.gitignore

@@ -1 +1 @@
-SOURCES/kmod-25.tar.xz
+SOURCES/kmod-28.tar.xz

.kmod.metadata

@@ -1 +1 @@
-761ee76bc31f5db10d470dad607a5f9d68acef68 SOURCES/kmod-25.tar.xz
+0acec2b6aea3e6eb71f0b549b0ff0abcac5da004 SOURCES/kmod-28.tar.xz

SOURCES/0001-depmod-prevent-module-dependency-files-missing-durin.patch

@@ -1,33 +0,0 @@
-From c2996b5fa880e81f63c25e80a4157b2239e32c5d Mon Sep 17 00:00:00 2001
-From: Michal Suchanek <msuchanek@suse.de>
-Date: Mon, 10 Dec 2018 22:29:32 +0100
-Subject: [PATCH 1/2] depmod: prevent module dependency files missing during
- depmod invocation
-
-depmod deletes the module dependency files before moving the temporary
-files in their place. This results in user seeing no dependency files
-while they are updated. Remove the unlink call. The rename call should
-suffice to move the new file in place and unlink the old one. It should
-also do both atomically so there is no window when no dependency file
-exists.
-
-Signed-off-by: Michal Suchanek <msuchanek@suse.de>
----
- tools/depmod.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/tools/depmod.c b/tools/depmod.c
-index 989d9077926c..18c0d61b2db3 100644
---- a/tools/depmod.c
-+++ b/tools/depmod.c
-@@ -2451,7 +2451,6 @@ static int depmod_output(struct depmod *depmod, FILE *out)
- 			break;
- 		}
- 
--		unlinkat(dfd, itr->name, 0);
- 		if (renameat(dfd, tmp, dfd, itr->name) != 0) {
- 			err = -errno;
- 			CRIT("renameat(%s, %s, %s, %s): %m\n",
--- 
-2.33.0
-

SOURCES/0002-depmod-prevent-module-dependency-files-corruption-du.patch

@@ -1,62 +0,0 @@
-From a06bacf500d56b72b5f9b121ebf7f6af9e3df185 Mon Sep 17 00:00:00 2001
-From: Michal Suchanek <msuchanek@suse.de>
-Date: Mon, 17 Dec 2018 23:46:28 +0100
-Subject: [PATCH 2/2] depmod: prevent module dependency files corruption due to
- parallel invocation.
-
-Depmod does not use unique filename for temporary files. There is no
-guarantee the user does not attempt to run mutiple depmod processes in
-parallel. If that happens a temporary file might be created by
-depmod(1st), truncated by depmod(2nd), and renamed to final name by
-depmod(1st) resulting in corrupted file seen by user.
-
-Due to missing mkstempat() this is more complex than it should be.
-Adding PID and timestamp to the filename should be reasonably reliable.
-Adding O_EXCL as mkstemp does fails creating the file rather than
-corrupting existing file.
-
-Signed-off-by: Michal Suchanek <msuchanek@suse.de>
----
- tools/depmod.c | 9 +++++++--
- 1 file changed, 7 insertions(+), 2 deletions(-)
-
-diff --git a/tools/depmod.c b/tools/depmod.c
-index 18c0d61b2db3..0f7e33ccfd59 100644
---- a/tools/depmod.c
-+++ b/tools/depmod.c
-@@ -29,6 +29,7 @@
- #include <string.h>
- #include <unistd.h>
- #include <sys/stat.h>
-+#include <sys/time.h>
- #include <sys/utsname.h>
- 
- #include <shared/array.h>
-@@ -2398,6 +2399,9 @@ static int depmod_output(struct depmod *depmod, FILE *out)
- 	};
- 	const char *dname = depmod->cfg->dirname;
- 	int dfd, err = 0;
-+	struct timeval tv;
-+
-+	gettimeofday(&tv, NULL);
- 
- 	if (out != NULL)
- 		dfd = -1;
-@@ -2416,11 +2420,12 @@ static int depmod_output(struct depmod *depmod, FILE *out)
- 		int r, ferr;
- 
- 		if (fp == NULL) {
--			int flags = O_CREAT | O_TRUNC | O_WRONLY;
-+			int flags = O_CREAT | O_EXCL | O_WRONLY;
- 			int mode = 0644;
- 			int fd;
- 
--			snprintf(tmp, sizeof(tmp), "%s.tmp", itr->name);
-+			snprintf(tmp, sizeof(tmp), "%s.%i.%li.%li", itr->name, getpid(),
-+					tv.tv_usec, tv.tv_sec);
- 			fd = openat(dfd, tmp, flags, mode);
- 			if (fd < 0) {
- 				ERR("openat(%s, %s, %o, %o): %m\n",
--- 
-2.33.0
-

SOURCES/kmod-libkmod-signature-implement-pkcs7-parsing-with-opens.patch

@@ -1,328 +0,0 @@
-From 391b4714b495183baefa9cb10ac8e1600c166a59 Mon Sep 17 00:00:00 2001
-From: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
-Date: Fri, 1 Feb 2019 22:20:02 +0200
-Subject: [PATCH] libkmod-signature: implement pkcs7 parsing with openssl
-
-The patch adds data fetching from the PKCS#7 certificate using
-openssl library (which is used by scripts/sign-file.c in the linux
-kernel to sign modules).
-
-In general the certificate can contain many signatures, but since
-kmod (modinfo) supports only one signature at the moment, only first
-one is taken.
-
-With the current sign-file.c certificate doesn't contain signer
-key's fingerprint, so "serial number" is used for the key id.
-
-Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
----
- Makefile.am                 |   4 +-
- configure.ac                |  11 ++
- libkmod/libkmod-internal.h  |   3 +
- libkmod/libkmod-module.c    |   3 +
- libkmod/libkmod-signature.c | 197 +++++++++++++++++++++++++++++++++++-
- 5 files changed, 213 insertions(+), 5 deletions(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index 1ab1db585316..de1026f8bd46 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -35,6 +35,8 @@ SED_PROCESS = \
- 	-e 's,@liblzma_LIBS\@,${liblzma_LIBS},g' \
- 	-e 's,@zlib_CFLAGS\@,${zlib_CFLAGS},g' \
- 	-e 's,@zlib_LIBS\@,${zlib_LIBS},g' \
-+	-e 's,@openssl_CFLAGS\@,${openssl_CFLAGS},g' \
-+	-e 's,@openssl_LIBS\@,${openssl_LIBS},g' \
- 	< $< > $@ || rm $@
- 
- %.pc: %.pc.in Makefile
-@@ -87,7 +89,7 @@ libkmod_libkmod_la_DEPENDENCIES = \
- 	${top_srcdir}/libkmod/libkmod.sym
- libkmod_libkmod_la_LIBADD = \
- 	shared/libshared.la \
--	${liblzma_LIBS} ${zlib_LIBS}
-+	${liblzma_LIBS} ${zlib_LIBS} ${openssl_LIBS}
- 
- noinst_LTLIBRARIES += libkmod/libkmod-internal.la
- libkmod_libkmod_internal_la_SOURCES = $(libkmod_libkmod_la_SOURCES)
-diff --git a/configure.ac b/configure.ac
-index fbc7391b2d1b..2e33380a0cc2 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -106,6 +106,17 @@ AS_IF([test "x$with_zlib" != "xno"], [
- ])
- CC_FEATURE_APPEND([with_features], [with_zlib], [ZLIB])
- 
-+AC_ARG_WITH([openssl],
-+	AS_HELP_STRING([--with-openssl], [handle PKCS7 signatures @<:@default=disabled@:>@]),
-+	[], [with_openssl=no])
-+AS_IF([test "x$with_openssl" != "xno"], [
-+	PKG_CHECK_MODULES([openssl], [openssl])
-+	AC_DEFINE([ENABLE_OPENSSL], [1], [Enable openssl for modinfo.])
-+], [
-+	AC_MSG_NOTICE([openssl support not requested])
-+])
-+CC_FEATURE_APPEND([with_features], [with_openssl], [OPENSSL])
-+
- AC_ARG_WITH([bashcompletiondir],
- 	AS_HELP_STRING([--with-bashcompletiondir=DIR], [Bash completions directory]),
- 	[],
-diff --git a/libkmod/libkmod-internal.h b/libkmod/libkmod-internal.h
-index 346579c71aab..a65ddd156f18 100644
---- a/libkmod/libkmod-internal.h
-+++ b/libkmod/libkmod-internal.h
-@@ -188,5 +188,8 @@ struct kmod_signature_info {
- 	const char *algo, *hash_algo, *id_type;
- 	const char *sig;
- 	size_t sig_len;
-+	void (*free)(void *);
-+	void *private;
- };
- bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signature_info *sig_info) _must_check_ __attribute__((nonnull(1, 2)));
-+void kmod_module_signature_info_free(struct kmod_signature_info *sig_info) __attribute__((nonnull));
-diff --git a/libkmod/libkmod-module.c b/libkmod/libkmod-module.c
-index 889f26479a98..bffe715cdef4 100644
---- a/libkmod/libkmod-module.c
-+++ b/libkmod/libkmod-module.c
-@@ -2357,6 +2357,9 @@ KMOD_EXPORT int kmod_module_get_info(const struct kmod_module *mod, struct kmod_
- 	ret = count;
- 
- list_error:
-+	/* aux structures freed in normal case also */
-+	kmod_module_signature_info_free(&sig_info);
-+
- 	if (ret < 0) {
- 		kmod_module_info_free_list(*list);
- 		*list = NULL;
-diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
-index 429ffbd8a957..48d0145a7552 100644
---- a/libkmod/libkmod-signature.c
-+++ b/libkmod/libkmod-signature.c
-@@ -19,6 +19,10 @@
- 
- #include <endian.h>
- #include <inttypes.h>
-+#ifdef ENABLE_OPENSSL
-+#include <openssl/cms.h>
-+#include <openssl/ssl.h>
-+#endif
- #include <stdio.h>
- #include <stdlib.h>
- #include <string.h>
-@@ -115,15 +119,194 @@ static bool fill_default(const char *mem, off_t size,
- 	return true;
- }
- 
--static bool fill_unknown(const char *mem, off_t size,
--			 const struct module_signature *modsig, size_t sig_len,
--			 struct kmod_signature_info *sig_info)
-+#ifdef ENABLE_OPENSSL
-+
-+struct pkcs7_private {
-+	CMS_ContentInfo *cms;
-+	unsigned char *key_id;
-+	BIGNUM *sno;
-+};
-+
-+static void pkcs7_free(void *s)
-+{
-+	struct kmod_signature_info *si = s;
-+	struct pkcs7_private *pvt = si->private;
-+
-+	CMS_ContentInfo_free(pvt->cms);
-+	BN_free(pvt->sno);
-+	free(pvt->key_id);
-+	free(pvt);
-+	si->private = NULL;
-+}
-+
-+static int obj_to_hash_algo(const ASN1_OBJECT *o)
-+{
-+	int nid;
-+
-+	nid = OBJ_obj2nid(o);
-+	switch (nid) {
-+	case NID_md4:
-+		return PKEY_HASH_MD4;
-+	case NID_md5:
-+		return PKEY_HASH_MD5;
-+	case NID_sha1:
-+		return PKEY_HASH_SHA1;
-+	case NID_ripemd160:
-+		return PKEY_HASH_RIPE_MD_160;
-+	case NID_sha256:
-+		return PKEY_HASH_SHA256;
-+	case NID_sha384:
-+		return PKEY_HASH_SHA384;
-+	case NID_sha512:
-+		return PKEY_HASH_SHA512;
-+	case NID_sha224:
-+		return PKEY_HASH_SHA224;
-+	default:
-+		return -1;
-+	}
-+	return -1;
-+}
-+
-+static const char *x509_name_to_str(X509_NAME *name)
-+{
-+	int i;
-+	X509_NAME_ENTRY *e;
-+	ASN1_STRING *d;
-+	ASN1_OBJECT *o;
-+	int nid = -1;
-+	const char *str;
-+
-+	for (i = 0; i < X509_NAME_entry_count(name); i++) {
-+		e = X509_NAME_get_entry(name, i);
-+		o = X509_NAME_ENTRY_get_object(e);
-+		nid = OBJ_obj2nid(o);
-+		if (nid == NID_commonName)
-+			break;
-+	}
-+	if (nid == -1)
-+		return NULL;
-+
-+	d = X509_NAME_ENTRY_get_data(e);
-+	str = (const char *)ASN1_STRING_get0_data(d);
-+
-+	return str;
-+}
-+
-+static bool fill_pkcs7(const char *mem, off_t size,
-+		       const struct module_signature *modsig, size_t sig_len,
-+		       struct kmod_signature_info *sig_info)
-+{
-+	const char *pkcs7_raw;
-+	CMS_ContentInfo *cms;
-+	STACK_OF(CMS_SignerInfo) *sis;
-+	CMS_SignerInfo *si;
-+	int rc;
-+	ASN1_OCTET_STRING *key_id;
-+	X509_NAME *issuer;
-+	ASN1_INTEGER *sno;
-+	ASN1_OCTET_STRING *sig;
-+	BIGNUM *sno_bn;
-+	X509_ALGOR *dig_alg;
-+	X509_ALGOR *sig_alg;
-+	const ASN1_OBJECT *o;
-+	BIO *in;
-+	int len;
-+	unsigned char *key_id_str;
-+	struct pkcs7_private *pvt;
-+	const char *issuer_str;
-+
-+	size -= sig_len;
-+	pkcs7_raw = mem + size;
-+
-+	in = BIO_new_mem_buf(pkcs7_raw, sig_len);
-+
-+	cms = d2i_CMS_bio(in, NULL);
-+	if (cms == NULL) {
-+		BIO_free(in);
-+		return false;
-+	}
-+
-+	BIO_free(in);
-+
-+	sis = CMS_get0_SignerInfos(cms);
-+	if (sis == NULL)
-+		goto err;
-+
-+	si = sk_CMS_SignerInfo_value(sis, 0);
-+	if (si == NULL)
-+		goto err;
-+
-+	rc = CMS_SignerInfo_get0_signer_id(si, &key_id, &issuer, &sno);
-+	if (rc == 0)
-+		goto err;
-+
-+	sig = CMS_SignerInfo_get0_signature(si);
-+	if (sig == NULL)
-+		goto err;
-+
-+	CMS_SignerInfo_get0_algs(si, NULL, NULL, &dig_alg, &sig_alg);
-+
-+	sig_info->sig = (const char *)ASN1_STRING_get0_data(sig);
-+	sig_info->sig_len = ASN1_STRING_length(sig);
-+
-+	sno_bn = ASN1_INTEGER_to_BN(sno, NULL);
-+	if (sno_bn == NULL)
-+		goto err;
-+
-+	len = BN_num_bytes(sno_bn);
-+	key_id_str = malloc(len);
-+	if (key_id_str == NULL)
-+		goto err2;
-+	BN_bn2bin(sno_bn, key_id_str);
-+
-+	sig_info->key_id = (const char *)key_id_str;
-+	sig_info->key_id_len = len;
-+
-+	issuer_str = x509_name_to_str(issuer);
-+	if (issuer_str != NULL) {
-+		sig_info->signer = issuer_str;
-+		sig_info->signer_len = strlen(issuer_str);
-+	}
-+
-+	X509_ALGOR_get0(&o, NULL, NULL, dig_alg);
-+
-+	sig_info->hash_algo = pkey_hash_algo[obj_to_hash_algo(o)];
-+	sig_info->id_type = pkey_id_type[modsig->id_type];
-+
-+	pvt = malloc(sizeof(*pvt));
-+	if (pvt == NULL)
-+		goto err3;
-+
-+	pvt->cms = cms;
-+	pvt->key_id = key_id_str;
-+	pvt->sno = sno_bn;
-+	sig_info->private = pvt;
-+
-+	sig_info->free = pkcs7_free;
-+
-+	return true;
-+err3:
-+	free(key_id_str);
-+err2:
-+	BN_free(sno_bn);
-+err:
-+	CMS_ContentInfo_free(cms);
-+	return false;
-+}
-+
-+#else /* ENABLE OPENSSL */
-+
-+static bool fill_pkcs7(const char *mem, off_t size,
-+		       const struct module_signature *modsig, size_t sig_len,
-+		       struct kmod_signature_info *sig_info)
- {
- 	sig_info->hash_algo = "unknown";
- 	sig_info->id_type = pkey_id_type[modsig->id_type];
- 	return true;
- }
- 
-+#endif /* ENABLE OPENSSL */
-+
- #define SIG_MAGIC "~Module signature appended~\n"
- 
- /*
-@@ -167,8 +350,14 @@ bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signat
- 
- 	switch (modsig->id_type) {
- 	case PKEY_ID_PKCS7:
--		return fill_unknown(mem, size, modsig, sig_len, sig_info);
-+		return fill_pkcs7(mem, size, modsig, sig_len, sig_info);
- 	default:
- 		return fill_default(mem, size, modsig, sig_len, sig_info);
- 	}
- }
-+
-+void kmod_module_signature_info_free(struct kmod_signature_info *sig_info)
-+{
-+	if (sig_info->free)
-+		sig_info->free(sig_info);
-+}
--- 
-2.20.1
-

SOURCES/kmod-modprobe-ignore-builtin-module-on-recursive-removing.patch

@@ -1,83 +0,0 @@
-From 52a0ba82e1ad180f9f91920db70a758fac49466a Mon Sep 17 00:00:00 2001
-From: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
-Date: Thu, 31 Oct 2019 20:12:53 +0200
-Subject: [PATCH] modprobe: ignore builtin module on recursive removing
-
-If there are built-in dependencies and any of them is built-in in
-the kernel, modprobe -r fails with
-
-modprobe: FATAL: Module module_name is builtin.
-
-It makes sense to ignore such dependencies for the case when
-removing is called for non-top level module.
-
-Example: cifs module, it declares bunch of softdeps and the first
-one fails on some kernel configs:
-
-modprobe: FATAL: Module gcm is builtin.
-
-Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
----
- tools/modprobe.c | 18 ++++++++++++------
- 1 file changed, 12 insertions(+), 6 deletions(-)
-
-diff --git a/tools/modprobe.c b/tools/modprobe.c
-index a9e2331567af..44cd15c2bf57 100644
---- a/tools/modprobe.c
-+++ b/tools/modprobe.c
-@@ -353,7 +353,8 @@ static int rmmod_do_remove_module(struct kmod_module *mod)
- 	return err;
- }
- 
--static int rmmod_do_module(struct kmod_module *mod, bool do_dependencies);
-+static int rmmod_do_module(struct kmod_module *mod, bool do_dependencies,
-+			   bool ignore_builtin);
- 
- static int rmmod_do_deps_list(struct kmod_list *list, bool stop_on_errors)
- {
-@@ -361,7 +362,7 @@ static int rmmod_do_deps_list(struct kmod_list *list, bool stop_on_errors)
- 
- 	kmod_list_foreach_reverse(l, list) {
- 		struct kmod_module *m = kmod_module_get_module(l);
--		int r = rmmod_do_module(m, false);
-+		int r = rmmod_do_module(m, false, true);
- 		kmod_module_unref(m);
- 
- 		if (r < 0 && stop_on_errors)
-@@ -371,7 +372,8 @@ static int rmmod_do_deps_list(struct kmod_list *list, bool stop_on_errors)
- 	return 0;
- }
- 
--static int rmmod_do_module(struct kmod_module *mod, bool do_dependencies)
-+static int rmmod_do_module(struct kmod_module *mod, bool do_dependencies,
-+			   bool ignore_builtin)
- {
- 	const char *modname = kmod_module_get_name(mod);
- 	struct kmod_list *pre = NULL, *post = NULL;
-@@ -401,8 +403,12 @@ static int rmmod_do_module(struct kmod_module *mod, bool do_dependencies)
- 			}
- 			goto error;
- 		} else if (state == KMOD_MODULE_BUILTIN) {
--			LOG("Module %s is builtin.\n", modname);
--			err = -ENOENT;
-+			if (ignore_builtin) {
-+				err = 0;
-+			} else {
-+				LOG("Module %s is builtin.\n", modname);
-+				err = -ENOENT;
-+			}
- 			goto error;
- 		}
- 	}
-@@ -462,7 +468,7 @@ static int rmmod(struct kmod_ctx *ctx, const char *alias)
- 
- 	kmod_list_foreach(l, list) {
- 		struct kmod_module *mod = kmod_module_get_module(l);
--		err = rmmod_do_module(mod, true);
-+		err = rmmod_do_module(mod, true, false);
- 		kmod_module_unref(mod);
- 		if (err < 0)
- 			break;
--- 
-2.24.0
-

SOURCES/kmod-signature-do-not-report-wrong-data-for-pkc-7-signatu.patch

@@ -1,116 +0,0 @@
-From a11057201ed326a9e65e757202da960735e45799 Mon Sep 17 00:00:00 2001
-From: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
-Date: Fri, 16 Nov 2018 10:56:34 +0200
-Subject: [PATCH] signature: do not report wrong data for pkc#7 signature
-
-when PKC#7 signing method is used the old structure doesn't contain
-any useful data, but the data are encoded in the certificate.
-
-The info getting/showing code is not aware of that at the moment and
-since 0 is a valid constant, shows, for example, wrong "md4" for the
-hash algo.
-
-The patch splits the 2 mothods of gethering the info and reports
-"unknown" for the algo.
-
-Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
----
- libkmod/libkmod-module.c    |  2 +-
- libkmod/libkmod-signature.c | 56 +++++++++++++++++++++++++------------
- 2 files changed, 39 insertions(+), 19 deletions(-)
-
-diff --git a/libkmod/libkmod-module.c b/libkmod/libkmod-module.c
-index ee420f4ec2bf..889f26479a98 100644
---- a/libkmod/libkmod-module.c
-+++ b/libkmod/libkmod-module.c
-@@ -2273,7 +2273,7 @@ KMOD_EXPORT int kmod_module_get_info(const struct kmod_module *mod, struct kmod_
- 	struct kmod_elf *elf;
- 	char **strings;
- 	int i, count, ret = -ENOMEM;
--	struct kmod_signature_info sig_info;
-+	struct kmod_signature_info sig_info = {};
- 
- 	if (mod == NULL || list == NULL)
- 		return -ENOENT;
-diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
-index 1f3e26dea203..429ffbd8a957 100644
---- a/libkmod/libkmod-signature.c
-+++ b/libkmod/libkmod-signature.c
-@@ -92,6 +92,38 @@ struct module_signature {
- 	uint32_t sig_len;    /* Length of signature data (big endian) */
- };
- 
-+static bool fill_default(const char *mem, off_t size,
-+			 const struct module_signature *modsig, size_t sig_len,
-+			 struct kmod_signature_info *sig_info)
-+{
-+	size -= sig_len;
-+	sig_info->sig = mem + size;
-+	sig_info->sig_len = sig_len;
-+
-+	size -= modsig->key_id_len;
-+	sig_info->key_id = mem + size;
-+	sig_info->key_id_len = modsig->key_id_len;
-+
-+	size -= modsig->signer_len;
-+	sig_info->signer = mem + size;
-+	sig_info->signer_len = modsig->signer_len;
-+
-+	sig_info->algo = pkey_algo[modsig->algo];
-+	sig_info->hash_algo = pkey_hash_algo[modsig->hash];
-+	sig_info->id_type = pkey_id_type[modsig->id_type];
-+
-+	return true;
-+}
-+
-+static bool fill_unknown(const char *mem, off_t size,
-+			 const struct module_signature *modsig, size_t sig_len,
-+			 struct kmod_signature_info *sig_info)
-+{
-+	sig_info->hash_algo = "unknown";
-+	sig_info->id_type = pkey_id_type[modsig->id_type];
-+	return true;
-+}
-+
- #define SIG_MAGIC "~Module signature appended~\n"
- 
- /*
-@@ -112,7 +144,6 @@ bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signat
- 	const struct module_signature *modsig;
- 	size_t sig_len;
- 
--
- 	size = kmod_file_get_size(file);
- 	mem = kmod_file_get_contents(file);
- 	if (size < (off_t)strlen(SIG_MAGIC))
-@@ -134,21 +165,10 @@ bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signat
- 	    size < (int64_t)(modsig->signer_len + modsig->key_id_len + sig_len))
- 		return false;
- 
--	size -= sig_len;
--	sig_info->sig = mem + size;
--	sig_info->sig_len = sig_len;
--
--	size -= modsig->key_id_len;
--	sig_info->key_id = mem + size;
--	sig_info->key_id_len = modsig->key_id_len;
--
--	size -= modsig->signer_len;
--	sig_info->signer = mem + size;
--	sig_info->signer_len = modsig->signer_len;
--
--	sig_info->algo = pkey_algo[modsig->algo];
--	sig_info->hash_algo = pkey_hash_algo[modsig->hash];
--	sig_info->id_type = pkey_id_type[modsig->id_type];
--
--	return true;
-+	switch (modsig->id_type) {
-+	case PKEY_ID_PKCS7:
-+		return fill_unknown(mem, size, modsig, sig_len, sig_info);
-+	default:
-+		return fill_default(mem, size, modsig, sig_len, sig_info);
-+	}
- }
--- 
-2.20.1
-

SOURCES/man-rmmod-explain-why-modprobe-r-is-more-useful.patch

@@ -0,0 +1,58 @@
+From 06fadcc6b17c3b9a534540dd6d74b0c5fb1d948d Mon Sep 17 00:00:00 2001
+From: Yauheni Kaliuta <ykaliuta@redhat.com>
+Date: Thu, 2 Feb 2023 15:47:36 +0200
+Subject: [PATCH] man/rmmod: explain why modprobe -r is more useful
+
+Improve user experience by explaining the option so the user may
+not search explanations in other manpages (modprobe).
+
+Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com>
+Reviewed-by: Luis Chamberlain <mcgrof@kernel.org>
+Signed-off-by: Lucas De Marchi <lucas.de.marchi@gmail.com>
+---
+ man/rmmod.xml | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/man/rmmod.xml b/man/rmmod.xml
+index e7c7e5f9e7dc..67bcbedd972b 100644
+--- a/man/rmmod.xml
++++ b/man/rmmod.xml
+@@ -52,7 +52,8 @@
+       want to use
+       <citerefentry>
+         <refentrytitle>modprobe</refentrytitle><manvolnum>8</manvolnum>
+-      </citerefentry> with the <option>-r</option> option instead.
++      </citerefentry> with the <option>-r</option> option instead
++      since it removes unused dependent modules as well.
+     </para>
+   </refsect1>
+ 
+--- a/man/rmmod.8	2020-12-28 02:58:30.085851136 +0200
++++ b/man/rmmod.8	2023-02-09 16:55:55.967128297 +0200
+@@ -2,12 +2,12 @@
+ .\"     Title: rmmod
+ .\"    Author: Jon Masters <jcm@jonmasters.org>
+ .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
+-.\"      Date: 12/27/2020
++.\"      Date: 02/09/2023
+ .\"    Manual: rmmod
+ .\"    Source: kmod
+ .\"  Language: English
+ .\"
+-.TH "RMMOD" "8" "12/27/2020" "kmod" "rmmod"
++.TH "RMMOD" "8" "02/09/2023" "kmod" "rmmod"
+ .\" -----------------------------------------------------------------
+ .\" * Define some portability stuff
+ .\" -----------------------------------------------------------------
+@@ -39,7 +39,7 @@
+ \fBmodprobe\fR(8)
+ with the
+ \fB\-r\fR
+-option instead\&.
++option instead since it removes unused dependent modules as well\&.
+ .SH "OPTIONS"
+ .PP
+ \fB\-v\fR, \fB\-\-verbose\fR
+-- 
+2.39.1
+

SOURCES/weak-modules

@@ -520,26 +520,31 @@ finish_sandbox() {
 # Auxiliary functions to find symvers file
 make_kernel_file_names() {
     local krel="$1"
-    local file="$2"
-    local suffix="$3"
+    shift
+    local file="$1"
+    shift
 
-    echo "${BASEDIR}/boot/${file}-${krel}${suffix}"
-    echo "${BASEDIR}/lib/modules/${krel}/${file}${suffix}"
+    for suffix in "$@"; do
+        echo "${BASEDIR}/boot/${file}-${krel}${suffix}"
+        echo "${BASEDIR}/lib/modules/${krel}/${file}${suffix}"
+    done
 }
 
 find_kernel_file() {
     local krel="$1"
-    local file="$2"
-    local suffix="$3"
-    local print="$4"
+    shift
+    local file="$1"
+    shift
+    local print="$1"
+    shift
     local i
 
     if [[ "$print" != "" ]]; then
-        make_kernel_file_names "$krel" "$file" "$suffix"
+        make_kernel_file_names "$krel" "$file" "$@"
         return 0
     fi
 
-    for i in  $(make_kernel_file_names "$krel" "$file" "$suffix"); do
+    for i in  $(make_kernel_file_names "$krel" "$file" "$@"); do
         if [[ -r "$i" ]]; then
             echo "$i"
             return 0
@@ -563,7 +568,7 @@ find_symvers_file() {
     local krel="$1"
     local print="$2"
 
-    find_kernel_file "$krel" symvers .gz "$print"
+    find_kernel_file "$krel" symvers "$print" .xz .gz
 }
 
 # find_systemmap_file:
@@ -573,7 +578,7 @@ find_systemmap_file() {
     local print="$2"
     local no_suffix=""
 
-    find_kernel_file "$krel" System.map "$no_suffix" "$print"
+    find_kernel_file "$krel" System.map "$print" "$no_suffix"
 }
 
 #### Main logic
@@ -615,7 +620,6 @@ update_modules_for_krel() {
 
     if ! validate_weak_links $krel && [[ -z "$force_update" ]]; then
         global_link_state_restore $krel
-        compatible_modules=()
     fi
 
     # add compatible to installed
@@ -1148,7 +1152,7 @@ while :; do
     shift
 done
 
-if [ ! -x "$dracut" ] && [ -z "$no_initramfs" ]
+if [ ! -x "$dracut" ]
 then
     echo "weak-modules: could not find dracut at $dracut"
     exit 1

SPECS/kmod.spec

@@ -1,30 +1,25 @@
 Name:		kmod
-Version:	25
-Release:	19%{?dist}
+Version:	28
+Release:	9%{?dist}
 Summary:	Linux kernel module management utilities
 
-Group:		System Environment/Kernel
 License:	GPLv2+
-URL:		http://git.kernel.org/?p=utils/kernel/kmod/kmod.git;a=summary
+URL:		https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git
 Source0:	https://www.kernel.org/pub/linux/utils/kernel/kmod/%{name}-%{version}.tar.xz
 Source1:	weak-modules
 Source2:	depmod.conf.dist
 Exclusiveos:	Linux
 
-Patch01:	kmod-signature-do-not-report-wrong-data-for-pkc-7-signatu.patch
-Patch02:	kmod-libkmod-signature-implement-pkcs7-parsing-with-opens.patch
-Patch03:	kmod-modprobe-ignore-builtin-module-on-recursive-removing.patch
-Patch04:	0001-depmod-prevent-module-dependency-files-missing-durin.patch
-Patch05:	0002-depmod-prevent-module-dependency-files-corruption-du.patch
+Patch01:	man-rmmod-explain-why-modprobe-r-is-more-useful.patch
 
-BuildRoot:     %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
+BuildRequires:  gcc
 BuildRequires:	chrpath
 BuildRequires:	zlib-devel
 BuildRequires:	xz-devel
 BuildRequires:  libxslt
 BuildRequires:  openssl-devel
-# Remove it as soon as no need for Patch02 anymore (Makefile.am updated)
-BuildRequires:  automake autoconf libtool
+BuildRequires:  make
+BuildRequires:  libzstd-devel
 
 Provides:	module-init-tools = 4.0-1
 Obsoletes:	module-init-tools < 4.0-1
@@ -39,7 +34,6 @@ examples of loaded and unloaded modules.
 %package libs
 Summary:	Libraries to handle kernel module loading and unloading
 License:	LGPLv2+
-Group:		System Environment/Libraries
 
 %description libs
 The kmod-libs package provides runtime libraries for any application that
@@ -47,7 +41,6 @@ wishes to load or unload Linux kernel modules from the running system.
 
 %package devel
 Summary:	Header files for kmod development
-Group:		Development/Libraries
 Requires:	%{name}-libs%{?_isa} = %{version}-%{release}
 
 %description devel
@@ -55,30 +48,26 @@ The kmod-devel package provides header files used for development of
 applications that wish to load or unload Linux kernel modules.
 
 %prep
-%setup -q
-%patch01 -p1
-%patch02 -p1
-%patch03 -p1
-%patch04 -p1
-%patch05 -p1
+%autosetup -p1
 
 %build
-export V=1
-aclocal
-autoreconf --install --symlink
 %configure \
+  --with-openssl \
   --with-zlib \
-  --with-xz   \
-  --with-openssl
-make %{?_smp_mflags}
+  --with-xz \
+  --with-zstd
+
+%{make_build} V=1
 
 %install
-make install DESTDIR=$RPM_BUILD_ROOT
-pushd $RPM_BUILD_ROOT/%{_mandir}/man5
+%{make_install}
+
+pushd $RPM_BUILD_ROOT%{_mandir}/man5
 ln -s modprobe.d.5.gz modprobe.conf.5.gz
 popd
 
-rm -rf $RPM_BUILD_ROOT%{_libdir}/*.la
+find %{buildroot} -type f -name "*.la" -delete
+
 mkdir -p $RPM_BUILD_ROOT%{_sbindir}
 ln -sf ../bin/kmod $RPM_BUILD_ROOT%{_sbindir}/modprobe
 ln -sf ../bin/kmod $RPM_BUILD_ROOT%{_sbindir}/modinfo
@@ -91,16 +80,10 @@ mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/modprobe.d
 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d
 mkdir -p $RPM_BUILD_ROOT%{_prefix}/lib/modprobe.d
 
-mkdir -p $RPM_BUILD_ROOT/sbin
-install -m 755 %{SOURCE1} $RPM_BUILD_ROOT%{_sbindir}/weak-modules
+install -pm 755 %{SOURCE1} $RPM_BUILD_ROOT%{_sbindir}/weak-modules
 install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf
 
-%post libs -p /sbin/ldconfig
-
-%postun libs -p /sbin/ldconfig
-
 %files
-%defattr(-,root,root,-)
 %dir %{_sysconfdir}/depmod.d
 %dir %{_sysconfdir}/modprobe.d
 %dir %{_prefix}/lib/modprobe.d
@@ -119,7 +102,6 @@ install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf
 %doc NEWS README TODO
 
 %files libs
-%{!?_licensedir:%global license %%doc}
 %license COPYING
 %{_libdir}/libkmod.so.*
 
@@ -129,79 +111,73 @@ install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf
 %{_libdir}/libkmod.so
 
 %changelog
-* Mon Nov 29 2021 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-19
-- depmod: fix parallel execution issues
-  Resolves: rhbz#2026938
+* Thu May 11 2023 Eugene Syromiatnikov <esyr@redhat.com> - 28-9
+- Add symvers.xz support to weak-modules
+- Resolves: rhbz#2192895
 
-* Fri Apr 16 2021 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-18
-- weak-modules: do not require dracut wneh using --no-initramfs
-  Resolves: rhbz#1935416
+* Thu Feb  9 2023 Yauheni Kaliuta <ykaliuta@redhat.com> - 28-8
+- man/rmmod: explain why modprobe -r is more useful
+  Resolves: rhbz#2164253
 
-* Fri Dec 18 2020 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-17
-- weak-modules: reset compatible_modules if configuration is not valid
-  Resolves: rhbz#1907855
+* Thu Oct 21 2021 Yauheni Kaliuta <ykaliuta@redhat.com> - 28-7
+- Add RHEL gating configuration. Related: rhbz#1985100
 
-* Mon Dec  9 2019 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-16
-- weak-modules: update_modules_for_krel: always finish sandbox
-- weak-modules: groupping: use dependencies of extra/ provider
-  Resolves: rhbz#1778889
+* Tue Aug 10 2021 Yauheni Kaliuta <ykaliuta@redhat.com> - 28-6
+- add default config.
+  Resolves: rhbz#1985100
 
-* Mon Dec  9 2019 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-15
-- weak-modules: reverse checking order for add-kernel
-  Resolves: rhbz#1755196
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 28-5
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
 
-* Mon Dec  2 2019 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-14
-- modprobe: do not fail on built-in modules
-  Resolves: rhbz#1767513
+* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 28-4
+- Rebuilt for RHEL 9 BETA for openssl 3.0
+  Related: rhbz#1971065
 
-* Tue Apr 16 2019 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-13
-- weak-modules: handle independent modules in one run
-  Resolves: rhbz#1695763
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 28-3
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
 
-* Tue Apr  2 2019 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-12
-- weak-modules: use asterisk for kernel version in sandbox
-  Resolves: rhbz#1689052
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 28-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 
-* Tue Feb  5 2019 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-11
-- add PKCS7/openssl support.
-  Resolves: rhbz#1668459.
+* Thu Jan 07 2021 Josh Boyer <jwboyer@fedoraproject.org> - 28-1
+- New upstream v28
+- Enable zstd support
+- Resolves: rhbz#1913949
 
-* Tue Dec 11 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-10
-- weak-modules: group modules on add-kernel
-- weak-modules: do not make groups if there are no extra modules
-  Resolves: rhbz#1649211
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 27-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 
-* Tue Oct  2 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-9
-- Rebuild with updated flags.
-  Resolves: rhbz#1630574.
+* Wed Mar 25 2020 Yauheni Kaliuta <ykaliuta@fedoraproject.org> - 27-2
+- add 0001-depmod-do-not-output-.bin-to-stdout.patch
+  Resolves: rhbz#1808430
 
-* Tue Sep  4 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-8
-- weak-modules: fix initial state creation for dry-run
-- weak-modules: check compatibility in a temporary directory
-  Resolves: rhbz#1622990.
+* Thu Feb 20 2020 Peter Robinson <pbrobinson@fedoraproject.org> - 27-1
+- New upstream v27
 
-* Tue Aug 28 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-7
-- weak-modules: use is_kernel_installed wrapper in update_modules_for_krel.
-- weak-modules: more abstract symvers search implementation.
-- weak-modules: use additional paths for System.map file.
-  Resolves: rhbz#1621306.
+* Mon Jan 20 2020 Yauheni Kaliuta <ykaliuta@fedoraproject.org> - 26-5
+- weak-modules: sync with RHEL
 
-* Thu Aug 09 2018 Eugene Syromiatnikov <esyr@redhat.com> - 25-6
-- weak-modules: check also for /lib/modules/$krel/symvers.gz as a possible
-  symvers file path.
-  Resolves: rhbz#1614119.
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 26-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 
-* Mon Jul 30 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-5
-- weak-modules: handle versions with + and other special regex symbols
-- weak-modules: fix misleading message when cannot find dracut.
-  Resolves: rhbz#1609372.
+* Mon Feb 25 2019 Yauheni Kaliuta <yauheni.kaliuta@redhat.com> - 26-3
+- weak-modules: sync with RHEL
 
-* Fri Jul 27 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-4
-- fix dracut path, /usr/bin/dracut
+* Sun Feb 24 2019 Yauheni Kaliuta <ykaliuta@fedoraproject.org> - 26-2
+- add PKCS7/openssl support (rhbz 1320921)
 
-* Wed Jul 25 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-3
-- Add depmod.d/dist.conf.
-- Update weak-modules to RHEL version.
+* Sun Feb 24 2019 Yauheni Kaliuta <ykaliuta@fedoraproject.org> - 26-1
+- Update to version 26 (rhbz 1673749)
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 25-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Mon Oct 29 2018 James Antill <james.antill@redhat.com> - 25-4
+- Remove ldconfig scriptlet, now done via. transfiletrigger in glibc (rhbz 1644063)
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 25-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 25-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
@@ -292,7 +268,7 @@ install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf
 - Update to version 13
 
 * Wed Mar 20 2013 Weiping Pan <wpan@redhat.com> - 12-3
-- Pull in weak-modules for kABI from Jon Masters <jcm@redhat.com>
+- Pull in weak-modules for kABI from Jon Masters <jcm@redhat.com> 
 
 * Mon Mar 18 2013 Josh Boyer <jwboyer@redhat.com>
 - Add patch to make rmmod understand built-in modules (rhbz 922187)