do_deps_list(struct kmod_list *list, bool stop_on_errors)
|
||||
|
||||
kmod_list_foreach_reverse(l, list) {
|
||||
struct kmod_module *m = kmod_module_get_module(l);
|
||||
- int r = rmmod_do_module(m, false);
|
||||
+ int r = rmmod_do_module(m, false, true);
|
||||
kmod_module_unref(m);
|
||||
|
||||
if (r < 0 && stop_on_errors)
|
||||
@@ -371,7 +372,8 @@ static int rmmod_do_deps_list(struct kmod_list *list, bool stop_on_errors)
|
||||
return 0;
|
||||
}
|
||||
|
||||
-static int rmmod_do_module(struct kmod_module *mod, bool do_dependencies)
|
||||
+static int rmmod_do_module(struct kmod_module *mod, bool do_dependencies,
|
||||
+ bool ignore_builtin)
|
||||
{
|
||||
const char *modname = kmod_module_get_name(mod);
|
||||
struct kmod_list *pre = NULL, *post = NULL;
|
||||
@@ -401,8 +403,12 @@ static int rmmod_do_module(struct kmod_module *mod, bool do_dependencies)
|
||||
}
|
||||
goto error;
|
||||
} else if (state == KMOD_MODULE_BUILTIN) {
|
||||
- LOG("Module %s is builtin.\n", modname);
|
||||
- err = -ENOENT;
|
||||
+ if (ignore_builtin) {
|
||||
+ err = 0;
|
||||
+ } else {
|
||||
+ LOG("Module %s is builtin.\n", modname);
|
||||
+ err = -ENOENT;
|
||||
+ }
|
||||
goto error;
|
||||
}
|
||||
}
|
||||
@@ -462,7 +468,7 @@ static int rmmod(struct kmod_ctx *ctx, const char *alias)
|
||||
|
||||
kmod_list_foreach(l, list) {
|
||||
struct kmod_module *mod = kmod_module_get_module(l);
|
||||
- err = rmmod_do_module(mod, true);
|
||||
+ err = rmmod_do_module(mod, true, false);
|
||||
kmod_module_unref(mod);
|
||||
if (err < 0)
|
||||
break;
|
||||
--
|
||||
2.24.0
|
||||
|
@ -0,0 +1,116 @@
|
||||
From a11057201ed326a9e65e757202da960735e45799 Mon Sep 17 00:00:00 2001
|
||||
From: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
|
||||
Date: Fri, 16 Nov 2018 10:56:34 +0200
|
||||
Subject: [PATCH] signature: do not report wrong data for pkc#7 signature
|
||||
|
||||
when PKC#7 signing method is used the old structure doesn't contain
|
||||
any useful data, but the data are encoded in the certificate.
|
||||
|
||||
The info getting/showing code is not aware of that at the moment and
|
||||
since 0 is a valid constant, shows, for example, wrong "md4" for the
|
||||
hash algo.
|
||||
|
||||
The patch splits the 2 mothods of gethering the info and reports
|
||||
"unknown" for the algo.
|
||||
|
||||
Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
|
||||
---
|
||||
libkmod/libkmod-module.c | 2 +-
|
||||
libkmod/libkmod-signature.c | 56 +++++++++++++++++++++++++------------
|
||||
2 files changed, 39 insertions(+), 19 deletions(-)
|
||||
|
||||
diff --git a/libkmod/libkmod-module.c b/libkmod/libkmod-module.c
|
||||
index ee420f4ec2bf..889f26479a98 100644
|
||||
--- a/libkmod/libkmod-module.c
|
||||
+++ b/libkmod/libkmod-module.c
|
||||
@@ -2273,7 +2273,7 @@ KMOD_EXPORT int kmod_module_get_info(const struct kmod_module *mod, struct kmod_
|
||||
struct kmod_elf *elf;
|
||||
char **strings;
|
||||
int i, count, ret = -ENOMEM;
|
||||
- struct kmod_signature_info sig_info;
|
||||
+ struct kmod_signature_info sig_info = {};
|
||||
|
||||
if (mod == NULL || list == NULL)
|
||||
return -ENOENT;
|
||||
diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
|
||||
index 1f3e26dea203..429ffbd8a957 100644
|
||||
--- a/libkmod/libkmod-signature.c
|
||||
+++ b/libkmod/libkmod-signature.c
|
||||
@@ -92,6 +92,38 @@ struct module_signature {
|
||||
uint32_t sig_len; /* Length of signature data (big endian) */
|
||||
};
|
||||
|
||||
+static bool fill_default(const char *mem, off_t size,
|
||||
+ const struct module_signature *modsig, size_t sig_len,
|
||||
+ struct kmod_signature_info *sig_info)
|
||||
+{
|
||||
+ size -= sig_len;
|
||||
+ sig_info->sig = mem + size;
|
||||
+ sig_info->sig_len = sig_len;
|
||||
+
|
||||
+ size -= modsig->key_id_len;
|
||||
+ sig_info->key_id = mem + size;
|
||||
+ sig_info->key_id_len = modsig->key_id_len;
|
||||
+
|
||||
+ size -= modsig->signer_len;
|
||||
+ sig_info->signer = mem + size;
|
||||
+ sig_info->signer_len = modsig->signer_len;
|
||||
+
|
||||
+ sig_info->algo = pkey_algo[modsig->algo];
|
||||
+ sig_info->hash_algo = pkey_hash_algo[modsig->hash];
|
||||
+ sig_info->id_type = pkey_id_type[modsig->id_type];
|
||||
+
|
||||
+ return true;
|
||||
+}
|
||||
+
|
||||
+static bool fill_unknown(const char *mem, off_t size,
|
||||
+ const struct module_signature *modsig, size_t sig_len,
|
||||
+ struct kmod_signature_info *sig_info)
|
||||
+{
|
||||
+ sig_info->hash_algo = "unknown";
|
||||
+ sig_info->id_type = pkey_id_type[modsig->id_type];
|
||||
+ return true;
|
||||
+}
|
||||
+
|
||||
#define SIG_MAGIC "~Module signature appended~\n"
|
||||
|
||||
/*
|
||||
@@ -112,7 +144,6 @@ bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signat
|
||||
const struct module_signature *modsig;
|
||||
size_t sig_len;
|
||||
|
||||
-
|
||||
size = kmod_file_get_size(file);
|
||||
mem = kmod_file_get_contents(file);
|
||||
if (size < (off_t)strlen(SIG_MAGIC))
|
||||
@@ -134,21 +165,10 @@ bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signat
|
||||
size < (int64_t)(modsig->signer_len + modsig->key_id_len + sig_len))
|
||||
return false;
|
||||
|
||||
- size -= sig_len;
|
||||
- sig_info->sig = mem + size;
|
||||
- sig_info->sig_len = sig_len;
|
||||
-
|
||||
- size -= modsig->key_id_len;
|
||||
- sig_info->key_id = mem + size;
|
||||
- sig_info->key_id_len = modsig->key_id_len;
|
||||
-
|
||||
- size -= modsig->signer_len;
|
||||
- sig_info->signer = mem + size;
|
||||
- sig_info->signer_len = modsig->signer_len;
|
||||
-
|
||||
- sig_info->algo = pkey_algo[modsig->algo];
|
||||
- sig_info->hash_algo = pkey_hash_algo[modsig->hash];
|
||||
- sig_info->id_type = pkey_id_type[modsig->id_type];
|
||||
-
|
||||
- return true;
|
||||
+ switch (modsig->id_type) {
|
||||
+ case PKEY_ID_PKCS7:
|
||||
+ return fill_unknown(mem, size, modsig, sig_len, sig_info);
|
||||
+ default:
|
||||
+ return fill_default(mem, size, modsig, sig_len, sig_info);
|
||||
+ }
|
||||
}
|
||||
--
|
||||
2.20.1
|
||||
|
@ -179,24 +179,24 @@ compare_initramfs_modules() {
|
||||
mkdir "$tmpdir/new_initramfs"
|
||||
|
||||
decompress_initramfs "$old_initramfs" "$tmpdir/old_initramfs.img"
|
||||
pushd "$tmpdir/old_initramfs" >/dev/null || exit
|
||||
pushd "$tmpdir/old_initramfs" >/dev/null
|
||||
cpio -i < "$tmpdir/old_initramfs.img" 2>/dev/null
|
||||
rm "$tmpdir/old_initramfs.img"
|
||||
n=0; for i in `list_module_files|sort`; do
|
||||
old_initramfs_modules[n]="$i"
|
||||
n=$((n+1))
|
||||
done
|
||||
popd >/dev/null || exit
|
||||
popd >/dev/null
|
||||
|
||||
decompress_initramfs "$new_initramfs" "$tmpdir/new_initramfs.img"
|
||||
pushd "$tmpdir/new_initramfs" >/dev/null || exit
|
||||
pushd "$tmpdir/new_initramfs" >/dev/null
|
||||
cpio -i < "$tmpdir/new_initramfs.img" 2>/dev/null
|
||||
rm "$tmpdir/new_initramfs.img"
|
||||
n=0; for i in `list_module_files|sort`; do
|
||||
new_initramfs_modules[n]="$i"
|
||||
n=$((n+1))
|
||||
done
|
||||
popd >/dev/null || exit
|
||||
popd >/dev/null
|
||||
|
||||
# Compare the length and contents of the arrays
|
||||
if [ "${#old_initramfs_modules[@]}" == "${#new_initramfs_modules[@]}" -a \
|
||||
@ -620,6 +620,7 @@ update_modules_for_krel() {
|
||||
|
||||
if ! validate_weak_links $krel && [[ -z "$force_update" ]]; then
|
||||
global_link_state_restore $krel
|
||||
compatible_modules=()
|
||||
fi
|
||||
|
||||
# add compatible to installed
|
||||
@ -758,7 +759,6 @@ validate_weak_links() {
|
||||
# to return to caller that original proposal is not valid
|
||||
# here 0 is true, 1 is false, since it will be the return code
|
||||
local is_configuration_valid=0
|
||||
local cat_prog
|
||||
|
||||
tmp=$(mktemp -p $tmpdir)
|
||||
compatible_modules=()
|
||||
@ -767,12 +767,7 @@ validate_weak_links() {
|
||||
local symvers_path=$(find_symvers_file "$krel")
|
||||
|
||||
[[ -n "$symvers_path" ]] || return
|
||||
cat_prog="cat"
|
||||
case "$symvers" in
|
||||
*.gz) cat_prog="zcat" ;;
|
||||
*.xz) cat_prog="xzcat" ;;
|
||||
esac
|
||||
"$cat_prog" "$symvers_path" > $tmpdir/symvers-$krel
|
||||
zcat "$symvers_path" > $tmpdir/symvers-$krel
|
||||
fi
|
||||
|
||||
while ((is_updates_changed)); do
|
||||
@ -946,7 +941,7 @@ do_make_groups()
|
||||
declare -a mods
|
||||
|
||||
while read i; do
|
||||
read -a mods <<< "$i"
|
||||
mods=($i)
|
||||
|
||||
echo "${mods[0]}" |grep -q "extra/" || continue
|
||||
|
||||
@ -998,7 +993,7 @@ filter_extra_absoluted()
|
||||
# to speed up handling in general cases
|
||||
echo "$i" |grep -q "extra/" || continue
|
||||
|
||||
read -a mods <<< "$i"
|
||||
mods=($i)
|
||||
for j in "${!mods[@]}"; do
|
||||
mod="${mods[$j]}"
|
||||
|
||||
@ -1158,7 +1153,7 @@ while :; do
|
||||
shift
|
||||
done
|
||||
|
||||
if [ ! -x "$dracut" ]
|
||||
if [ ! -x "$dracut" ] && [ -z "$no_initramfs" ]
|
||||
then
|
||||
echo "weak-modules: could not find dracut at $dracut"
|
||||
exit 1
|
@ -1,92 +1,30 @@
|
||||
# Fedora does not support CONFIG_MODVERSIONS. Without kabi support
|
||||
# weak-modules is useless at best, and can be actively harmful.
|
||||
# Since RHEL *does* support this and offers kabi support,
|
||||
# turn it on there by default.
|
||||
%if 0%{?rhel}
|
||||
%bcond_without weak_modules
|
||||
%bcond_without dist_conf
|
||||
%else
|
||||
%bcond_with weak_modules
|
||||
%bcond_with dist_conf
|
||||
%endif
|
||||
|
||||
%bcond_without zlib
|
||||
%bcond_without xz
|
||||
%bcond_without zstd
|
||||
|
||||
Name: kmod
|
||||
Version: 31
|
||||
Release: 8%{?dist}
|
||||
Version: 25
|
||||
Release: 20%{?dist}
|
||||
Summary: Linux kernel module management utilities
|
||||
|
||||
# https://docs.fedoraproject.org/en-US/legal/license-field/#_no_effective_license_analysis
|
||||
# GPL-2.0-or-later:
|
||||
# build-aux/compile
|
||||
# build-aux/depcomp
|
||||
# build-aux/ltmain.sh
|
||||
# build-aux/ltmain.sh
|
||||
# build-aux/missing
|
||||
# build-aux/py-compile
|
||||
# build-aux/test-driver
|
||||
# m4/attributes.m4
|
||||
# m4/features.m4
|
||||
# tools
|
||||
# GPL-3.0-or-later:
|
||||
# build-aux/config.guess
|
||||
# build-aux/config.sub
|
||||
# build-aux/git-version-gen
|
||||
# libkmod/docs/gtk-doc.make
|
||||
# m4/gtk-doc.m4
|
||||
# FSFUL:
|
||||
# configure
|
||||
# FSFULLRWD:
|
||||
# aclocal.m4
|
||||
# libkmod/docs/Makefile.in
|
||||
# m4/libtool.m4
|
||||
# m4/lt~obsolete.m4
|
||||
# m4/ltoptions.m4
|
||||
# m4/ltsugar.m4
|
||||
# m4/ltversion.m4
|
||||
# Makefile.in
|
||||
# LGPL-2.1-only:
|
||||
# libkmod/python/kmod/error.py
|
||||
# libkmod/python/kmod/__init__.py
|
||||
# libkmod/python/kmod/version.py
|
||||
# libkmod/python/kmod/version.py.in
|
||||
# LGPL-2.1-or-later:
|
||||
# config.h.in (no explicit license, the one in COPYING is assumed)
|
||||
# libkmod
|
||||
# man (no explicit license, the one in COPYING is assumed)
|
||||
# shared
|
||||
# shell-completion/bash/kmod
|
||||
# testsuite
|
||||
# X11:
|
||||
# build-aux/install-sh
|
||||
License: GPL-2.0-or-later AND GPL-3.0-or-later AND FSFUL AND FSFULLRWD AND LGPL-2.1-only AND LGPL-2.1-or-later AND X11
|
||||
URL: https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git
|
||||
Group: System Environment/Kernel
|
||||
License: GPLv2+
|
||||
URL: http://git.kernel.org/?p=utils/kernel/kmod/kmod.git;a=summary
|
||||
Source0: https://www.kernel.org/pub/linux/utils/kernel/kmod/%{name}-%{version}.tar.xz
|
||||
Source1: weak-modules
|
||||
Source2: depmod.conf.dist
|
||||
Patch1: kmod-tip.patch
|
||||
# v33~1 "libkmod: avoid undefined behaviour in libkmod-builtin.c:get_string"
|
||||
Patch2: 0001-libkmod-avoid-undefined-behaviour-in-libkmod-builtin.patch
|
||||
|
||||
Exclusiveos: Linux
|
||||
|
||||
BuildRequires: gcc
|
||||
Patch01: kmod-signature-do-not-report-wrong-data-for-pkc-7-signatu.patch
|
||||
Patch02: kmod-libkmod-signature-implement-pkcs7-parsing-with-opens.patch
|
||||
Patch03: kmod-modprobe-ignore-builtin-module-on-recursive-removing.patch
|
||||
Patch04: 0001-depmod-prevent-module-dependency-files-missing-durin.patch
|
||||
Patch05: 0002-depmod-prevent-module-dependency-files-corruption-du.patch
|
||||
|
||||
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
||||
BuildRequires: chrpath
|
||||
%if %{with zlib}
|
||||
BuildRequires: zlib-devel
|
||||
%endif
|
||||
%if %{with xz}
|
||||
BuildRequires: xz-devel
|
||||
%endif
|
||||
BuildRequires: libxslt docbook-style-xsl
|
||||
BuildRequires: libxslt
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: make automake
|
||||
%if %{with zstd}
|
||||
BuildRequires: libzstd-devel
|
||||
%endif
|
||||
# Remove it as soon as no need for Patch02 anymore (Makefile.am updated)
|
||||
BuildRequires: automake autoconf libtool
|
||||
|
||||
Provides: module-init-tools = 4.0-1
|
||||
Obsoletes: module-init-tools < 4.0-1
|
||||
@ -100,6 +38,8 @@ examples of loaded and unloaded modules.
|
||||
|
||||
%package libs
|
||||
Summary: Libraries to handle kernel module loading and unloading
|
||||
License: LGPLv2+
|
||||
Group: System Environment/Libraries
|
||||
|
||||
%description libs
|
||||
The kmod-libs package provides runtime libraries for any application that
|
||||
@ -107,6 +47,7 @@ wishes to load or unload Linux kernel modules from the running system.
|
||||
|
||||
%package devel
|
||||
Summary: Header files for kmod development
|
||||
Group: Development/Libraries
|
||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||
|
||||
%description devel
|
||||
@ -114,33 +55,30 @@ The kmod-devel package provides header files used for development of
|
||||
applications that wish to load or unload Linux kernel modules.
|
||||
|
||||
%prep
|
||||
%autosetup -p1
|
||||
%setup -q
|
||||
%patch01 -p1
|
||||
%patch02 -p1
|
||||
%patch03 -p1
|
||||
%patch04 -p1
|
||||
%patch05 -p1
|
||||
|
||||
%build
|
||||
export V=1
|
||||
aclocal
|
||||
autoreconf --install --symlink
|
||||
%configure \
|
||||
--with-openssl \
|
||||
%if %{with zlib}
|
||||
--with-zlib \
|
||||
%endif
|
||||
%if %{with xz}
|
||||
--with-xz \
|
||||
%endif
|
||||
%if %{with zstd}
|
||||
--with-zstd \
|
||||
%endif
|
||||
--enable-debug
|
||||
|
||||
%{make_build} V=1
|
||||
--with-xz \
|
||||
--with-openssl
|
||||
make %{?_smp_mflags}
|
||||
|
||||
%install
|
||||
%{make_install}
|
||||
|
||||
pushd $RPM_BUILD_ROOT%{_mandir}/man5
|
||||
make install DESTDIR=$RPM_BUILD_ROOT
|
||||
pushd $RPM_BUILD_ROOT/%{_mandir}/man5
|
||||
ln -s modprobe.d.5.gz modprobe.conf.5.gz
|
||||
popd
|
||||
|
||||
find %{buildroot} -type f -name "*.la" -delete
|
||||
|
||||
rm -rf $RPM_BUILD_ROOT%{_libdir}/*.la
|
||||
mkdir -p $RPM_BUILD_ROOT%{_sbindir}
|
||||
ln -sf ../bin/kmod $RPM_BUILD_ROOT%{_sbindir}/modprobe
|
||||
ln -sf ../bin/kmod $RPM_BUILD_ROOT%{_sbindir}/modinfo
|
||||
@ -153,15 +91,16 @@ mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/modprobe.d
|
||||
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d
|
||||
mkdir -p $RPM_BUILD_ROOT%{_prefix}/lib/modprobe.d
|
||||
|
||||
%if %{with weak_modules}
|
||||
install -pm 755 %{SOURCE1} $RPM_BUILD_ROOT%{_sbindir}/weak-modules
|
||||
%endif
|
||||
|
||||
%if %{with dist_conf}
|
||||
mkdir -p $RPM_BUILD_ROOT/sbin
|
||||
install -m 755 %{SOURCE1} $RPM_BUILD_ROOT%{_sbindir}/weak-modules
|
||||
install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf
|
||||
%endif
|
||||
|
||||
%post libs -p /sbin/ldconfig
|
||||
|
||||
%postun libs -p /sbin/ldconfig
|
||||
|
||||
%files
|
||||
%defattr(-,root,root,-)
|
||||
%dir %{_sysconfdir}/depmod.d
|
||||
%dir %{_sysconfdir}/modprobe.d
|
||||
%dir %{_prefix}/lib/modprobe.d
|
||||
@ -172,143 +111,101 @@ install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf
|
||||
%{_sbindir}/rmmod
|
||||
%{_sbindir}/lsmod
|
||||
%{_sbindir}/depmod
|
||||
%if %{with weak_modules}
|
||||
%{_sbindir}/weak-modules
|
||||
%endif
|
||||
%{_datadir}/bash-completion/
|
||||
%if %{with dist_conf}
|
||||
%{_sysconfdir}/depmod.d/dist.conf
|
||||
%endif
|
||||
%attr(0644,root,root) %{_mandir}/man5/mod*.d*.5*
|
||||
%attr(0644,root,root) %{_mandir}/man5/depmod.d.5*
|
||||
%{_mandir}/man5/modprobe.conf.5*
|
||||
%attr(0644,root,root) %{_mandir}/man5/*.5*
|
||||
%attr(0644,root,root) %{_mandir}/man8/*.8*
|
||||
%doc NEWS README.md TODO
|
||||
%doc NEWS README TODO
|
||||
|
||||
%files libs
|
||||
%{!?_licensedir:%global license %%doc}
|
||||
%license COPYING
|
||||
%{_libdir}/libkmod.so.*
|
||||
|
||||
%files devel
|
||||
%{_includedir}/libkmod.h
|
||||
%{_libdir}/pkgconfig/kmod.pc
|
||||
%{_libdir}/pkgconfig/libkmod.pc
|
||||
%{_libdir}/libkmod.so
|
||||
|
||||
%changelog
|
||||
* Thu Aug 15 2024 Eugene Syromiatnikov <esyr@redhat.com> - 31-8
|
||||
- Fix issues discovered by static analysis
|
||||
- Resolves: RHEL-44931
|
||||
|
||||
* Mon Aug 12 2024 Eugene Syromiatnikov <esyr@redhat.com> - 31-7
|
||||
- weak-modules: use either zcat or xzcat based on symvers file extension
|
||||
- Resolves: RHEL-39388
|
||||
|
||||
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 31-6
|
||||
- Bump release for June 2024 mass rebuild
|
||||
|
||||
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 31-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
||||
|
||||
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 31-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
||||
|
||||
* Fri Dec 01 2023 Eugene Syromiatnikov <esyr@redhat.com> - 31-3
|
||||
- migrated to SPDX license
|
||||
|
||||
* Thu Nov 09 2023 Josh Boyer <jwboyer@fedoraproject.org> - 31-2
|
||||
- Add upstream patches to enable SHA3 support
|
||||
- New upstream v31
|
||||
- Resolves: rhbz#2241394
|
||||
|
||||
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 30-6
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
|
||||
|
||||
* Tue May 09 2023 Eugene Syromiatnikov <esyr@redhat.com> - 30-5
|
||||
* Wed Oct 11 2023 Eugene Syromiatnikov <esyr@redhat.com> - 25-20
|
||||
- Add symvers.xz support to weak-modules
|
||||
- Resolves: RHEL-8903
|
||||
|
||||
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 30-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
|
||||
* Mon Nov 29 2021 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-19
|
||||
- depmod: fix parallel execution issues
|
||||
Resolves: rhbz#2026938
|
||||
|
||||
* Sat Dec 17 2022 Florian Weimer <fweimer@redhat.com> - 30-3
|
||||
- Port configure script to C99
|
||||
* Fri Apr 16 2021 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-18
|
||||
- weak-modules: do not require dracut wneh using --no-initramfs
|
||||
Resolves: rhbz#1935416
|
||||
|
||||
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 30-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
||||
* Fri Dec 18 2020 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-17
|
||||
- weak-modules: reset compatible_modules if configuration is not valid
|
||||
Resolves: rhbz#1907855
|
||||
|
||||
* Mon Jul 4 2022 Yauheni Kaliuta <ykaliuta@redhat.com> - 30-1
|
||||
- New upstream v30
|
||||
- Resolves: rhbz#2102796
|
||||
* Mon Dec 9 2019 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-16
|
||||
- weak-modules: update_modules_for_krel: always finish sandbox
|
||||
- weak-modules: groupping: use dependencies of extra/ provider
|
||||
Resolves: rhbz#1778889
|
||||
|
||||
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 29-7
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
||||
* Mon Dec 9 2019 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-15
|
||||
- weak-modules: reverse checking order for add-kernel
|
||||
Resolves: rhbz#1755196
|
||||
|
||||
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 29-6
|
||||
- Rebuilt with OpenSSL 3.0.0
|
||||
* Mon Dec 2 2019 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-14
|
||||
- modprobe: do not fail on built-in modules
|
||||
Resolves: rhbz#1767513
|
||||
|
||||
* Tue Aug 10 2021 Yauheni Kaliuta <ykaliuta@redhat.com> - 29-5
|
||||
- kmod.spec: enable debug
|
||||
- weak-modules: compare_initramfs_modules: exit on pushd/popd failures
|
||||
- weak-modules: split modules into array with read -a
|
||||
- Add default config file, /etc/depmod.d/dist.conf
|
||||
* Tue Apr 16 2019 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-13
|
||||
- weak-modules: handle independent modules in one run
|
||||
Resolves: rhbz#1695763
|
||||
|
||||
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 29-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
||||
* Tue Apr 2 2019 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-12
|
||||
- weak-modules: use asterisk for kernel version in sandbox
|
||||
Resolves: rhbz#1689052
|
||||
|
||||
* Tue Jun 08 2021 Neal Gompa <ngompa13@gmail.com> - 29-3
|
||||
- Fix conditional to only install weak-modules for RHEL
|
||||
* Tue Feb 5 2019 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-11
|
||||
- add PKCS7/openssl support.
|
||||
Resolves: rhbz#1668459.
|
||||
|
||||
* Tue May 25 2021 Justin M. Forbes <jforbes@fedoraproject.org> - 29-2
|
||||
- Rebuild for weak-modules drop in Fedora
|
||||
* Tue Dec 11 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-10
|
||||
- weak-modules: group modules on add-kernel
|
||||
- weak-modules: do not make groups if there are no extra modules
|
||||
Resolves: rhbz#1649211
|
||||
|
||||
* Mon May 24 2021 Justin M. Forbes <jforbes@fedoraproject.org>
|
||||
- Remove weak-modules for Fedora as it causes problems.
|
||||
* Tue Oct 2 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-9
|
||||
- Rebuild with updated flags.
|
||||
Resolves: rhbz#1630574.
|
||||
|
||||
* Fri May 14 2021 Josh Boyer <jwboyer@fedoraproject.org> - 29-1
|
||||
- New upstream v29
|
||||
- Resolves: rhbz#1962980
|
||||
* Tue Sep 4 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-8
|
||||
- weak-modules: fix initial state creation for dry-run
|
||||
- weak-modules: check compatibility in a temporary directory
|
||||
Resolves: rhbz#1622990.
|
||||
|
||||
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 28-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
* Tue Aug 28 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-7
|
||||
- weak-modules: use is_kernel_installed wrapper in update_modules_for_krel.
|
||||
- weak-modules: more abstract symvers search implementation.
|
||||
- weak-modules: use additional paths for System.map file.
|
||||
Resolves: rhbz#1621306.
|
||||
|
||||
* Thu Jan 07 2021 Josh Boyer <jwboyer@fedoraproject.org> - 28-1
|
||||
- New upstream v28
|
||||
- Enable zstd support
|
||||
- Resolves: rhbz#1913949
|
||||
* Thu Aug 09 2018 Eugene Syromiatnikov <esyr@redhat.com> - 25-6
|
||||
- weak-modules: check also for /lib/modules/$krel/symvers.gz as a possible
|
||||
symvers file path.
|
||||
Resolves: rhbz#1614119.
|
||||
|
||||
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 27-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
* Mon Jul 30 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-5
|
||||
- weak-modules: handle versions with + and other special regex symbols
|
||||
- weak-modules: fix misleading message when cannot find dracut.
|
||||
Resolves: rhbz#1609372.
|
||||
|
||||
* Wed Mar 25 2020 Yauheni Kaliuta <ykaliuta@fedoraproject.org> - 27-2
|
||||
- add 0001-depmod-do-not-output-.bin-to-stdout.patch
|
||||
Resolves: rhbz#1808430
|
||||
* Fri Jul 27 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-4
|
||||
- fix dracut path, /usr/bin/dracut
|
||||
|
||||
* Thu Feb 20 2020 Peter Robinson <pbrobinson@fedoraproject.org> - 27-1
|
||||
- New upstream v27
|
||||
|
||||
* Mon Jan 20 2020 Yauheni Kaliuta <ykaliuta@fedoraproject.org> - 26-5
|
||||
- weak-modules: sync with RHEL
|
||||
|
||||
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 26-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Mon Feb 25 2019 Yauheni Kaliuta <yauheni.kaliuta@redhat.com> - 26-3
|
||||
- weak-modules: sync with RHEL
|
||||
|
||||
* Sun Feb 24 2019 Yauheni Kaliuta <ykaliuta@fedoraproject.org> - 26-2
|
||||
- add PKCS7/openssl support (rhbz 1320921)
|
||||
|
||||
* Sun Feb 24 2019 Yauheni Kaliuta <ykaliuta@fedoraproject.org> - 26-1
|
||||
- Update to version 26 (rhbz 1673749)
|
||||
|
||||
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 25-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Mon Oct 29 2018 James Antill <james.antill@redhat.com> - 25-4
|
||||
- Remove ldconfig scriptlet, now done via. transfiletrigger in glibc (rhbz 1644063)
|
||||
|
||||
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 25-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
* Wed Jul 25 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-3
|
||||
- Add depmod.d/dist.conf.
|
||||
- Update weak-modules to RHEL version.
|
||||
|
||||
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 25-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
561
kmod-tip.patch
561
kmod-tip.patch
@ -1,561 +0,0 @@
|
||||
From 1bb23d7f19d888fbdd96ae0fe929b7086713ef33 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Suchanek <msuchanek@suse.de>
|
||||
Date: Tue, 18 Jul 2023 14:01:52 +0200
|
||||
Subject: [PATCH 1/6] configure: Detect openssl sm3 support
|
||||
|
||||
Older openssl versions do not support sm3. The code has an option to
|
||||
disable the sm3 hash but the lack of openssl support is not detected
|
||||
automatically.
|
||||
|
||||
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
|
||||
Link: https://lore.kernel.org/r/b97e20faa07e9e31c6eaf96683011aa24e80760c.1689681454.git.msuchanek@suse.de
|
||||
Signed-off-by: Lucas De Marchi <lucas.de.marchi@gmail.com>
|
||||
---
|
||||
configure.ac | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 82a8532..e5bceea 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -123,6 +123,13 @@ AC_ARG_WITH([openssl],
|
||||
AS_IF([test "x$with_openssl" != "xno"], [
|
||||
PKG_CHECK_MODULES([libcrypto], [libcrypto >= 1.1.0], [LIBS="$LIBS $libcrypto_LIBS"])
|
||||
AC_DEFINE([ENABLE_OPENSSL], [1], [Enable openssl for modinfo.])
|
||||
+ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <openssl/ssl.h>
|
||||
+ int nid = NID_sm3;]])], [
|
||||
+ AC_MSG_NOTICE([openssl supports sm3])
|
||||
+ ], [
|
||||
+ AC_MSG_NOTICE([openssl sm3 support not detected])
|
||||
+ CPPFLAGS="$CPPFLAGS -DOPENSSL_NO_SM3"
|
||||
+ ])
|
||||
], [
|
||||
AC_MSG_NOTICE([openssl support not requested])
|
||||
])
|
||||
--
|
||||
2.41.0
|
||||
|
||||
|
||||
From 4e7effbdc00307d0d1e83115e0d00cc75aae5cc6 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Suchanek <msuchanek@suse.de>
|
||||
Date: Tue, 18 Jul 2023 14:01:53 +0200
|
||||
Subject: [PATCH 2/6] man/depmod.d: Fix incorrect /usr/lib search path
|
||||
|
||||
depmod searches /lib/depmod.d but the man page says /usr/lib/depmod.d is
|
||||
searched. Align the documentation with the code.
|
||||
|
||||
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
|
||||
Link: https://lore.kernel.org/r/9c5a6356b1a111eb6e17ddb110494b7f1d1b44c0.1689681454.git.msuchanek@suse.de
|
||||
Signed-off-by: Lucas De Marchi <lucas.de.marchi@gmail.com>
|
||||
---
|
||||
man/depmod.d.xml | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/man/depmod.d.xml b/man/depmod.d.xml
|
||||
index 76548e9..8d3d821 100644
|
||||
--- a/man/depmod.d.xml
|
||||
+++ b/man/depmod.d.xml
|
||||
@@ -39,7 +39,7 @@
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
- <para><filename>/usr/lib/depmod.d/*.conf</filename></para>
|
||||
+ <para><filename>/lib/depmod.d/*.conf</filename></para>
|
||||
<para><filename>/usr/local/lib/depmod.d/*.conf</filename></para>
|
||||
<para><filename>/run/depmod.d/*.conf</filename></para>
|
||||
<para><filename>/etc/depmod.d/*.conf</filename></para>
|
||||
--
|
||||
2.41.0
|
||||
|
||||
|
||||
From 8463809f8a29b254b2cab2ce755641bc690f07c9 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Suchanek <msuchanek@suse.de>
|
||||
Date: Tue, 18 Jul 2023 14:01:54 +0200
|
||||
Subject: [PATCH 3/6] libkmod, depmod: Load modprobe.d, depmod.d from
|
||||
${prefix}/lib.
|
||||
|
||||
There is an ongoing effort to limit use of files outside of /usr (or
|
||||
${prefix} on general). Currently all modprobe.d paths are hardcoded to
|
||||
outside of $prefix. Teach kmod to load modprobe.d from ${prefix}/lib.
|
||||
|
||||
On some distributions /usr/lib and /lib are the same directory because
|
||||
of a compatibility symlink, and it is possible to craft configuration
|
||||
files with sideeffects that would behave differently when loaded twice.
|
||||
However, the override semantic ensures that one 'overrides' the other,
|
||||
and only one configuration file of the same name is loaded from any of
|
||||
the search directories.
|
||||
|
||||
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
|
||||
Link: https://lore.kernel.org/r/a290343ce32e2a3c25b134e4f27c13b26e06c9e0.1689681454.git.msuchanek@suse.de
|
||||
Signed-off-by: Lucas De Marchi <lucas.de.marchi@gmail.com>
|
||||
---
|
||||
Makefile.am | 1 +
|
||||
configure.ac | 5 +++++
|
||||
libkmod/libkmod.c | 7 ++++---
|
||||
man/Makefile.am | 9 +++++++--
|
||||
man/depmod.d.xml | 1 +
|
||||
man/modprobe.d.xml | 1 +
|
||||
tools/depmod.c | 1 +
|
||||
7 files changed, 20 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/Makefile.am b/Makefile.am
|
||||
index 5b7abfe..e6630a3 100644
|
||||
--- a/Makefile.am
|
||||
+++ b/Makefile.am
|
||||
@@ -19,6 +19,7 @@ AM_CPPFLAGS = \
|
||||
-include $(top_builddir)/config.h \
|
||||
-I$(top_srcdir) \
|
||||
-DSYSCONFDIR=\""$(sysconfdir)"\" \
|
||||
+ -DDISTCONFDIR=\""$(distconfdir)"\" \
|
||||
${zlib_CFLAGS}
|
||||
|
||||
AM_CFLAGS = $(OUR_CFLAGS)
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index e5bceea..fd88d1f 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -79,6 +79,10 @@ AC_COMPILE_IFELSE(
|
||||
# --with-
|
||||
#####################################################################
|
||||
|
||||
+AC_ARG_WITH([distconfdir], AS_HELP_STRING([--with-distconfdir=DIR], [directory to search for distribution configuration files]),
|
||||
+ [], [with_distconfdir='${prefix}/lib'])
|
||||
+AC_SUBST([distconfdir], [$with_distconfdir])
|
||||
+
|
||||
AC_ARG_WITH([rootlibdir],
|
||||
AS_HELP_STRING([--with-rootlibdir=DIR], [rootfs directory to install shared libraries]),
|
||||
[], [with_rootlibdir=$libdir])
|
||||
@@ -313,6 +317,7 @@ AC_MSG_RESULT([
|
||||
|
||||
prefix: ${prefix}
|
||||
sysconfdir: ${sysconfdir}
|
||||
+ distconfdir: ${distconfdir}
|
||||
libdir: ${libdir}
|
||||
rootlibdir: ${rootlibdir}
|
||||
includedir: ${includedir}
|
||||
diff --git a/libkmod/libkmod.c b/libkmod/libkmod.c
|
||||
index 1b8773c..57fac1c 100644
|
||||
--- a/libkmod/libkmod.c
|
||||
+++ b/libkmod/libkmod.c
|
||||
@@ -65,6 +65,7 @@ static const char *const default_config_paths[] = {
|
||||
SYSCONFDIR "/modprobe.d",
|
||||
"/run/modprobe.d",
|
||||
"/usr/local/lib/modprobe.d",
|
||||
+ DISTCONFDIR "/modprobe.d",
|
||||
"/lib/modprobe.d",
|
||||
NULL
|
||||
};
|
||||
@@ -272,9 +273,9 @@ static enum kmod_file_compression_type get_kernel_compression(struct kmod_ctx *c
|
||||
* to load from user-defined configuration parameters such as
|
||||
* alias, blacklists, commands (install, remove). If NULL
|
||||
* defaults to /etc/modprobe.d, /run/modprobe.d,
|
||||
- * /usr/local/lib/modprobe.d and /lib/modprobe.d. Give an empty
|
||||
- * vector if configuration should not be read. This array must
|
||||
- * be null terminated.
|
||||
+ * /usr/local/lib/modprobe.d, DISTCONFDIR/modprobe.d, and
|
||||
+ * /lib/modprobe.d. Give an empty vector if configuration should
|
||||
+ * not be read. This array must be null terminated.
|
||||
*
|
||||
* Create kmod library context. This reads the kmod configuration
|
||||
* and fills in the default values.
|
||||
diff --git a/man/Makefile.am b/man/Makefile.am
|
||||
index 11514d5..2fea8e4 100644
|
||||
--- a/man/Makefile.am
|
||||
+++ b/man/Makefile.am
|
||||
@@ -17,9 +17,14 @@ EXTRA_DIST = $(MAN5:%.5=%.xml) $(MAN8:%.8=%.xml)
|
||||
CLEANFILES = $(dist_man_MANS)
|
||||
|
||||
%.5 %.8: %.xml
|
||||
- $(AM_V_XSLT)$(XSLT) \
|
||||
+ $(AM_V_XSLT)if [ '$(distconfdir)' != '/lib' ] ; then \
|
||||
+ sed -e 's|@DISTCONFDIR@|$(distconfdir)|g' $< ; \
|
||||
+ else \
|
||||
+ sed -e '/@DISTCONFDIR@/d' $< ; \
|
||||
+ fi | \
|
||||
+ $(XSLT) \
|
||||
-o $@ \
|
||||
--nonet \
|
||||
--stringparam man.output.quietly 1 \
|
||||
--param funcsynopsis.style "'ansi'" \
|
||||
- http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $<
|
||||
+ http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl -
|
||||
diff --git a/man/depmod.d.xml b/man/depmod.d.xml
|
||||
index 8d3d821..f282a39 100644
|
||||
--- a/man/depmod.d.xml
|
||||
+++ b/man/depmod.d.xml
|
||||
@@ -40,6 +40,7 @@
|
||||
|
||||
<refsynopsisdiv>
|
||||
<para><filename>/lib/depmod.d/*.conf</filename></para>
|
||||
+ <para><filename>@DISTCONFDIR@/depmod.d/*.conf</filename></para>
|
||||
<para><filename>/usr/local/lib/depmod.d/*.conf</filename></para>
|
||||
<para><filename>/run/depmod.d/*.conf</filename></para>
|
||||
<para><filename>/etc/depmod.d/*.conf</filename></para>
|
||||
diff --git a/man/modprobe.d.xml b/man/modprobe.d.xml
|
||||
index 0ab3e91..2bf6537 100644
|
||||
--- a/man/modprobe.d.xml
|
||||
+++ b/man/modprobe.d.xml
|
||||
@@ -41,6 +41,7 @@
|
||||
|
||||
<refsynopsisdiv>
|
||||
<para><filename>/lib/modprobe.d/*.conf</filename></para>
|
||||
+ <para><filename>@DISTCONFDIR@/modprobe.d/*.conf</filename></para>
|
||||
<para><filename>/usr/local/lib/modprobe.d/*.conf</filename></para>
|
||||
<para><filename>/run/modprobe.d/*.conf</filename></para>
|
||||
<para><filename>/etc/modprobe.d/*.conf</filename></para>
|
||||
diff --git a/tools/depmod.c b/tools/depmod.c
|
||||
index 1d1d41d..630fef9 100644
|
||||
--- a/tools/depmod.c
|
||||
+++ b/tools/depmod.c
|
||||
@@ -54,6 +54,7 @@ static const char *const default_cfg_paths[] = {
|
||||
SYSCONFDIR "/depmod.d",
|
||||
"/run/depmod.d",
|
||||
"/usr/local/lib/depmod.d",
|
||||
+ DISTCONFDIR "/depmod.d",
|
||||
"/lib/depmod.d",
|
||||
NULL
|
||||
};
|
||||
--
|
||||
2.41.0
|
||||
|
||||
|
||||
From ecef7c131618bbd9c559924ecae55764089db0dd Mon Sep 17 00:00:00 2001
|
||||
From: Michal Suchanek <msuchanek@suse.de>
|
||||
Date: Tue, 18 Jul 2023 14:01:55 +0200
|
||||
Subject: [PATCH 4/6] kmod: Add pkgconfig file with kmod compile time
|
||||
configuration
|
||||
|
||||
Show distconfdir (where system configuration files are searched/to be
|
||||
installed), sysconfdir (where user configuration files are searched),
|
||||
module compressions, and module signatures supported.
|
||||
|
||||
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
|
||||
Link: https://lore.kernel.org/r/468b3f572d3b84f25bb53ec8fcb15ed4871914d4.1689681454.git.msuchanek@suse.de
|
||||
Signed-off-by: Lucas De Marchi <lucas.de.marchi@gmail.com>
|
||||
---
|
||||
Makefile.am | 2 +-
|
||||
configure.ac | 11 +++++++++++
|
||||
tools/kmod.pc.in | 9 +++++++++
|
||||
3 files changed, 21 insertions(+), 1 deletion(-)
|
||||
create mode 100644 tools/kmod.pc.in
|
||||
|
||||
diff --git a/Makefile.am b/Makefile.am
|
||||
index e6630a3..2a54c25 100644
|
||||
--- a/Makefile.am
|
||||
+++ b/Makefile.am
|
||||
@@ -96,7 +96,7 @@ libkmod_libkmod_internal_la_DEPENDENCIES = $(libkmod_libkmod_la_DEPENDENCIES)
|
||||
libkmod_libkmod_internal_la_LIBADD = $(libkmod_libkmod_la_LIBADD)
|
||||
|
||||
pkgconfigdir = $(libdir)/pkgconfig
|
||||
-pkgconfig_DATA = libkmod/libkmod.pc
|
||||
+pkgconfig_DATA = libkmod/libkmod.pc tools/kmod.pc
|
||||
|
||||
bashcompletiondir=@bashcompletiondir@
|
||||
dist_bashcompletion_DATA = \
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index fd88d1f..7bf8d78 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -21,6 +21,9 @@ LT_INIT([disable-static pic-only])
|
||||
AS_IF([test "x$enable_static" = "xyes"], [AC_MSG_ERROR([--enable-static is not supported by kmod])])
|
||||
AS_IF([test "x$enable_largefile" = "xno"], [AC_MSG_ERROR([--disable-largefile is not supported by kmod])])
|
||||
|
||||
+module_compressions=""
|
||||
+module_signatures="legacy"
|
||||
+
|
||||
#####################################################################
|
||||
# Program checks and configurations
|
||||
#####################################################################
|
||||
@@ -94,6 +97,7 @@ AC_ARG_WITH([zstd],
|
||||
AS_IF([test "x$with_zstd" != "xno"], [
|
||||
PKG_CHECK_MODULES([libzstd], [libzstd >= 1.4.4], [LIBS="$LIBS $libzstd_LIBS"])
|
||||
AC_DEFINE([ENABLE_ZSTD], [1], [Enable Zstandard for modules.])
|
||||
+ module_compressions="zstd $module_compressions"
|
||||
], [
|
||||
AC_MSG_NOTICE([Zstandard support not requested])
|
||||
])
|
||||
@@ -105,6 +109,7 @@ AC_ARG_WITH([xz],
|
||||
AS_IF([test "x$with_xz" != "xno"], [
|
||||
PKG_CHECK_MODULES([liblzma], [liblzma >= 4.99], [LIBS="$LIBS $liblzma_LIBS"])
|
||||
AC_DEFINE([ENABLE_XZ], [1], [Enable Xz for modules.])
|
||||
+ module_compressions="xz $module_compressions"
|
||||
], [
|
||||
AC_MSG_NOTICE([Xz support not requested])
|
||||
])
|
||||
@@ -116,6 +121,7 @@ AC_ARG_WITH([zlib],
|
||||
AS_IF([test "x$with_zlib" != "xno"], [
|
||||
PKG_CHECK_MODULES([zlib], [zlib], [LIBS="$LIBS $zlib_LIBS"])
|
||||
AC_DEFINE([ENABLE_ZLIB], [1], [Enable zlib for modules.])
|
||||
+ module_compressions="gzip $module_compressions"
|
||||
], [
|
||||
AC_MSG_NOTICE([zlib support not requested])
|
||||
])
|
||||
@@ -134,6 +140,7 @@ AS_IF([test "x$with_openssl" != "xno"], [
|
||||
AC_MSG_NOTICE([openssl sm3 support not detected])
|
||||
CPPFLAGS="$CPPFLAGS -DOPENSSL_NO_SM3"
|
||||
])
|
||||
+ module_signatures="PKCS7 $module_signatures"
|
||||
], [
|
||||
AC_MSG_NOTICE([openssl support not requested])
|
||||
])
|
||||
@@ -298,6 +305,9 @@ AC_DEFINE_UNQUOTED(KMOD_FEATURES, ["$with_features"], [Features in this build])
|
||||
# Generate files from *.in
|
||||
#####################################################################
|
||||
|
||||
+AC_SUBST([module_compressions], $module_compressions)
|
||||
+AC_SUBST([module_signatures], $module_signatures)
|
||||
+
|
||||
AC_CONFIG_FILES([
|
||||
Makefile
|
||||
man/Makefile
|
||||
@@ -305,6 +315,7 @@ AC_CONFIG_FILES([
|
||||
libkmod/docs/version.xml
|
||||
libkmod/libkmod.pc
|
||||
libkmod/python/kmod/version.py
|
||||
+ tools/kmod.pc
|
||||
])
|
||||
|
||||
|
||||
diff --git a/tools/kmod.pc.in b/tools/kmod.pc.in
|
||||
new file mode 100644
|
||||
index 0000000..2595980
|
||||
--- /dev/null
|
||||
+++ b/tools/kmod.pc.in
|
||||
@@ -0,0 +1,9 @@
|
||||
+prefix=@prefix@
|
||||
+sysconfdir=@sysconfdir@
|
||||
+distconfdir=@distconfdir@
|
||||
+module_compressions=@module_compressions@
|
||||
+module_signatures=@module_signatures@
|
||||
+
|
||||
+Name: kmod
|
||||
+Description: Tools to deal with kernel modules
|
||||
+Version: @VERSION@
|
||||
--
|
||||
2.41.0
|
||||
|
||||
|
||||
From 3af2f475b0b729f20279f2ce488cc9f727f0b763 Mon Sep 17 00:00:00 2001
|
||||
From: Sam James <sam@gentoo.org>
|
||||
Date: Sun, 5 Nov 2023 22:02:25 +0000
|
||||
Subject: [PATCH 5/6] tools: depmod: fix -Walloc-size
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
GCC 14 introduces a new -Walloc-size included in -Wextra which gives:
|
||||
```
|
||||
tools/depmod.c:192:14: warning: allocation of insufficient size ‘1’ for type ‘struct index_node’ with size ‘1048’ [-Walloc-size]
|
||||
tools/depmod.c:255:11: warning: allocation of insufficient size ‘1’ for type ‘struct index_value’ with size ‘16’ [-Walloc-size]
|
||||
tools/depmod.c:286:35: warning: allocation of insufficient size ‘1’ for type ‘struct index_node’ with size ‘1048’ [-Walloc-size]
|
||||
tools/depmod.c:315:44: warning: allocation of insufficient size ‘1’ for type ‘struct index_node’ with size ‘1048’ [-Walloc-size]
|
||||
```
|
||||
|
||||
The calloc prototype is:
|
||||
```
|
||||
void *calloc(size_t nmemb, size_t size);
|
||||
```
|
||||
|
||||
So, just swap the number of members and size arguments to match the prototype, as
|
||||
we're initialising 1 struct of size `sizeof(struct ...)`. GCC then sees we're not
|
||||
doing anything wrong.
|
||||
|
||||
Signed-off-by: Sam James <sam@gentoo.org>
|
||||
---
|
||||
tools/depmod.c | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/tools/depmod.c b/tools/depmod.c
|
||||
index 630fef9..ab8513b 100644
|
||||
--- a/tools/depmod.c
|
||||
+++ b/tools/depmod.c
|
||||
@@ -190,7 +190,7 @@ static struct index_node *index_create(void)
|
||||
{
|
||||
struct index_node *node;
|
||||
|
||||
- node = NOFAIL(calloc(sizeof(struct index_node), 1));
|
||||
+ node = NOFAIL(calloc(1, sizeof(struct index_node)));
|
||||
node->prefix = NOFAIL(strdup(""));
|
||||
node->first = INDEX_CHILDMAX;
|
||||
|
||||
@@ -253,7 +253,7 @@ static int index_add_value(struct index_value **values,
|
||||
values = &(*values)->next;
|
||||
|
||||
len = strlen(value);
|
||||
- v = NOFAIL(calloc(sizeof(struct index_value) + len + 1, 1));
|
||||
+ v = NOFAIL(calloc(1, sizeof(struct index_value) + len + 1));
|
||||
v->next = *values;
|
||||
v->priority = priority;
|
||||
memcpy(v->value, value, len + 1);
|
||||
@@ -284,7 +284,7 @@ static int index_insert(struct index_node *node, const char *key,
|
||||
struct index_node *n;
|
||||
|
||||
/* New child is copy of node with prefix[j+1..N] */
|
||||
- n = NOFAIL(calloc(sizeof(struct index_node), 1));
|
||||
+ n = NOFAIL(calloc(1, sizeof(struct index_node)));
|
||||
memcpy(n, node, sizeof(struct index_node));
|
||||
n->prefix = NOFAIL(strdup(&prefix[j+1]));
|
||||
|
||||
@@ -313,7 +313,7 @@ static int index_insert(struct index_node *node, const char *key,
|
||||
node->first = ch;
|
||||
if (ch > node->last)
|
||||
node->last = ch;
|
||||
- node->children[ch] = NOFAIL(calloc(sizeof(struct index_node), 1));
|
||||
+ node->children[ch] = NOFAIL(calloc(1, sizeof(struct index_node)));
|
||||
|
||||
child = node->children[ch];
|
||||
child->prefix = NOFAIL(strdup(&key[i+1]));
|
||||
--
|
||||
2.41.0
|
||||
|
||||
|
||||
From 510c8b7f7455c6613dd1706e5e41ec7b09cf6703 Mon Sep 17 00:00:00 2001
|
||||
From: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
|
||||
Date: Sun, 29 Oct 2023 03:03:19 +0200
|
||||
Subject: [PATCH 6/6] libkmod: remove pkcs7 obj_to_hash_algo()
|
||||
|
||||
Switch to using OBJ_obj2txt() to calculate and print the pkcs7
|
||||
signature hash name. This eliminates the need to duplicate libcrypto
|
||||
NID to name mapping, detect SM3 openssl compile-time support, and
|
||||
enables using any hashes that openssl and kernel know about. For
|
||||
example SHA3 are being added for v6.7 and with this patch are
|
||||
automatically supported.
|
||||
|
||||
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
|
||||
Link: https://lore.kernel.org/r/20231029010319.157390-1-dimitri.ledkov@canonical.com
|
||||
---
|
||||
configure.ac | 7 -----
|
||||
libkmod/libkmod-signature.c | 59 +++++++++++++------------------------
|
||||
2 files changed, 20 insertions(+), 46 deletions(-)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 7bf8d78..a6b8fa0 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -133,13 +133,6 @@ AC_ARG_WITH([openssl],
|
||||
AS_IF([test "x$with_openssl" != "xno"], [
|
||||
PKG_CHECK_MODULES([libcrypto], [libcrypto >= 1.1.0], [LIBS="$LIBS $libcrypto_LIBS"])
|
||||
AC_DEFINE([ENABLE_OPENSSL], [1], [Enable openssl for modinfo.])
|
||||
- AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <openssl/ssl.h>
|
||||
- int nid = NID_sm3;]])], [
|
||||
- AC_MSG_NOTICE([openssl supports sm3])
|
||||
- ], [
|
||||
- AC_MSG_NOTICE([openssl sm3 support not detected])
|
||||
- CPPFLAGS="$CPPFLAGS -DOPENSSL_NO_SM3"
|
||||
- ])
|
||||
module_signatures="PKCS7 $module_signatures"
|
||||
], [
|
||||
AC_MSG_NOTICE([openssl support not requested])
|
||||
diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
|
||||
index b749a81..80f6447 100644
|
||||
--- a/libkmod/libkmod-signature.c
|
||||
+++ b/libkmod/libkmod-signature.c
|
||||
@@ -127,6 +127,7 @@ struct pkcs7_private {
|
||||
PKCS7 *pkcs7;
|
||||
unsigned char *key_id;
|
||||
BIGNUM *sno;
|
||||
+ char *hash_algo;
|
||||
};
|
||||
|
||||
static void pkcs7_free(void *s)
|
||||
@@ -137,42 +138,11 @@ static void pkcs7_free(void *s)
|
||||
PKCS7_free(pvt->pkcs7);
|
||||
BN_free(pvt->sno);
|
||||
free(pvt->key_id);
|
||||
+ free(pvt->hash_algo);
|
||||
free(pvt);
|
||||
si->private = NULL;
|
||||
}
|
||||
|
||||
-static int obj_to_hash_algo(const ASN1_OBJECT *o)
|
||||
-{
|
||||
- int nid;
|
||||
-
|
||||
- nid = OBJ_obj2nid(o);
|
||||
- switch (nid) {
|
||||
- case NID_md4:
|
||||
- return PKEY_HASH_MD4;
|
||||
- case NID_md5:
|
||||
- return PKEY_HASH_MD5;
|
||||
- case NID_sha1:
|
||||
- return PKEY_HASH_SHA1;
|
||||
- case NID_ripemd160:
|
||||
- return PKEY_HASH_RIPE_MD_160;
|
||||
- case NID_sha256:
|
||||
- return PKEY_HASH_SHA256;
|
||||
- case NID_sha384:
|
||||
- return PKEY_HASH_SHA384;
|
||||
- case NID_sha512:
|
||||
- return PKEY_HASH_SHA512;
|
||||
- case NID_sha224:
|
||||
- return PKEY_HASH_SHA224;
|
||||
-# ifndef OPENSSL_NO_SM3
|
||||
- case NID_sm3:
|
||||
- return PKEY_HASH_SM3;
|
||||
-# endif
|
||||
- default:
|
||||
- return -1;
|
||||
- }
|
||||
- return -1;
|
||||
-}
|
||||
-
|
||||
static const char *x509_name_to_str(X509_NAME *name)
|
||||
{
|
||||
int i;
|
||||
@@ -219,7 +189,8 @@ static bool fill_pkcs7(const char *mem, off_t size,
|
||||
unsigned char *key_id_str;
|
||||
struct pkcs7_private *pvt;
|
||||
const char *issuer_str;
|
||||
- int hash_algo;
|
||||
+ char *hash_algo;
|
||||
+ int hash_algo_len;
|
||||
|
||||
size -= sig_len;
|
||||
pkcs7_raw = mem + size;
|
||||
@@ -278,27 +249,37 @@ static bool fill_pkcs7(const char *mem, off_t size,
|
||||
|
||||
X509_ALGOR_get0(&o, NULL, NULL, dig_alg);
|
||||
|
||||
- hash_algo = obj_to_hash_algo(o);
|
||||
- if (hash_algo < 0)
|
||||
+ // Use OBJ_obj2txt to calculate string length
|
||||
+ hash_algo_len = OBJ_obj2txt(NULL, 0, o, 0);
|
||||
+ if (hash_algo_len < 0)
|
||||
goto err3;
|
||||
- sig_info->hash_algo = pkey_hash_algo[hash_algo];
|
||||
- // hash algo has not been recognized
|
||||
- if (sig_info->hash_algo == NULL)
|
||||
+ hash_algo = malloc(hash_algo_len + 1);
|
||||
+ if (hash_algo == NULL)
|
||||
goto err3;
|
||||
+ hash_algo_len = OBJ_obj2txt(hash_algo, hash_algo_len + 1, o, 0);
|
||||
+ if (hash_algo_len < 0)
|
||||
+ goto err4;
|
||||
+
|
||||
+ // Assign libcrypto hash algo string or number
|
||||
+ sig_info->hash_algo = hash_algo;
|
||||
+
|
||||
sig_info->id_type = pkey_id_type[modsig->id_type];
|
||||
|
||||
pvt = malloc(sizeof(*pvt));
|
||||
if (pvt == NULL)
|
||||
- goto err3;
|
||||
+ goto err4;
|
||||
|
||||
pvt->pkcs7 = pkcs7;
|
||||
pvt->key_id = key_id_str;
|
||||
pvt->sno = sno_bn;
|
||||
+ pvt->hash_algo = hash_algo;
|
||||
sig_info->private = pvt;
|
||||
|
||||
sig_info->free = pkcs7_free;
|
||||
|
||||
return true;
|
||||
+err4:
|
||||
+ free(hash_algo);
|
||||
err3:
|
||||
free(key_id_str);
|
||||
err2:
|
||||
--
|
||||
2.41.0
|
||||
|
Loading…
Reference in New Issue
Block a user