Compare commits
No commits in common. "c8" and "c9-beta" have entirely different histories.
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/kmod-25.tar.xz
|
SOURCES/kmod-28.tar.xz
|
||||||
|
@ -1 +1 @@
|
|||||||
761ee76bc31f5db10d470dad607a5f9d68acef68 SOURCES/kmod-25.tar.xz
|
0acec2b6aea3e6eb71f0b549b0ff0abcac5da004 SOURCES/kmod-28.tar.xz
|
||||||
|
@ -1,33 +0,0 @@
|
|||||||
From c2996b5fa880e81f63c25e80a4157b2239e32c5d Mon Sep 17 00:00:00 2001
|
|
||||||
From: Michal Suchanek <msuchanek@suse.de>
|
|
||||||
Date: Mon, 10 Dec 2018 22:29:32 +0100
|
|
||||||
Subject: [PATCH 1/2] depmod: prevent module dependency files missing during
|
|
||||||
depmod invocation
|
|
||||||
|
|
||||||
depmod deletes the module dependency files before moving the temporary
|
|
||||||
files in their place. This results in user seeing no dependency files
|
|
||||||
while they are updated. Remove the unlink call. The rename call should
|
|
||||||
suffice to move the new file in place and unlink the old one. It should
|
|
||||||
also do both atomically so there is no window when no dependency file
|
|
||||||
exists.
|
|
||||||
|
|
||||||
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
|
|
||||||
---
|
|
||||||
tools/depmod.c | 1 -
|
|
||||||
1 file changed, 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/tools/depmod.c b/tools/depmod.c
|
|
||||||
index 989d9077926c..18c0d61b2db3 100644
|
|
||||||
--- a/tools/depmod.c
|
|
||||||
+++ b/tools/depmod.c
|
|
||||||
@@ -2451,7 +2451,6 @@ static int depmod_output(struct depmod *depmod, FILE *out)
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
- unlinkat(dfd, itr->name, 0);
|
|
||||||
if (renameat(dfd, tmp, dfd, itr->name) != 0) {
|
|
||||||
err = -errno;
|
|
||||||
CRIT("renameat(%s, %s, %s, %s): %m\n",
|
|
||||||
--
|
|
||||||
2.33.0
|
|
||||||
|
|
@ -0,0 +1,44 @@
|
|||||||
|
From 5c22362b6b97af9c6b7587f0c3450001e9893115 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Eugene Syromiatnikov <esyr@redhat.com>
|
||||||
|
Date: Tue, 13 Aug 2024 16:17:27 +0200
|
||||||
|
Subject: [PATCH] libkmod: avoid undefined behaviour in
|
||||||
|
libkmod-builtin.c:get_string
|
||||||
|
|
||||||
|
Static analysis has reported a potential UB:
|
||||||
|
|
||||||
|
kmod-31/libkmod/libkmod-builtin.c:125: use_invalid: Using "nullp", which points to an out-of-scope variable "buf".
|
||||||
|
# 123| size_t linesz = 0;
|
||||||
|
# 124|
|
||||||
|
# 125|-> while (!nullp) {
|
||||||
|
# 126| char buf[BUFSIZ];
|
||||||
|
# 127| ssize_t sz;
|
||||||
|
|
||||||
|
It seems to be indeed an UB, as nullp is getting assined an address
|
||||||
|
inside object buf, which has a lifetime of the while loop body,
|
||||||
|
and is not available outside of it (specifically, in the while
|
||||||
|
condition, where nullp is checked for NULL). Fix it by putting
|
||||||
|
buf definition in the outer block.
|
||||||
|
---
|
||||||
|
libkmod/libkmod-builtin.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/libkmod/libkmod-builtin.c b/libkmod/libkmod-builtin.c
|
||||||
|
index fd0f549..40a7d61 100644
|
||||||
|
--- a/libkmod/libkmod-builtin.c
|
||||||
|
+++ b/libkmod/libkmod-builtin.c
|
||||||
|
@@ -105,11 +105,11 @@ static off_t get_string(struct kmod_builtin_iter *iter, off_t offset,
|
||||||
|
char **line, size_t *size)
|
||||||
|
{
|
||||||
|
int sv_errno;
|
||||||
|
+ char buf[BUFSIZ];
|
||||||
|
char *nullp = NULL;
|
||||||
|
size_t linesz = 0;
|
||||||
|
|
||||||
|
while (!nullp) {
|
||||||
|
- char buf[BUFSIZ];
|
||||||
|
ssize_t sz;
|
||||||
|
size_t partsz;
|
||||||
|
|
||||||
|
--
|
||||||
|
2.13.6
|
||||||
|
|
@ -0,0 +1,38 @@
|
|||||||
|
From d5950b0b5e66a5ec1c21b638dec3974056aaabeb Mon Sep 17 00:00:00 2001
|
||||||
|
From: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
|
||||||
|
Date: Sun, 25 Sep 2022 17:46:08 +0300
|
||||||
|
Subject: [PATCH] libkmod: do not crash on unknown signature algorithm
|
||||||
|
|
||||||
|
Example kernel module:
|
||||||
|
https://file-store.rosalinux.ru/download/7281f97e0c04c0f818ad3f936706f4a407e8dc7e
|
||||||
|
(/lib/modules/5.15.67-generic-1rosa2021.1-x86_64/kernel/drivers/usb/host/xhci-pci.ko.zst)
|
||||||
|
It is signed with Streebog 512.
|
||||||
|
|
||||||
|
libkmod v30 crashed in libkmod-module.c:2413 in this code:
|
||||||
|
|
||||||
|
n = kmod_module_info_append(list,
|
||||||
|
"sig_hashalgo", strlen("sig_hashalgo"),
|
||||||
|
sig_info.hash_algo, strlen(sig_info.hash_algo));
|
||||||
|
|
||||||
|
because strlen() got null.
|
||||||
|
---
|
||||||
|
libkmod/libkmod-signature.c | 3 +++
|
||||||
|
1 file changed, 3 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
|
||||||
|
index 4ae5af6..092f396 100644
|
||||||
|
--- a/libkmod/libkmod-signature.c
|
||||||
|
+++ b/libkmod/libkmod-signature.c
|
||||||
|
@@ -278,6 +278,9 @@ static bool fill_pkcs7(const char *mem, off_t size,
|
||||||
|
X509_ALGOR_get0(&o, NULL, NULL, dig_alg);
|
||||||
|
|
||||||
|
sig_info->hash_algo = pkey_hash_algo[obj_to_hash_algo(o)];
|
||||||
|
+ // hash algo has not been recognized
|
||||||
|
+ if (sig_info->hash_algo == NULL)
|
||||||
|
+ goto err3;
|
||||||
|
sig_info->id_type = pkey_id_type[modsig->id_type];
|
||||||
|
|
||||||
|
pvt = malloc(sizeof(*pvt));
|
||||||
|
--
|
||||||
|
2.13.6
|
||||||
|
|
@ -0,0 +1,44 @@
|
|||||||
|
From b9605c63b859adfffc0b4b9420d720aa323b90e9 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Emil Velikov <emil.velikov@collabora.com>
|
||||||
|
Date: Mon, 6 Feb 2023 14:32:59 +0000
|
||||||
|
Subject: [PATCH] libkmod: error out on unknown hash algorithm
|
||||||
|
|
||||||
|
Currently if we see unknown algorithm, we'll do an OOB read in
|
||||||
|
pkey_hash_algo. This can happen for example if OPENSSL_NO_SM3 is set and
|
||||||
|
the kernel module uses a SM3 hash.
|
||||||
|
|
||||||
|
Cc: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
|
||||||
|
Cc: Lucas De Marchi <lucas.demarchi@intel.com>
|
||||||
|
Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
|
||||||
|
Signed-off-by: Lucas De Marchi <lucas.de.marchi@gmail.com>
|
||||||
|
---
|
||||||
|
libkmod/libkmod-signature.c | 6 +++++-
|
||||||
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
|
||||||
|
index 092f396..b749a81 100644
|
||||||
|
--- a/libkmod/libkmod-signature.c
|
||||||
|
+++ b/libkmod/libkmod-signature.c
|
||||||
|
@@ -219,6 +219,7 @@ static bool fill_pkcs7(const char *mem, off_t size,
|
||||||
|
unsigned char *key_id_str;
|
||||||
|
struct pkcs7_private *pvt;
|
||||||
|
const char *issuer_str;
|
||||||
|
+ int hash_algo;
|
||||||
|
|
||||||
|
size -= sig_len;
|
||||||
|
pkcs7_raw = mem + size;
|
||||||
|
@@ -277,7 +278,10 @@ static bool fill_pkcs7(const char *mem, off_t size,
|
||||||
|
|
||||||
|
X509_ALGOR_get0(&o, NULL, NULL, dig_alg);
|
||||||
|
|
||||||
|
- sig_info->hash_algo = pkey_hash_algo[obj_to_hash_algo(o)];
|
||||||
|
+ hash_algo = obj_to_hash_algo(o);
|
||||||
|
+ if (hash_algo < 0)
|
||||||
|
+ goto err3;
|
||||||
|
+ sig_info->hash_algo = pkey_hash_algo[hash_algo];
|
||||||
|
// hash algo has not been recognized
|
||||||
|
if (sig_info->hash_algo == NULL)
|
||||||
|
goto err3;
|
||||||
|
--
|
||||||
|
2.13.6
|
||||||
|
|
@ -0,0 +1,29 @@
|
|||||||
|
From 1cab02ecf6ee2a0aa34f3615dfd99c59f7e04e90 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Seung-Woo Kim <sw0312.kim@samsung.com>
|
||||||
|
Date: Tue, 13 Apr 2021 20:23:14 +0900
|
||||||
|
Subject: [PATCH] libkmod: fix an overflow with wrong modules.builtin.modinfo
|
||||||
|
|
||||||
|
Fix a possbile overflow with exact PATH_MAX length modname
|
||||||
|
in wrong modules.builtin.modinfo.
|
||||||
|
|
||||||
|
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
|
||||||
|
---
|
||||||
|
libkmod/libkmod-builtin.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/libkmod/libkmod-builtin.c b/libkmod/libkmod-builtin.c
|
||||||
|
index fc9a376..a75a542 100644
|
||||||
|
--- a/libkmod/libkmod-builtin.c
|
||||||
|
+++ b/libkmod/libkmod-builtin.c
|
||||||
|
@@ -246,7 +246,7 @@ bool kmod_builtin_iter_get_modname(struct kmod_builtin_iter *iter,
|
||||||
|
|
||||||
|
len = dot - line;
|
||||||
|
|
||||||
|
- if (len > PATH_MAX) {
|
||||||
|
+ if (len >= PATH_MAX) {
|
||||||
|
sv_errno = ENAMETOOLONG;
|
||||||
|
goto fail;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.13.6
|
||||||
|
|
@ -1,62 +0,0 @@
|
|||||||
From a06bacf500d56b72b5f9b121ebf7f6af9e3df185 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Michal Suchanek <msuchanek@suse.de>
|
|
||||||
Date: Mon, 17 Dec 2018 23:46:28 +0100
|
|
||||||
Subject: [PATCH 2/2] depmod: prevent module dependency files corruption due to
|
|
||||||
parallel invocation.
|
|
||||||
|
|
||||||
Depmod does not use unique filename for temporary files. There is no
|
|
||||||
guarantee the user does not attempt to run mutiple depmod processes in
|
|
||||||
parallel. If that happens a temporary file might be created by
|
|
||||||
depmod(1st), truncated by depmod(2nd), and renamed to final name by
|
|
||||||
depmod(1st) resulting in corrupted file seen by user.
|
|
||||||
|
|
||||||
Due to missing mkstempat() this is more complex than it should be.
|
|
||||||
Adding PID and timestamp to the filename should be reasonably reliable.
|
|
||||||
Adding O_EXCL as mkstemp does fails creating the file rather than
|
|
||||||
corrupting existing file.
|
|
||||||
|
|
||||||
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
|
|
||||||
---
|
|
||||||
tools/depmod.c | 9 +++++++--
|
|
||||||
1 file changed, 7 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/tools/depmod.c b/tools/depmod.c
|
|
||||||
index 18c0d61b2db3..0f7e33ccfd59 100644
|
|
||||||
--- a/tools/depmod.c
|
|
||||||
+++ b/tools/depmod.c
|
|
||||||
@@ -29,6 +29,7 @@
|
|
||||||
#include <string.h>
|
|
||||||
#include <unistd.h>
|
|
||||||
#include <sys/stat.h>
|
|
||||||
+#include <sys/time.h>
|
|
||||||
#include <sys/utsname.h>
|
|
||||||
|
|
||||||
#include <shared/array.h>
|
|
||||||
@@ -2398,6 +2399,9 @@ static int depmod_output(struct depmod *depmod, FILE *out)
|
|
||||||
};
|
|
||||||
const char *dname = depmod->cfg->dirname;
|
|
||||||
int dfd, err = 0;
|
|
||||||
+ struct timeval tv;
|
|
||||||
+
|
|
||||||
+ gettimeofday(&tv, NULL);
|
|
||||||
|
|
||||||
if (out != NULL)
|
|
||||||
dfd = -1;
|
|
||||||
@@ -2416,11 +2420,12 @@ static int depmod_output(struct depmod *depmod, FILE *out)
|
|
||||||
int r, ferr;
|
|
||||||
|
|
||||||
if (fp == NULL) {
|
|
||||||
- int flags = O_CREAT | O_TRUNC | O_WRONLY;
|
|
||||||
+ int flags = O_CREAT | O_EXCL | O_WRONLY;
|
|
||||||
int mode = 0644;
|
|
||||||
int fd;
|
|
||||||
|
|
||||||
- snprintf(tmp, sizeof(tmp), "%s.tmp", itr->name);
|
|
||||||
+ snprintf(tmp, sizeof(tmp), "%s.%i.%li.%li", itr->name, getpid(),
|
|
||||||
+ tv.tv_usec, tv.tv_sec);
|
|
||||||
fd = openat(dfd, tmp, flags, mode);
|
|
||||||
if (fd < 0) {
|
|
||||||
ERR("openat(%s, %s, %o, %o): %m\n",
|
|
||||||
--
|
|
||||||
2.33.0
|
|
||||||
|
|
@ -1,328 +0,0 @@
|
|||||||
From 391b4714b495183baefa9cb10ac8e1600c166a59 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
|
|
||||||
Date: Fri, 1 Feb 2019 22:20:02 +0200
|
|
||||||
Subject: [PATCH] libkmod-signature: implement pkcs7 parsing with openssl
|
|
||||||
|
|
||||||
The patch adds data fetching from the PKCS#7 certificate using
|
|
||||||
openssl library (which is used by scripts/sign-file.c in the linux
|
|
||||||
kernel to sign modules).
|
|
||||||
|
|
||||||
In general the certificate can contain many signatures, but since
|
|
||||||
kmod (modinfo) supports only one signature at the moment, only first
|
|
||||||
one is taken.
|
|
||||||
|
|
||||||
With the current sign-file.c certificate doesn't contain signer
|
|
||||||
key's fingerprint, so "serial number" is used for the key id.
|
|
||||||
|
|
||||||
Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
|
|
||||||
---
|
|
||||||
Makefile.am | 4 +-
|
|
||||||
configure.ac | 11 ++
|
|
||||||
libkmod/libkmod-internal.h | 3 +
|
|
||||||
libkmod/libkmod-module.c | 3 +
|
|
||||||
libkmod/libkmod-signature.c | 197 +++++++++++++++++++++++++++++++++++-
|
|
||||||
5 files changed, 213 insertions(+), 5 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/Makefile.am b/Makefile.am
|
|
||||||
index 1ab1db585316..de1026f8bd46 100644
|
|
||||||
--- a/Makefile.am
|
|
||||||
+++ b/Makefile.am
|
|
||||||
@@ -35,6 +35,8 @@ SED_PROCESS = \
|
|
||||||
-e 's,@liblzma_LIBS\@,${liblzma_LIBS},g' \
|
|
||||||
-e 's,@zlib_CFLAGS\@,${zlib_CFLAGS},g' \
|
|
||||||
-e 's,@zlib_LIBS\@,${zlib_LIBS},g' \
|
|
||||||
+ -e 's,@openssl_CFLAGS\@,${openssl_CFLAGS},g' \
|
|
||||||
+ -e 's,@openssl_LIBS\@,${openssl_LIBS},g' \
|
|
||||||
< $< > $@ || rm $@
|
|
||||||
|
|
||||||
%.pc: %.pc.in Makefile
|
|
||||||
@@ -87,7 +89,7 @@ libkmod_libkmod_la_DEPENDENCIES = \
|
|
||||||
${top_srcdir}/libkmod/libkmod.sym
|
|
||||||
libkmod_libkmod_la_LIBADD = \
|
|
||||||
shared/libshared.la \
|
|
||||||
- ${liblzma_LIBS} ${zlib_LIBS}
|
|
||||||
+ ${liblzma_LIBS} ${zlib_LIBS} ${openssl_LIBS}
|
|
||||||
|
|
||||||
noinst_LTLIBRARIES += libkmod/libkmod-internal.la
|
|
||||||
libkmod_libkmod_internal_la_SOURCES = $(libkmod_libkmod_la_SOURCES)
|
|
||||||
diff --git a/configure.ac b/configure.ac
|
|
||||||
index fbc7391b2d1b..2e33380a0cc2 100644
|
|
||||||
--- a/configure.ac
|
|
||||||
+++ b/configure.ac
|
|
||||||
@@ -106,6 +106,17 @@ AS_IF([test "x$with_zlib" != "xno"], [
|
|
||||||
])
|
|
||||||
CC_FEATURE_APPEND([with_features], [with_zlib], [ZLIB])
|
|
||||||
|
|
||||||
+AC_ARG_WITH([openssl],
|
|
||||||
+ AS_HELP_STRING([--with-openssl], [handle PKCS7 signatures @<:@default=disabled@:>@]),
|
|
||||||
+ [], [with_openssl=no])
|
|
||||||
+AS_IF([test "x$with_openssl" != "xno"], [
|
|
||||||
+ PKG_CHECK_MODULES([openssl], [openssl])
|
|
||||||
+ AC_DEFINE([ENABLE_OPENSSL], [1], [Enable openssl for modinfo.])
|
|
||||||
+], [
|
|
||||||
+ AC_MSG_NOTICE([openssl support not requested])
|
|
||||||
+])
|
|
||||||
+CC_FEATURE_APPEND([with_features], [with_openssl], [OPENSSL])
|
|
||||||
+
|
|
||||||
AC_ARG_WITH([bashcompletiondir],
|
|
||||||
AS_HELP_STRING([--with-bashcompletiondir=DIR], [Bash completions directory]),
|
|
||||||
[],
|
|
||||||
diff --git a/libkmod/libkmod-internal.h b/libkmod/libkmod-internal.h
|
|
||||||
index 346579c71aab..a65ddd156f18 100644
|
|
||||||
--- a/libkmod/libkmod-internal.h
|
|
||||||
+++ b/libkmod/libkmod-internal.h
|
|
||||||
@@ -188,5 +188,8 @@ struct kmod_signature_info {
|
|
||||||
const char *algo, *hash_algo, *id_type;
|
|
||||||
const char *sig;
|
|
||||||
size_t sig_len;
|
|
||||||
+ void (*free)(void *);
|
|
||||||
+ void *private;
|
|
||||||
};
|
|
||||||
bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signature_info *sig_info) _must_check_ __attribute__((nonnull(1, 2)));
|
|
||||||
+void kmod_module_signature_info_free(struct kmod_signature_info *sig_info) __attribute__((nonnull));
|
|
||||||
diff --git a/libkmod/libkmod-module.c b/libkmod/libkmod-module.c
|
|
||||||
index 889f26479a98..bffe715cdef4 100644
|
|
||||||
--- a/libkmod/libkmod-module.c
|
|
||||||
+++ b/libkmod/libkmod-module.c
|
|
||||||
@@ -2357,6 +2357,9 @@ KMOD_EXPORT int kmod_module_get_info(const struct kmod_module *mod, struct kmod_
|
|
||||||
ret = count;
|
|
||||||
|
|
||||||
list_error:
|
|
||||||
+ /* aux structures freed in normal case also */
|
|
||||||
+ kmod_module_signature_info_free(&sig_info);
|
|
||||||
+
|
|
||||||
if (ret < 0) {
|
|
||||||
kmod_module_info_free_list(*list);
|
|
||||||
*list = NULL;
|
|
||||||
diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
|
|
||||||
index 429ffbd8a957..48d0145a7552 100644
|
|
||||||
--- a/libkmod/libkmod-signature.c
|
|
||||||
+++ b/libkmod/libkmod-signature.c
|
|
||||||
@@ -19,6 +19,10 @@
|
|
||||||
|
|
||||||
#include <endian.h>
|
|
||||||
#include <inttypes.h>
|
|
||||||
+#ifdef ENABLE_OPENSSL
|
|
||||||
+#include <openssl/cms.h>
|
|
||||||
+#include <openssl/ssl.h>
|
|
||||||
+#endif
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <string.h>
|
|
||||||
@@ -115,15 +119,194 @@ static bool fill_default(const char *mem, off_t size,
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
-static bool fill_unknown(const char *mem, off_t size,
|
|
||||||
- const struct module_signature *modsig, size_t sig_len,
|
|
||||||
- struct kmod_signature_info *sig_info)
|
|
||||||
+#ifdef ENABLE_OPENSSL
|
|
||||||
+
|
|
||||||
+struct pkcs7_private {
|
|
||||||
+ CMS_ContentInfo *cms;
|
|
||||||
+ unsigned char *key_id;
|
|
||||||
+ BIGNUM *sno;
|
|
||||||
+};
|
|
||||||
+
|
|
||||||
+static void pkcs7_free(void *s)
|
|
||||||
+{
|
|
||||||
+ struct kmod_signature_info *si = s;
|
|
||||||
+ struct pkcs7_private *pvt = si->private;
|
|
||||||
+
|
|
||||||
+ CMS_ContentInfo_free(pvt->cms);
|
|
||||||
+ BN_free(pvt->sno);
|
|
||||||
+ free(pvt->key_id);
|
|
||||||
+ free(pvt);
|
|
||||||
+ si->private = NULL;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static int obj_to_hash_algo(const ASN1_OBJECT *o)
|
|
||||||
+{
|
|
||||||
+ int nid;
|
|
||||||
+
|
|
||||||
+ nid = OBJ_obj2nid(o);
|
|
||||||
+ switch (nid) {
|
|
||||||
+ case NID_md4:
|
|
||||||
+ return PKEY_HASH_MD4;
|
|
||||||
+ case NID_md5:
|
|
||||||
+ return PKEY_HASH_MD5;
|
|
||||||
+ case NID_sha1:
|
|
||||||
+ return PKEY_HASH_SHA1;
|
|
||||||
+ case NID_ripemd160:
|
|
||||||
+ return PKEY_HASH_RIPE_MD_160;
|
|
||||||
+ case NID_sha256:
|
|
||||||
+ return PKEY_HASH_SHA256;
|
|
||||||
+ case NID_sha384:
|
|
||||||
+ return PKEY_HASH_SHA384;
|
|
||||||
+ case NID_sha512:
|
|
||||||
+ return PKEY_HASH_SHA512;
|
|
||||||
+ case NID_sha224:
|
|
||||||
+ return PKEY_HASH_SHA224;
|
|
||||||
+ default:
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+ return -1;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static const char *x509_name_to_str(X509_NAME *name)
|
|
||||||
+{
|
|
||||||
+ int i;
|
|
||||||
+ X509_NAME_ENTRY *e;
|
|
||||||
+ ASN1_STRING *d;
|
|
||||||
+ ASN1_OBJECT *o;
|
|
||||||
+ int nid = -1;
|
|
||||||
+ const char *str;
|
|
||||||
+
|
|
||||||
+ for (i = 0; i < X509_NAME_entry_count(name); i++) {
|
|
||||||
+ e = X509_NAME_get_entry(name, i);
|
|
||||||
+ o = X509_NAME_ENTRY_get_object(e);
|
|
||||||
+ nid = OBJ_obj2nid(o);
|
|
||||||
+ if (nid == NID_commonName)
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ if (nid == -1)
|
|
||||||
+ return NULL;
|
|
||||||
+
|
|
||||||
+ d = X509_NAME_ENTRY_get_data(e);
|
|
||||||
+ str = (const char *)ASN1_STRING_get0_data(d);
|
|
||||||
+
|
|
||||||
+ return str;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static bool fill_pkcs7(const char *mem, off_t size,
|
|
||||||
+ const struct module_signature *modsig, size_t sig_len,
|
|
||||||
+ struct kmod_signature_info *sig_info)
|
|
||||||
+{
|
|
||||||
+ const char *pkcs7_raw;
|
|
||||||
+ CMS_ContentInfo *cms;
|
|
||||||
+ STACK_OF(CMS_SignerInfo) *sis;
|
|
||||||
+ CMS_SignerInfo *si;
|
|
||||||
+ int rc;
|
|
||||||
+ ASN1_OCTET_STRING *key_id;
|
|
||||||
+ X509_NAME *issuer;
|
|
||||||
+ ASN1_INTEGER *sno;
|
|
||||||
+ ASN1_OCTET_STRING *sig;
|
|
||||||
+ BIGNUM *sno_bn;
|
|
||||||
+ X509_ALGOR *dig_alg;
|
|
||||||
+ X509_ALGOR *sig_alg;
|
|
||||||
+ const ASN1_OBJECT *o;
|
|
||||||
+ BIO *in;
|
|
||||||
+ int len;
|
|
||||||
+ unsigned char *key_id_str;
|
|
||||||
+ struct pkcs7_private *pvt;
|
|
||||||
+ const char *issuer_str;
|
|
||||||
+
|
|
||||||
+ size -= sig_len;
|
|
||||||
+ pkcs7_raw = mem + size;
|
|
||||||
+
|
|
||||||
+ in = BIO_new_mem_buf(pkcs7_raw, sig_len);
|
|
||||||
+
|
|
||||||
+ cms = d2i_CMS_bio(in, NULL);
|
|
||||||
+ if (cms == NULL) {
|
|
||||||
+ BIO_free(in);
|
|
||||||
+ return false;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ BIO_free(in);
|
|
||||||
+
|
|
||||||
+ sis = CMS_get0_SignerInfos(cms);
|
|
||||||
+ if (sis == NULL)
|
|
||||||
+ goto err;
|
|
||||||
+
|
|
||||||
+ si = sk_CMS_SignerInfo_value(sis, 0);
|
|
||||||
+ if (si == NULL)
|
|
||||||
+ goto err;
|
|
||||||
+
|
|
||||||
+ rc = CMS_SignerInfo_get0_signer_id(si, &key_id, &issuer, &sno);
|
|
||||||
+ if (rc == 0)
|
|
||||||
+ goto err;
|
|
||||||
+
|
|
||||||
+ sig = CMS_SignerInfo_get0_signature(si);
|
|
||||||
+ if (sig == NULL)
|
|
||||||
+ goto err;
|
|
||||||
+
|
|
||||||
+ CMS_SignerInfo_get0_algs(si, NULL, NULL, &dig_alg, &sig_alg);
|
|
||||||
+
|
|
||||||
+ sig_info->sig = (const char *)ASN1_STRING_get0_data(sig);
|
|
||||||
+ sig_info->sig_len = ASN1_STRING_length(sig);
|
|
||||||
+
|
|
||||||
+ sno_bn = ASN1_INTEGER_to_BN(sno, NULL);
|
|
||||||
+ if (sno_bn == NULL)
|
|
||||||
+ goto err;
|
|
||||||
+
|
|
||||||
+ len = BN_num_bytes(sno_bn);
|
|
||||||
+ key_id_str = malloc(len);
|
|
||||||
+ if (key_id_str == NULL)
|
|
||||||
+ goto err2;
|
|
||||||
+ BN_bn2bin(sno_bn, key_id_str);
|
|
||||||
+
|
|
||||||
+ sig_info->key_id = (const char *)key_id_str;
|
|
||||||
+ sig_info->key_id_len = len;
|
|
||||||
+
|
|
||||||
+ issuer_str = x509_name_to_str(issuer);
|
|
||||||
+ if (issuer_str != NULL) {
|
|
||||||
+ sig_info->signer = issuer_str;
|
|
||||||
+ sig_info->signer_len = strlen(issuer_str);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ X509_ALGOR_get0(&o, NULL, NULL, dig_alg);
|
|
||||||
+
|
|
||||||
+ sig_info->hash_algo = pkey_hash_algo[obj_to_hash_algo(o)];
|
|
||||||
+ sig_info->id_type = pkey_id_type[modsig->id_type];
|
|
||||||
+
|
|
||||||
+ pvt = malloc(sizeof(*pvt));
|
|
||||||
+ if (pvt == NULL)
|
|
||||||
+ goto err3;
|
|
||||||
+
|
|
||||||
+ pvt->cms = cms;
|
|
||||||
+ pvt->key_id = key_id_str;
|
|
||||||
+ pvt->sno = sno_bn;
|
|
||||||
+ sig_info->private = pvt;
|
|
||||||
+
|
|
||||||
+ sig_info->free = pkcs7_free;
|
|
||||||
+
|
|
||||||
+ return true;
|
|
||||||
+err3:
|
|
||||||
+ free(key_id_str);
|
|
||||||
+err2:
|
|
||||||
+ BN_free(sno_bn);
|
|
||||||
+err:
|
|
||||||
+ CMS_ContentInfo_free(cms);
|
|
||||||
+ return false;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+#else /* ENABLE OPENSSL */
|
|
||||||
+
|
|
||||||
+static bool fill_pkcs7(const char *mem, off_t size,
|
|
||||||
+ const struct module_signature *modsig, size_t sig_len,
|
|
||||||
+ struct kmod_signature_info *sig_info)
|
|
||||||
{
|
|
||||||
sig_info->hash_algo = "unknown";
|
|
||||||
sig_info->id_type = pkey_id_type[modsig->id_type];
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
+#endif /* ENABLE OPENSSL */
|
|
||||||
+
|
|
||||||
#define SIG_MAGIC "~Module signature appended~\n"
|
|
||||||
|
|
||||||
/*
|
|
||||||
@@ -167,8 +350,14 @@ bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signat
|
|
||||||
|
|
||||||
switch (modsig->id_type) {
|
|
||||||
case PKEY_ID_PKCS7:
|
|
||||||
- return fill_unknown(mem, size, modsig, sig_len, sig_info);
|
|
||||||
+ return fill_pkcs7(mem, size, modsig, sig_len, sig_info);
|
|
||||||
default:
|
|
||||||
return fill_default(mem, size, modsig, sig_len, sig_info);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+void kmod_module_signature_info_free(struct kmod_signature_info *sig_info)
|
|
||||||
+{
|
|
||||||
+ if (sig_info->free)
|
|
||||||
+ sig_info->free(sig_info);
|
|
||||||
+}
|
|
||||||
--
|
|
||||||
2.20.1
|
|
||||||
|
|
@ -1,83 +0,0 @@
|
|||||||
From 52a0ba82e1ad180f9f91920db70a758fac49466a Mon Sep 17 00:00:00 2001
|
|
||||||
From: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
|
|
||||||
Date: Thu, 31 Oct 2019 20:12:53 +0200
|
|
||||||
Subject: [PATCH] modprobe: ignore builtin module on recursive removing
|
|
||||||
|
|
||||||
If there are built-in dependencies and any of them is built-in in
|
|
||||||
the kernel, modprobe -r fails with
|
|
||||||
|
|
||||||
modprobe: FATAL: Module module_name is builtin.
|
|
||||||
|
|
||||||
It makes sense to ignore such dependencies for the case when
|
|
||||||
removing is called for non-top level module.
|
|
||||||
|
|
||||||
Example: cifs module, it declares bunch of softdeps and the first
|
|
||||||
one fails on some kernel configs:
|
|
||||||
|
|
||||||
modprobe: FATAL: Module gcm is builtin.
|
|
||||||
|
|
||||||
Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
|
|
||||||
---
|
|
||||||
tools/modprobe.c | 18 ++++++++++++------
|
|
||||||
1 file changed, 12 insertions(+), 6 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/tools/modprobe.c b/tools/modprobe.c
|
|
||||||
index a9e2331567af..44cd15c2bf57 100644
|
|
||||||
--- a/tools/modprobe.c
|
|
||||||
+++ b/tools/modprobe.c
|
|
||||||
@@ -353,7 +353,8 @@ static int rmmod_do_remove_module(struct kmod_module *mod)
|
|
||||||
return err;
|
|
||||||
}
|
|
||||||
|
|
||||||
-static int rmmod_do_module(struct kmod_module *mod, bool do_dependencies);
|
|
||||||
+static int rmmod_do_module(struct kmod_module *mod, bool do_dependencies,
|
|
||||||
+ bool ignore_builtin);
|
|
||||||
|
|
||||||
static int rmmod_do_deps_list(struct kmod_list *list, bool stop_on_errors)
|
|
||||||
{
|
|
||||||
@@ -361,7 +362,7 @@ static int rmmod_do_deps_list(struct kmod_list *list, bool stop_on_errors)
|
|
||||||
|
|
||||||
kmod_list_foreach_reverse(l, list) {
|
|
||||||
struct kmod_module *m = kmod_module_get_module(l);
|
|
||||||
- int r = rmmod_do_module(m, false);
|
|
||||||
+ int r = rmmod_do_module(m, false, true);
|
|
||||||
kmod_module_unref(m);
|
|
||||||
|
|
||||||
if (r < 0 && stop_on_errors)
|
|
||||||
@@ -371,7 +372,8 @@ static int rmmod_do_deps_list(struct kmod_list *list, bool stop_on_errors)
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
-static int rmmod_do_module(struct kmod_module *mod, bool do_dependencies)
|
|
||||||
+static int rmmod_do_module(struct kmod_module *mod, bool do_dependencies,
|
|
||||||
+ bool ignore_builtin)
|
|
||||||
{
|
|
||||||
const char *modname = kmod_module_get_name(mod);
|
|
||||||
struct kmod_list *pre = NULL, *post = NULL;
|
|
||||||
@@ -401,8 +403,12 @@ static int rmmod_do_module(struct kmod_module *mod, bool do_dependencies)
|
|
||||||
}
|
|
||||||
goto error;
|
|
||||||
} else if (state == KMOD_MODULE_BUILTIN) {
|
|
||||||
- LOG("Module %s is builtin.\n", modname);
|
|
||||||
- err = -ENOENT;
|
|
||||||
+ if (ignore_builtin) {
|
|
||||||
+ err = 0;
|
|
||||||
+ } else {
|
|
||||||
+ LOG("Module %s is builtin.\n", modname);
|
|
||||||
+ err = -ENOENT;
|
|
||||||
+ }
|
|
||||||
goto error;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@@ -462,7 +468,7 @@ static int rmmod(struct kmod_ctx *ctx, const char *alias)
|
|
||||||
|
|
||||||
kmod_list_foreach(l, list) {
|
|
||||||
struct kmod_module *mod = kmod_module_get_module(l);
|
|
||||||
- err = rmmod_do_module(mod, true);
|
|
||||||
+ err = rmmod_do_module(mod, true, false);
|
|
||||||
kmod_module_unref(mod);
|
|
||||||
if (err < 0)
|
|
||||||
break;
|
|
||||||
--
|
|
||||||
2.24.0
|
|
||||||
|
|
@ -1,116 +0,0 @@
|
|||||||
From a11057201ed326a9e65e757202da960735e45799 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
|
|
||||||
Date: Fri, 16 Nov 2018 10:56:34 +0200
|
|
||||||
Subject: [PATCH] signature: do not report wrong data for pkc#7 signature
|
|
||||||
|
|
||||||
when PKC#7 signing method is used the old structure doesn't contain
|
|
||||||
any useful data, but the data are encoded in the certificate.
|
|
||||||
|
|
||||||
The info getting/showing code is not aware of that at the moment and
|
|
||||||
since 0 is a valid constant, shows, for example, wrong "md4" for the
|
|
||||||
hash algo.
|
|
||||||
|
|
||||||
The patch splits the 2 mothods of gethering the info and reports
|
|
||||||
"unknown" for the algo.
|
|
||||||
|
|
||||||
Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
|
|
||||||
---
|
|
||||||
libkmod/libkmod-module.c | 2 +-
|
|
||||||
libkmod/libkmod-signature.c | 56 +++++++++++++++++++++++++------------
|
|
||||||
2 files changed, 39 insertions(+), 19 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/libkmod/libkmod-module.c b/libkmod/libkmod-module.c
|
|
||||||
index ee420f4ec2bf..889f26479a98 100644
|
|
||||||
--- a/libkmod/libkmod-module.c
|
|
||||||
+++ b/libkmod/libkmod-module.c
|
|
||||||
@@ -2273,7 +2273,7 @@ KMOD_EXPORT int kmod_module_get_info(const struct kmod_module *mod, struct kmod_
|
|
||||||
struct kmod_elf *elf;
|
|
||||||
char **strings;
|
|
||||||
int i, count, ret = -ENOMEM;
|
|
||||||
- struct kmod_signature_info sig_info;
|
|
||||||
+ struct kmod_signature_info sig_info = {};
|
|
||||||
|
|
||||||
if (mod == NULL || list == NULL)
|
|
||||||
return -ENOENT;
|
|
||||||
diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
|
|
||||||
index 1f3e26dea203..429ffbd8a957 100644
|
|
||||||
--- a/libkmod/libkmod-signature.c
|
|
||||||
+++ b/libkmod/libkmod-signature.c
|
|
||||||
@@ -92,6 +92,38 @@ struct module_signature {
|
|
||||||
uint32_t sig_len; /* Length of signature data (big endian) */
|
|
||||||
};
|
|
||||||
|
|
||||||
+static bool fill_default(const char *mem, off_t size,
|
|
||||||
+ const struct module_signature *modsig, size_t sig_len,
|
|
||||||
+ struct kmod_signature_info *sig_info)
|
|
||||||
+{
|
|
||||||
+ size -= sig_len;
|
|
||||||
+ sig_info->sig = mem + size;
|
|
||||||
+ sig_info->sig_len = sig_len;
|
|
||||||
+
|
|
||||||
+ size -= modsig->key_id_len;
|
|
||||||
+ sig_info->key_id = mem + size;
|
|
||||||
+ sig_info->key_id_len = modsig->key_id_len;
|
|
||||||
+
|
|
||||||
+ size -= modsig->signer_len;
|
|
||||||
+ sig_info->signer = mem + size;
|
|
||||||
+ sig_info->signer_len = modsig->signer_len;
|
|
||||||
+
|
|
||||||
+ sig_info->algo = pkey_algo[modsig->algo];
|
|
||||||
+ sig_info->hash_algo = pkey_hash_algo[modsig->hash];
|
|
||||||
+ sig_info->id_type = pkey_id_type[modsig->id_type];
|
|
||||||
+
|
|
||||||
+ return true;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static bool fill_unknown(const char *mem, off_t size,
|
|
||||||
+ const struct module_signature *modsig, size_t sig_len,
|
|
||||||
+ struct kmod_signature_info *sig_info)
|
|
||||||
+{
|
|
||||||
+ sig_info->hash_algo = "unknown";
|
|
||||||
+ sig_info->id_type = pkey_id_type[modsig->id_type];
|
|
||||||
+ return true;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
#define SIG_MAGIC "~Module signature appended~\n"
|
|
||||||
|
|
||||||
/*
|
|
||||||
@@ -112,7 +144,6 @@ bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signat
|
|
||||||
const struct module_signature *modsig;
|
|
||||||
size_t sig_len;
|
|
||||||
|
|
||||||
-
|
|
||||||
size = kmod_file_get_size(file);
|
|
||||||
mem = kmod_file_get_contents(file);
|
|
||||||
if (size < (off_t)strlen(SIG_MAGIC))
|
|
||||||
@@ -134,21 +165,10 @@ bool kmod_module_signature_info(const struct kmod_file *file, struct kmod_signat
|
|
||||||
size < (int64_t)(modsig->signer_len + modsig->key_id_len + sig_len))
|
|
||||||
return false;
|
|
||||||
|
|
||||||
- size -= sig_len;
|
|
||||||
- sig_info->sig = mem + size;
|
|
||||||
- sig_info->sig_len = sig_len;
|
|
||||||
-
|
|
||||||
- size -= modsig->key_id_len;
|
|
||||||
- sig_info->key_id = mem + size;
|
|
||||||
- sig_info->key_id_len = modsig->key_id_len;
|
|
||||||
-
|
|
||||||
- size -= modsig->signer_len;
|
|
||||||
- sig_info->signer = mem + size;
|
|
||||||
- sig_info->signer_len = modsig->signer_len;
|
|
||||||
-
|
|
||||||
- sig_info->algo = pkey_algo[modsig->algo];
|
|
||||||
- sig_info->hash_algo = pkey_hash_algo[modsig->hash];
|
|
||||||
- sig_info->id_type = pkey_id_type[modsig->id_type];
|
|
||||||
-
|
|
||||||
- return true;
|
|
||||||
+ switch (modsig->id_type) {
|
|
||||||
+ case PKEY_ID_PKCS7:
|
|
||||||
+ return fill_unknown(mem, size, modsig, sig_len, sig_info);
|
|
||||||
+ default:
|
|
||||||
+ return fill_default(mem, size, modsig, sig_len, sig_info);
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.20.1
|
|
||||||
|
|
@ -0,0 +1,58 @@
|
|||||||
|
From 06fadcc6b17c3b9a534540dd6d74b0c5fb1d948d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Yauheni Kaliuta <ykaliuta@redhat.com>
|
||||||
|
Date: Thu, 2 Feb 2023 15:47:36 +0200
|
||||||
|
Subject: [PATCH] man/rmmod: explain why modprobe -r is more useful
|
||||||
|
|
||||||
|
Improve user experience by explaining the option so the user may
|
||||||
|
not search explanations in other manpages (modprobe).
|
||||||
|
|
||||||
|
Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com>
|
||||||
|
Reviewed-by: Luis Chamberlain <mcgrof@kernel.org>
|
||||||
|
Signed-off-by: Lucas De Marchi <lucas.de.marchi@gmail.com>
|
||||||
|
---
|
||||||
|
man/rmmod.xml | 3 ++-
|
||||||
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/man/rmmod.xml b/man/rmmod.xml
|
||||||
|
index e7c7e5f9e7dc..67bcbedd972b 100644
|
||||||
|
--- a/man/rmmod.xml
|
||||||
|
+++ b/man/rmmod.xml
|
||||||
|
@@ -52,7 +52,8 @@
|
||||||
|
want to use
|
||||||
|
<citerefentry>
|
||||||
|
<refentrytitle>modprobe</refentrytitle><manvolnum>8</manvolnum>
|
||||||
|
- </citerefentry> with the <option>-r</option> option instead.
|
||||||
|
+ </citerefentry> with the <option>-r</option> option instead
|
||||||
|
+ since it removes unused dependent modules as well.
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
|
||||||
|
--- a/man/rmmod.8 2020-12-28 02:58:30.085851136 +0200
|
||||||
|
+++ b/man/rmmod.8 2023-02-09 16:55:55.967128297 +0200
|
||||||
|
@@ -2,12 +2,12 @@
|
||||||
|
.\" Title: rmmod
|
||||||
|
.\" Author: Jon Masters <jcm@jonmasters.org>
|
||||||
|
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
|
||||||
|
-.\" Date: 12/27/2020
|
||||||
|
+.\" Date: 02/09/2023
|
||||||
|
.\" Manual: rmmod
|
||||||
|
.\" Source: kmod
|
||||||
|
.\" Language: English
|
||||||
|
.\"
|
||||||
|
-.TH "RMMOD" "8" "12/27/2020" "kmod" "rmmod"
|
||||||
|
+.TH "RMMOD" "8" "02/09/2023" "kmod" "rmmod"
|
||||||
|
.\" -----------------------------------------------------------------
|
||||||
|
.\" * Define some portability stuff
|
||||||
|
.\" -----------------------------------------------------------------
|
||||||
|
@@ -39,7 +39,7 @@
|
||||||
|
\fBmodprobe\fR(8)
|
||||||
|
with the
|
||||||
|
\fB\-r\fR
|
||||||
|
-option instead\&.
|
||||||
|
+option instead since it removes unused dependent modules as well\&.
|
||||||
|
.SH "OPTIONS"
|
||||||
|
.PP
|
||||||
|
\fB\-v\fR, \fB\-\-verbose\fR
|
||||||
|
--
|
||||||
|
2.39.1
|
||||||
|
|
@ -620,7 +620,6 @@ update_modules_for_krel() {
|
|||||||
|
|
||||||
if ! validate_weak_links $krel && [[ -z "$force_update" ]]; then
|
if ! validate_weak_links $krel && [[ -z "$force_update" ]]; then
|
||||||
global_link_state_restore $krel
|
global_link_state_restore $krel
|
||||||
compatible_modules=()
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# add compatible to installed
|
# add compatible to installed
|
||||||
@ -1153,7 +1152,7 @@ while :; do
|
|||||||
shift
|
shift
|
||||||
done
|
done
|
||||||
|
|
||||||
if [ ! -x "$dracut" ] && [ -z "$no_initramfs" ]
|
if [ ! -x "$dracut" ]
|
||||||
then
|
then
|
||||||
echo "weak-modules: could not find dracut at $dracut"
|
echo "weak-modules: could not find dracut at $dracut"
|
||||||
exit 1
|
exit 1
|
||||||
|
176
SPECS/kmod.spec
176
SPECS/kmod.spec
@ -1,30 +1,33 @@
|
|||||||
Name: kmod
|
Name: kmod
|
||||||
Version: 25
|
Version: 28
|
||||||
Release: 20%{?dist}
|
Release: 10%{?dist}
|
||||||
Summary: Linux kernel module management utilities
|
Summary: Linux kernel module management utilities
|
||||||
|
|
||||||
Group: System Environment/Kernel
|
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
URL: http://git.kernel.org/?p=utils/kernel/kmod/kmod.git;a=summary
|
URL: https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git
|
||||||
Source0: https://www.kernel.org/pub/linux/utils/kernel/kmod/%{name}-%{version}.tar.xz
|
Source0: https://www.kernel.org/pub/linux/utils/kernel/kmod/%{name}-%{version}.tar.xz
|
||||||
Source1: weak-modules
|
Source1: weak-modules
|
||||||
Source2: depmod.conf.dist
|
Source2: depmod.conf.dist
|
||||||
Exclusiveos: Linux
|
Exclusiveos: Linux
|
||||||
|
|
||||||
Patch01: kmod-signature-do-not-report-wrong-data-for-pkc-7-signatu.patch
|
Patch01: man-rmmod-explain-why-modprobe-r-is-more-useful.patch
|
||||||
Patch02: kmod-libkmod-signature-implement-pkcs7-parsing-with-opens.patch
|
# v29~5 "libkmod: fix an overflow with wrong modules.builtin.modinfo"
|
||||||
Patch03: kmod-modprobe-ignore-builtin-module-on-recursive-removing.patch
|
Patch02: 0001-libkmod-fix-an-overflow-with-wrong-modules.builtin.m.patch
|
||||||
Patch04: 0001-depmod-prevent-module-dependency-files-missing-durin.patch
|
# v31~29 "libkmod: do not crash on unknown signature algorithm"
|
||||||
Patch05: 0002-depmod-prevent-module-dependency-files-corruption-du.patch
|
Patch03: 0001-libkmod-do-not-crash-on-unknown-signature-algorithm.patch
|
||||||
|
# v31~18 "libkmod: error out on unknown hash algorithm"
|
||||||
|
Patch04: 0001-libkmod-error-out-on-unknown-hash-algorithm.patch
|
||||||
|
# v33~1 "libkmod: avoid undefined behaviour in libkmod-builtin.c:get_string"
|
||||||
|
Patch05: 0001-libkmod-avoid-undefined-behaviour-in-libkmod-builtin.patch
|
||||||
|
|
||||||
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
BuildRequires: gcc
|
||||||
BuildRequires: chrpath
|
BuildRequires: chrpath
|
||||||
BuildRequires: zlib-devel
|
BuildRequires: zlib-devel
|
||||||
BuildRequires: xz-devel
|
BuildRequires: xz-devel
|
||||||
BuildRequires: libxslt
|
BuildRequires: libxslt
|
||||||
BuildRequires: openssl-devel
|
BuildRequires: openssl-devel
|
||||||
# Remove it as soon as no need for Patch02 anymore (Makefile.am updated)
|
BuildRequires: make
|
||||||
BuildRequires: automake autoconf libtool
|
BuildRequires: libzstd-devel
|
||||||
|
|
||||||
Provides: module-init-tools = 4.0-1
|
Provides: module-init-tools = 4.0-1
|
||||||
Obsoletes: module-init-tools < 4.0-1
|
Obsoletes: module-init-tools < 4.0-1
|
||||||
@ -39,7 +42,6 @@ examples of loaded and unloaded modules.
|
|||||||
%package libs
|
%package libs
|
||||||
Summary: Libraries to handle kernel module loading and unloading
|
Summary: Libraries to handle kernel module loading and unloading
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
Group: System Environment/Libraries
|
|
||||||
|
|
||||||
%description libs
|
%description libs
|
||||||
The kmod-libs package provides runtime libraries for any application that
|
The kmod-libs package provides runtime libraries for any application that
|
||||||
@ -47,7 +49,6 @@ wishes to load or unload Linux kernel modules from the running system.
|
|||||||
|
|
||||||
%package devel
|
%package devel
|
||||||
Summary: Header files for kmod development
|
Summary: Header files for kmod development
|
||||||
Group: Development/Libraries
|
|
||||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
|
|
||||||
%description devel
|
%description devel
|
||||||
@ -55,30 +56,26 @@ The kmod-devel package provides header files used for development of
|
|||||||
applications that wish to load or unload Linux kernel modules.
|
applications that wish to load or unload Linux kernel modules.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%autosetup -p1
|
||||||
%patch01 -p1
|
|
||||||
%patch02 -p1
|
|
||||||
%patch03 -p1
|
|
||||||
%patch04 -p1
|
|
||||||
%patch05 -p1
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
export V=1
|
|
||||||
aclocal
|
|
||||||
autoreconf --install --symlink
|
|
||||||
%configure \
|
%configure \
|
||||||
|
--with-openssl \
|
||||||
--with-zlib \
|
--with-zlib \
|
||||||
--with-xz \
|
--with-xz \
|
||||||
--with-openssl
|
--with-zstd
|
||||||
make %{?_smp_mflags}
|
|
||||||
|
%{make_build} V=1
|
||||||
|
|
||||||
%install
|
%install
|
||||||
make install DESTDIR=$RPM_BUILD_ROOT
|
%{make_install}
|
||||||
pushd $RPM_BUILD_ROOT/%{_mandir}/man5
|
|
||||||
|
pushd $RPM_BUILD_ROOT%{_mandir}/man5
|
||||||
ln -s modprobe.d.5.gz modprobe.conf.5.gz
|
ln -s modprobe.d.5.gz modprobe.conf.5.gz
|
||||||
popd
|
popd
|
||||||
|
|
||||||
rm -rf $RPM_BUILD_ROOT%{_libdir}/*.la
|
find %{buildroot} -type f -name "*.la" -delete
|
||||||
|
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_sbindir}
|
mkdir -p $RPM_BUILD_ROOT%{_sbindir}
|
||||||
ln -sf ../bin/kmod $RPM_BUILD_ROOT%{_sbindir}/modprobe
|
ln -sf ../bin/kmod $RPM_BUILD_ROOT%{_sbindir}/modprobe
|
||||||
ln -sf ../bin/kmod $RPM_BUILD_ROOT%{_sbindir}/modinfo
|
ln -sf ../bin/kmod $RPM_BUILD_ROOT%{_sbindir}/modinfo
|
||||||
@ -91,16 +88,10 @@ mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/modprobe.d
|
|||||||
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d
|
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_prefix}/lib/modprobe.d
|
mkdir -p $RPM_BUILD_ROOT%{_prefix}/lib/modprobe.d
|
||||||
|
|
||||||
mkdir -p $RPM_BUILD_ROOT/sbin
|
install -pm 755 %{SOURCE1} $RPM_BUILD_ROOT%{_sbindir}/weak-modules
|
||||||
install -m 755 %{SOURCE1} $RPM_BUILD_ROOT%{_sbindir}/weak-modules
|
|
||||||
install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf
|
install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf
|
||||||
|
|
||||||
%post libs -p /sbin/ldconfig
|
|
||||||
|
|
||||||
%postun libs -p /sbin/ldconfig
|
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%defattr(-,root,root,-)
|
|
||||||
%dir %{_sysconfdir}/depmod.d
|
%dir %{_sysconfdir}/depmod.d
|
||||||
%dir %{_sysconfdir}/modprobe.d
|
%dir %{_sysconfdir}/modprobe.d
|
||||||
%dir %{_prefix}/lib/modprobe.d
|
%dir %{_prefix}/lib/modprobe.d
|
||||||
@ -119,7 +110,6 @@ install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf
|
|||||||
%doc NEWS README TODO
|
%doc NEWS README TODO
|
||||||
|
|
||||||
%files libs
|
%files libs
|
||||||
%{!?_licensedir:%global license %%doc}
|
|
||||||
%license COPYING
|
%license COPYING
|
||||||
%{_libdir}/libkmod.so.*
|
%{_libdir}/libkmod.so.*
|
||||||
|
|
||||||
@ -129,83 +119,77 @@ install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf
|
|||||||
%{_libdir}/libkmod.so
|
%{_libdir}/libkmod.so
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Wed Oct 11 2023 Eugene Syromiatnikov <esyr@redhat.com> - 25-20
|
* Thu Aug 15 2024 Eugene Syromiatnikov <esyr@redhat.com> - 28-10
|
||||||
|
- Fix issues discovered by static analysis
|
||||||
|
- Resolves: RHEL-34073
|
||||||
|
|
||||||
|
* Thu May 11 2023 Eugene Syromiatnikov <esyr@redhat.com> - 28-9
|
||||||
- Add symvers.xz support to weak-modules
|
- Add symvers.xz support to weak-modules
|
||||||
- Resolves: RHEL-8903
|
- Resolves: rhbz#2192895
|
||||||
|
|
||||||
* Mon Nov 29 2021 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-19
|
* Thu Feb 9 2023 Yauheni Kaliuta <ykaliuta@redhat.com> - 28-8
|
||||||
- depmod: fix parallel execution issues
|
- man/rmmod: explain why modprobe -r is more useful
|
||||||
Resolves: rhbz#2026938
|
Resolves: rhbz#2164253
|
||||||
|
|
||||||
* Fri Apr 16 2021 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-18
|
* Thu Oct 21 2021 Yauheni Kaliuta <ykaliuta@redhat.com> - 28-7
|
||||||
- weak-modules: do not require dracut wneh using --no-initramfs
|
- Add RHEL gating configuration. Related: rhbz#1985100
|
||||||
Resolves: rhbz#1935416
|
|
||||||
|
|
||||||
* Fri Dec 18 2020 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-17
|
* Tue Aug 10 2021 Yauheni Kaliuta <ykaliuta@redhat.com> - 28-6
|
||||||
- weak-modules: reset compatible_modules if configuration is not valid
|
- add default config.
|
||||||
Resolves: rhbz#1907855
|
Resolves: rhbz#1985100
|
||||||
|
|
||||||
* Mon Dec 9 2019 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-16
|
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 28-5
|
||||||
- weak-modules: update_modules_for_krel: always finish sandbox
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||||
- weak-modules: groupping: use dependencies of extra/ provider
|
Related: rhbz#1991688
|
||||||
Resolves: rhbz#1778889
|
|
||||||
|
|
||||||
* Mon Dec 9 2019 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-15
|
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 28-4
|
||||||
- weak-modules: reverse checking order for add-kernel
|
- Rebuilt for RHEL 9 BETA for openssl 3.0
|
||||||
Resolves: rhbz#1755196
|
Related: rhbz#1971065
|
||||||
|
|
||||||
* Mon Dec 2 2019 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-14
|
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 28-3
|
||||||
- modprobe: do not fail on built-in modules
|
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||||
Resolves: rhbz#1767513
|
|
||||||
|
|
||||||
* Tue Apr 16 2019 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-13
|
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 28-2
|
||||||
- weak-modules: handle independent modules in one run
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||||
Resolves: rhbz#1695763
|
|
||||||
|
|
||||||
* Tue Apr 2 2019 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-12
|
* Thu Jan 07 2021 Josh Boyer <jwboyer@fedoraproject.org> - 28-1
|
||||||
- weak-modules: use asterisk for kernel version in sandbox
|
- New upstream v28
|
||||||
Resolves: rhbz#1689052
|
- Enable zstd support
|
||||||
|
- Resolves: rhbz#1913949
|
||||||
|
|
||||||
* Tue Feb 5 2019 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-11
|
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 27-3
|
||||||
- add PKCS7/openssl support.
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
Resolves: rhbz#1668459.
|
|
||||||
|
|
||||||
* Tue Dec 11 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-10
|
* Wed Mar 25 2020 Yauheni Kaliuta <ykaliuta@fedoraproject.org> - 27-2
|
||||||
- weak-modules: group modules on add-kernel
|
- add 0001-depmod-do-not-output-.bin-to-stdout.patch
|
||||||
- weak-modules: do not make groups if there are no extra modules
|
Resolves: rhbz#1808430
|
||||||
Resolves: rhbz#1649211
|
|
||||||
|
|
||||||
* Tue Oct 2 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-9
|
* Thu Feb 20 2020 Peter Robinson <pbrobinson@fedoraproject.org> - 27-1
|
||||||
- Rebuild with updated flags.
|
- New upstream v27
|
||||||
Resolves: rhbz#1630574.
|
|
||||||
|
|
||||||
* Tue Sep 4 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-8
|
* Mon Jan 20 2020 Yauheni Kaliuta <ykaliuta@fedoraproject.org> - 26-5
|
||||||
- weak-modules: fix initial state creation for dry-run
|
- weak-modules: sync with RHEL
|
||||||
- weak-modules: check compatibility in a temporary directory
|
|
||||||
Resolves: rhbz#1622990.
|
|
||||||
|
|
||||||
* Tue Aug 28 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-7
|
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 26-4
|
||||||
- weak-modules: use is_kernel_installed wrapper in update_modules_for_krel.
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||||
- weak-modules: more abstract symvers search implementation.
|
|
||||||
- weak-modules: use additional paths for System.map file.
|
|
||||||
Resolves: rhbz#1621306.
|
|
||||||
|
|
||||||
* Thu Aug 09 2018 Eugene Syromiatnikov <esyr@redhat.com> - 25-6
|
* Mon Feb 25 2019 Yauheni Kaliuta <yauheni.kaliuta@redhat.com> - 26-3
|
||||||
- weak-modules: check also for /lib/modules/$krel/symvers.gz as a possible
|
- weak-modules: sync with RHEL
|
||||||
symvers file path.
|
|
||||||
Resolves: rhbz#1614119.
|
|
||||||
|
|
||||||
* Mon Jul 30 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-5
|
* Sun Feb 24 2019 Yauheni Kaliuta <ykaliuta@fedoraproject.org> - 26-2
|
||||||
- weak-modules: handle versions with + and other special regex symbols
|
- add PKCS7/openssl support (rhbz 1320921)
|
||||||
- weak-modules: fix misleading message when cannot find dracut.
|
|
||||||
Resolves: rhbz#1609372.
|
|
||||||
|
|
||||||
* Fri Jul 27 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-4
|
* Sun Feb 24 2019 Yauheni Kaliuta <ykaliuta@fedoraproject.org> - 26-1
|
||||||
- fix dracut path, /usr/bin/dracut
|
- Update to version 26 (rhbz 1673749)
|
||||||
|
|
||||||
* Wed Jul 25 2018 Yauheni Kaliuta <ykaliuta@redhat.com> - 25-3
|
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 25-5
|
||||||
- Add depmod.d/dist.conf.
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||||
- Update weak-modules to RHEL version.
|
|
||||||
|
* Mon Oct 29 2018 James Antill <james.antill@redhat.com> - 25-4
|
||||||
|
- Remove ldconfig scriptlet, now done via. transfiletrigger in glibc (rhbz 1644063)
|
||||||
|
|
||||||
|
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 25-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||||
|
|
||||||
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 25-2
|
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 25-2
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||||
|
Loading…
Reference in New Issue
Block a user