rpms
/
kmod
21
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: rpms:c9
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i9c
rpms:c9
rpms:i10cs
rpms:cs10
rpms:i9c-beta
rpms:i8c-beta
rpms:c8-beta
rpms:c9-beta
rpms:i8c
rpms:c8
...
pull from: rpms:c10-beta
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i9c
rpms:c9
rpms:i10cs
rpms:cs10
rpms:i9c-beta
rpms:i8c-beta
rpms:c8-beta
rpms:c9-beta
rpms:i8c
rpms:c8

No commits in common. 'c9' and 'c10-beta' have entirely different histories.
c9 ... c10-beta

9 changed files with 734 additions and 217 deletions
Show Stats

2
.gitignore vendored
Unescape View File

@ -1 +1 @@
SOURCES/kmod-28.tar.xz
SOURCES/kmod-31.tar.xz

2
.kmod.metadata
Unescape View File

@ -1 +1 @@
0acec2b6aea3e6eb71f0b549b0ff0abcac5da004 SOURCES/kmod-28.tar.xz
1d8fce8a88f8350ad86b1fc2ba330558e6634d12 SOURCES/kmod-31.tar.xz

38
SOURCES/0001-libkmod-do-not-crash-on-unknown-signature-algorithm.patch
Unescape View File

@ -1,38 +0,0 @@
From d5950b0b5e66a5ec1c21b638dec3974056aaabeb Mon Sep 17 00:00:00 2001
From: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
Date: Sun, 25 Sep 2022 17:46:08 +0300
Subject: [PATCH] libkmod: do not crash on unknown signature algorithm
Example kernel module:
https://file-store.rosalinux.ru/download/7281f97e0c04c0f818ad3f936706f4a407e8dc7e
(/lib/modules/5.15.67-generic-1rosa2021.1-x86_64/kernel/drivers/usb/host/xhci-pci.ko.zst)
It is signed with Streebog 512.
libkmod v30 crashed in libkmod-module.c:2413 in this code:
n = kmod_module_info_append(list,
"sig_hashalgo", strlen("sig_hashalgo"),
sig_info.hash_algo, strlen(sig_info.hash_algo));
because strlen() got null.
---
libkmod/libkmod-signature.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
index 4ae5af6..092f396 100644
--- a/libkmod/libkmod-signature.c
+++ b/libkmod/libkmod-signature.c
@@ -278,6 +278,9 @@ static bool fill_pkcs7(const char *mem, off_t size,
X509_ALGOR_get0(&o, NULL, NULL, dig_alg);
sig_info->hash_algo = pkey_hash_algo[obj_to_hash_algo(o)];
+ // hash algo has not been recognized
+ if (sig_info->hash_algo == NULL)
+ goto err3;
sig_info->id_type = pkey_id_type[modsig->id_type];
pvt = malloc(sizeof(*pvt));
--
2.13.6

44
SOURCES/0001-libkmod-error-out-on-unknown-hash-algorithm.patch
Unescape View File

@ -1,44 +0,0 @@
From b9605c63b859adfffc0b4b9420d720aa323b90e9 Mon Sep 17 00:00:00 2001
From: Emil Velikov <emil.velikov@collabora.com>
Date: Mon, 6 Feb 2023 14:32:59 +0000
Subject: [PATCH] libkmod: error out on unknown hash algorithm
Currently if we see unknown algorithm, we'll do an OOB read in
pkey_hash_algo. This can happen for example if OPENSSL_NO_SM3 is set and
the kernel module uses a SM3 hash.
Cc: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
Cc: Lucas De Marchi <lucas.demarchi@intel.com>
Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
Signed-off-by: Lucas De Marchi <lucas.de.marchi@gmail.com>
---
libkmod/libkmod-signature.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
index 092f396..b749a81 100644
--- a/libkmod/libkmod-signature.c
+++ b/libkmod/libkmod-signature.c
@@ -219,6 +219,7 @@ static bool fill_pkcs7(const char *mem, off_t size,
unsigned char *key_id_str;
struct pkcs7_private *pvt;
const char *issuer_str;
+ int hash_algo;
size -= sig_len;
pkcs7_raw = mem + size;
@@ -277,7 +278,10 @@ static bool fill_pkcs7(const char *mem, off_t size,
X509_ALGOR_get0(&o, NULL, NULL, dig_alg);
- sig_info->hash_algo = pkey_hash_algo[obj_to_hash_algo(o)];
+ hash_algo = obj_to_hash_algo(o);
+ if (hash_algo < 0)
+ goto err3;
+ sig_info->hash_algo = pkey_hash_algo[hash_algo];
// hash algo has not been recognized
if (sig_info->hash_algo == NULL)
goto err3;
--
2.13.6

29
SOURCES/0001-libkmod-fix-an-overflow-with-wrong-modules.builtin.m.patch
Unescape View File

@ -1,29 +0,0 @@
From 1cab02ecf6ee2a0aa34f3615dfd99c59f7e04e90 Mon Sep 17 00:00:00 2001
From: Seung-Woo Kim <sw0312.kim@samsung.com>
Date: Tue, 13 Apr 2021 20:23:14 +0900
Subject: [PATCH] libkmod: fix an overflow with wrong modules.builtin.modinfo
Fix a possbile overflow with exact PATH_MAX length modname
in wrong modules.builtin.modinfo.
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
---
libkmod/libkmod-builtin.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libkmod/libkmod-builtin.c b/libkmod/libkmod-builtin.c
index fc9a376..a75a542 100644
--- a/libkmod/libkmod-builtin.c
+++ b/libkmod/libkmod-builtin.c
@@ -246,7 +246,7 @@ bool kmod_builtin_iter_get_modname(struct kmod_builtin_iter *iter,
len = dot - line;
- if (len > PATH_MAX) {
+ if (len >= PATH_MAX) {
sv_errno = ENAMETOOLONG;
goto fail;
}
--
2.13.6

561
SOURCES/kmod-tip.patch
Unescape View File

@ -0,0 +1,561 @@
From 1bb23d7f19d888fbdd96ae0fe929b7086713ef33 Mon Sep 17 00:00:00 2001
From: Michal Suchanek <msuchanek@suse.de>
Date: Tue, 18 Jul 2023 14:01:52 +0200
Subject: [PATCH 1/6] configure: Detect openssl sm3 support
Older openssl versions do not support sm3. The code has an option to
disable the sm3 hash but the lack of openssl support is not detected
automatically.
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
Link: https://lore.kernel.org/r/b97e20faa07e9e31c6eaf96683011aa24e80760c.1689681454.git.msuchanek@suse.de
Signed-off-by: Lucas De Marchi <lucas.de.marchi@gmail.com>
---
configure.ac | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/configure.ac b/configure.ac
index 82a8532..e5bceea 100644
--- a/configure.ac
+++ b/configure.ac
@@ -123,6 +123,13 @@ AC_ARG_WITH([openssl],
AS_IF([test "x$with_openssl" != "xno"], [
PKG_CHECK_MODULES([libcrypto], [libcrypto >= 1.1.0], [LIBS="$LIBS $libcrypto_LIBS"])
AC_DEFINE([ENABLE_OPENSSL], [1], [Enable openssl for modinfo.])
+ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <openssl/ssl.h>
+ int nid = NID_sm3;]])], [
+ AC_MSG_NOTICE([openssl supports sm3])
+ ], [
+ AC_MSG_NOTICE([openssl sm3 support not detected])
+ CPPFLAGS="$CPPFLAGS -DOPENSSL_NO_SM3"
+ ])
], [
AC_MSG_NOTICE([openssl support not requested])
])
--
2.41.0
From 4e7effbdc00307d0d1e83115e0d00cc75aae5cc6 Mon Sep 17 00:00:00 2001
From: Michal Suchanek <msuchanek@suse.de>
Date: Tue, 18 Jul 2023 14:01:53 +0200
Subject: [PATCH 2/6] man/depmod.d: Fix incorrect /usr/lib search path
depmod searches /lib/depmod.d but the man page says /usr/lib/depmod.d is
searched. Align the documentation with the code.
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
Link: https://lore.kernel.org/r/9c5a6356b1a111eb6e17ddb110494b7f1d1b44c0.1689681454.git.msuchanek@suse.de
Signed-off-by: Lucas De Marchi <lucas.de.marchi@gmail.com>
---
man/depmod.d.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/man/depmod.d.xml b/man/depmod.d.xml
index 76548e9..8d3d821 100644
--- a/man/depmod.d.xml
+++ b/man/depmod.d.xml
@@ -39,7 +39,7 @@
</refnamediv>
<refsynopsisdiv>
- <para><filename>/usr/lib/depmod.d/*.conf</filename></para>
+ <para><filename>/lib/depmod.d/*.conf</filename></para>
<para><filename>/usr/local/lib/depmod.d/*.conf</filename></para>
<para><filename>/run/depmod.d/*.conf</filename></para>
<para><filename>/etc/depmod.d/*.conf</filename></para>
--
2.41.0
From 8463809f8a29b254b2cab2ce755641bc690f07c9 Mon Sep 17 00:00:00 2001
From: Michal Suchanek <msuchanek@suse.de>
Date: Tue, 18 Jul 2023 14:01:54 +0200
Subject: [PATCH 3/6] libkmod, depmod: Load modprobe.d, depmod.d from
${prefix}/lib.
There is an ongoing effort to limit use of files outside of /usr (or
${prefix} on general). Currently all modprobe.d paths are hardcoded to
outside of $prefix. Teach kmod to load modprobe.d from ${prefix}/lib.
On some distributions /usr/lib and /lib are the same directory because
of a compatibility symlink, and it is possible to craft configuration
files with sideeffects that would behave differently when loaded twice.
However, the override semantic ensures that one 'overrides' the other,
and only one configuration file of the same name is loaded from any of
the search directories.
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
Link: https://lore.kernel.org/r/a290343ce32e2a3c25b134e4f27c13b26e06c9e0.1689681454.git.msuchanek@suse.de
Signed-off-by: Lucas De Marchi <lucas.de.marchi@gmail.com>
---
Makefile.am | 1 +
configure.ac | 5 +++++
libkmod/libkmod.c | 7 ++++---
man/Makefile.am | 9 +++++++--
man/depmod.d.xml | 1 +
man/modprobe.d.xml | 1 +
tools/depmod.c | 1 +
7 files changed, 20 insertions(+), 5 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 5b7abfe..e6630a3 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -19,6 +19,7 @@ AM_CPPFLAGS = \
-include $(top_builddir)/config.h \
-I$(top_srcdir) \
-DSYSCONFDIR=\""$(sysconfdir)"\" \
+ -DDISTCONFDIR=\""$(distconfdir)"\" \
${zlib_CFLAGS}
AM_CFLAGS = $(OUR_CFLAGS)
diff --git a/configure.ac b/configure.ac
index e5bceea..fd88d1f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -79,6 +79,10 @@ AC_COMPILE_IFELSE(
# --with-
#####################################################################
+AC_ARG_WITH([distconfdir], AS_HELP_STRING([--with-distconfdir=DIR], [directory to search for distribution configuration files]),
+ [], [with_distconfdir='${prefix}/lib'])
+AC_SUBST([distconfdir], [$with_distconfdir])
+
AC_ARG_WITH([rootlibdir],
AS_HELP_STRING([--with-rootlibdir=DIR], [rootfs directory to install shared libraries]),
[], [with_rootlibdir=$libdir])
@@ -313,6 +317,7 @@ AC_MSG_RESULT([
prefix: ${prefix}
sysconfdir: ${sysconfdir}
+ distconfdir: ${distconfdir}
libdir: ${libdir}
rootlibdir: ${rootlibdir}
includedir: ${includedir}
diff --git a/libkmod/libkmod.c b/libkmod/libkmod.c
index 1b8773c..57fac1c 100644
--- a/libkmod/libkmod.c
+++ b/libkmod/libkmod.c
@@ -65,6 +65,7 @@ static const char *const default_config_paths[] = {
SYSCONFDIR "/modprobe.d",
"/run/modprobe.d",
"/usr/local/lib/modprobe.d",
+ DISTCONFDIR "/modprobe.d",
"/lib/modprobe.d",
NULL
};
@@ -272,9 +273,9 @@ static enum kmod_file_compression_type get_kernel_compression(struct kmod_ctx *c
* to load from user-defined configuration parameters such as
* alias, blacklists, commands (install, remove). If NULL
* defaults to /etc/modprobe.d, /run/modprobe.d,
- * /usr/local/lib/modprobe.d and /lib/modprobe.d. Give an empty
- * vector if configuration should not be read. This array must
- * be null terminated.
+ * /usr/local/lib/modprobe.d, DISTCONFDIR/modprobe.d, and
+ * /lib/modprobe.d. Give an empty vector if configuration should
+ * not be read. This array must be null terminated.
*
* Create kmod library context. This reads the kmod configuration
* and fills in the default values.
diff --git a/man/Makefile.am b/man/Makefile.am
index 11514d5..2fea8e4 100644
--- a/man/Makefile.am
+++ b/man/Makefile.am
@@ -17,9 +17,14 @@ EXTRA_DIST = $(MAN5:%.5=%.xml) $(MAN8:%.8=%.xml)
CLEANFILES = $(dist_man_MANS)
%.5 %.8: %.xml
- $(AM_V_XSLT)$(XSLT) \
+ $(AM_V_XSLT)if [ '$(distconfdir)' != '/lib' ] ; then \
+ sed -e 's|@DISTCONFDIR@|$(distconfdir)|g' $< ; \
+ else \
+ sed -e '/@DISTCONFDIR@/d' $< ; \
+ fi | \
+ $(XSLT) \
-o $@ \
--nonet \
--stringparam man.output.quietly 1 \
--param funcsynopsis.style "'ansi'" \
- http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $<
+ http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl -
diff --git a/man/depmod.d.xml b/man/depmod.d.xml
index 8d3d821..f282a39 100644
--- a/man/depmod.d.xml
+++ b/man/depmod.d.xml
@@ -40,6 +40,7 @@
<refsynopsisdiv>
<para><filename>/lib/depmod.d/*.conf</filename></para>
+ <para><filename>@DISTCONFDIR@/depmod.d/*.conf</filename></para>
<para><filename>/usr/local/lib/depmod.d/*.conf</filename></para>
<para><filename>/run/depmod.d/*.conf</filename></para>
<para><filename>/etc/depmod.d/*.conf</filename></para>
diff --git a/man/modprobe.d.xml b/man/modprobe.d.xml
index 0ab3e91..2bf6537 100644
--- a/man/modprobe.d.xml
+++ b/man/modprobe.d.xml
@@ -41,6 +41,7 @@
<refsynopsisdiv>
<para><filename>/lib/modprobe.d/*.conf</filename></para>
+ <para><filename>@DISTCONFDIR@/modprobe.d/*.conf</filename></para>
<para><filename>/usr/local/lib/modprobe.d/*.conf</filename></para>
<para><filename>/run/modprobe.d/*.conf</filename></para>
<para><filename>/etc/modprobe.d/*.conf</filename></para>
diff --git a/tools/depmod.c b/tools/depmod.c
index 1d1d41d..630fef9 100644
--- a/tools/depmod.c
+++ b/tools/depmod.c
@@ -54,6 +54,7 @@ static const char *const default_cfg_paths[] = {
SYSCONFDIR "/depmod.d",
"/run/depmod.d",
"/usr/local/lib/depmod.d",
+ DISTCONFDIR "/depmod.d",
"/lib/depmod.d",
NULL
};
--
2.41.0
From ecef7c131618bbd9c559924ecae55764089db0dd Mon Sep 17 00:00:00 2001
From: Michal Suchanek <msuchanek@suse.de>
Date: Tue, 18 Jul 2023 14:01:55 +0200
Subject: [PATCH 4/6] kmod: Add pkgconfig file with kmod compile time
configuration
Show distconfdir (where system configuration files are searched/to be
installed), sysconfdir (where user configuration files are searched),
module compressions, and module signatures supported.
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
Link: https://lore.kernel.org/r/468b3f572d3b84f25bb53ec8fcb15ed4871914d4.1689681454.git.msuchanek@suse.de
Signed-off-by: Lucas De Marchi <lucas.de.marchi@gmail.com>
---
Makefile.am | 2 +-
configure.ac | 11 +++++++++++
tools/kmod.pc.in | 9 +++++++++
3 files changed, 21 insertions(+), 1 deletion(-)
create mode 100644 tools/kmod.pc.in
diff --git a/Makefile.am b/Makefile.am
index e6630a3..2a54c25 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -96,7 +96,7 @@ libkmod_libkmod_internal_la_DEPENDENCIES = $(libkmod_libkmod_la_DEPENDENCIES)
libkmod_libkmod_internal_la_LIBADD = $(libkmod_libkmod_la_LIBADD)
pkgconfigdir = $(libdir)/pkgconfig
-pkgconfig_DATA = libkmod/libkmod.pc
+pkgconfig_DATA = libkmod/libkmod.pc tools/kmod.pc
bashcompletiondir=@bashcompletiondir@
dist_bashcompletion_DATA = \
diff --git a/configure.ac b/configure.ac
index fd88d1f..7bf8d78 100644
--- a/configure.ac
+++ b/configure.ac
@@ -21,6 +21,9 @@ LT_INIT([disable-static pic-only])
AS_IF([test "x$enable_static" = "xyes"], [AC_MSG_ERROR([--enable-static is not supported by kmod])])
AS_IF([test "x$enable_largefile" = "xno"], [AC_MSG_ERROR([--disable-largefile is not supported by kmod])])
+module_compressions=""
+module_signatures="legacy"
+
#####################################################################
# Program checks and configurations
#####################################################################
@@ -94,6 +97,7 @@ AC_ARG_WITH([zstd],
AS_IF([test "x$with_zstd" != "xno"], [
PKG_CHECK_MODULES([libzstd], [libzstd >= 1.4.4], [LIBS="$LIBS $libzstd_LIBS"])
AC_DEFINE([ENABLE_ZSTD], [1], [Enable Zstandard for modules.])
+ module_compressions="zstd $module_compressions"
], [
AC_MSG_NOTICE([Zstandard support not requested])
])
@@ -105,6 +109,7 @@ AC_ARG_WITH([xz],
AS_IF([test "x$with_xz" != "xno"], [
PKG_CHECK_MODULES([liblzma], [liblzma >= 4.99], [LIBS="$LIBS $liblzma_LIBS"])
AC_DEFINE([ENABLE_XZ], [1], [Enable Xz for modules.])
+ module_compressions="xz $module_compressions"
], [
AC_MSG_NOTICE([Xz support not requested])
])
@@ -116,6 +121,7 @@ AC_ARG_WITH([zlib],
AS_IF([test "x$with_zlib" != "xno"], [
PKG_CHECK_MODULES([zlib], [zlib], [LIBS="$LIBS $zlib_LIBS"])
AC_DEFINE([ENABLE_ZLIB], [1], [Enable zlib for modules.])
+ module_compressions="gzip $module_compressions"
], [
AC_MSG_NOTICE([zlib support not requested])
])
@@ -134,6 +140,7 @@ AS_IF([test "x$with_openssl" != "xno"], [
AC_MSG_NOTICE([openssl sm3 support not detected])
CPPFLAGS="$CPPFLAGS -DOPENSSL_NO_SM3"
])
+ module_signatures="PKCS7 $module_signatures"
], [
AC_MSG_NOTICE([openssl support not requested])
])
@@ -298,6 +305,9 @@ AC_DEFINE_UNQUOTED(KMOD_FEATURES, ["$with_features"], [Features in this build])
# Generate files from *.in
#####################################################################
+AC_SUBST([module_compressions], $module_compressions)
+AC_SUBST([module_signatures], $module_signatures)
+
AC_CONFIG_FILES([
Makefile
man/Makefile
@@ -305,6 +315,7 @@ AC_CONFIG_FILES([
libkmod/docs/version.xml
libkmod/libkmod.pc
libkmod/python/kmod/version.py
+ tools/kmod.pc
])
diff --git a/tools/kmod.pc.in b/tools/kmod.pc.in
new file mode 100644
index 0000000..2595980
--- /dev/null
+++ b/tools/kmod.pc.in
@@ -0,0 +1,9 @@
+prefix=@prefix@
+sysconfdir=@sysconfdir@
+distconfdir=@distconfdir@
+module_compressions=@module_compressions@
+module_signatures=@module_signatures@
+
+Name: kmod
+Description: Tools to deal with kernel modules
+Version: @VERSION@
--
2.41.0
From 3af2f475b0b729f20279f2ce488cc9f727f0b763 Mon Sep 17 00:00:00 2001
From: Sam James <sam@gentoo.org>
Date: Sun, 5 Nov 2023 22:02:25 +0000
Subject: [PATCH 5/6] tools: depmod: fix -Walloc-size
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
GCC 14 introduces a new -Walloc-size included in -Wextra which gives:
```
tools/depmod.c:192:14: warning: allocation of insufficient size 1 for type struct index_node with size 1048 [-Walloc-size]
tools/depmod.c:255:11: warning: allocation of insufficient size 1 for type struct index_value with size 16 [-Walloc-size]
tools/depmod.c:286:35: warning: allocation of insufficient size 1 for type struct index_node with size 1048 [-Walloc-size]
tools/depmod.c:315:44: warning: allocation of insufficient size 1 for type struct index_node with size 1048 [-Walloc-size]
```
The calloc prototype is:
```
void *calloc(size_t nmemb, size_t size);
```
So, just swap the number of members and size arguments to match the prototype, as
we're initialising 1 struct of size `sizeof(struct ...)`. GCC then sees we're not
doing anything wrong.
Signed-off-by: Sam James <sam@gentoo.org>
---
tools/depmod.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/tools/depmod.c b/tools/depmod.c
index 630fef9..ab8513b 100644
--- a/tools/depmod.c
+++ b/tools/depmod.c
@@ -190,7 +190,7 @@ static struct index_node *index_create(void)
{
struct index_node *node;
- node = NOFAIL(calloc(sizeof(struct index_node), 1));
+ node = NOFAIL(calloc(1, sizeof(struct index_node)));
node->prefix = NOFAIL(strdup(""));
node->first = INDEX_CHILDMAX;
@@ -253,7 +253,7 @@ static int index_add_value(struct index_value **values,
values = &(*values)->next;
len = strlen(value);
- v = NOFAIL(calloc(sizeof(struct index_value) + len + 1, 1));
+ v = NOFAIL(calloc(1, sizeof(struct index_value) + len + 1));
v->next = *values;
v->priority = priority;
memcpy(v->value, value, len + 1);
@@ -284,7 +284,7 @@ static int index_insert(struct index_node *node, const char *key,
struct index_node *n;
/* New child is copy of node with prefix[j+1..N] */
- n = NOFAIL(calloc(sizeof(struct index_node), 1));
+ n = NOFAIL(calloc(1, sizeof(struct index_node)));
memcpy(n, node, sizeof(struct index_node));
n->prefix = NOFAIL(strdup(&prefix[j+1]));
@@ -313,7 +313,7 @@ static int index_insert(struct index_node *node, const char *key,
node->first = ch;
if (ch > node->last)
node->last = ch;
- node->children[ch] = NOFAIL(calloc(sizeof(struct index_node), 1));
+ node->children[ch] = NOFAIL(calloc(1, sizeof(struct index_node)));
child = node->children[ch];
child->prefix = NOFAIL(strdup(&key[i+1]));
--
2.41.0
From 510c8b7f7455c6613dd1706e5e41ec7b09cf6703 Mon Sep 17 00:00:00 2001
From: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Date: Sun, 29 Oct 2023 03:03:19 +0200
Subject: [PATCH 6/6] libkmod: remove pkcs7 obj_to_hash_algo()
Switch to using OBJ_obj2txt() to calculate and print the pkcs7
signature hash name. This eliminates the need to duplicate libcrypto
NID to name mapping, detect SM3 openssl compile-time support, and
enables using any hashes that openssl and kernel know about. For
example SHA3 are being added for v6.7 and with this patch are
automatically supported.
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Link: https://lore.kernel.org/r/20231029010319.157390-1-dimitri.ledkov@canonical.com
---
configure.ac | 7 -----
libkmod/libkmod-signature.c | 59 +++++++++++++------------------------
2 files changed, 20 insertions(+), 46 deletions(-)
diff --git a/configure.ac b/configure.ac
index 7bf8d78..a6b8fa0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -133,13 +133,6 @@ AC_ARG_WITH([openssl],
AS_IF([test "x$with_openssl" != "xno"], [
PKG_CHECK_MODULES([libcrypto], [libcrypto >= 1.1.0], [LIBS="$LIBS $libcrypto_LIBS"])
AC_DEFINE([ENABLE_OPENSSL], [1], [Enable openssl for modinfo.])
- AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <openssl/ssl.h>
- int nid = NID_sm3;]])], [
- AC_MSG_NOTICE([openssl supports sm3])
- ], [
- AC_MSG_NOTICE([openssl sm3 support not detected])
- CPPFLAGS="$CPPFLAGS -DOPENSSL_NO_SM3"
- ])
module_signatures="PKCS7 $module_signatures"
], [
AC_MSG_NOTICE([openssl support not requested])
diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
index b749a81..80f6447 100644
--- a/libkmod/libkmod-signature.c
+++ b/libkmod/libkmod-signature.c
@@ -127,6 +127,7 @@ struct pkcs7_private {
PKCS7 *pkcs7;
unsigned char *key_id;
BIGNUM *sno;
+ char *hash_algo;
};
static void pkcs7_free(void *s)
@@ -137,42 +138,11 @@ static void pkcs7_free(void *s)
PKCS7_free(pvt->pkcs7);
BN_free(pvt->sno);
free(pvt->key_id);
+ free(pvt->hash_algo);
free(pvt);
si->private = NULL;
}
-static int obj_to_hash_algo(const ASN1_OBJECT *o)
-{
- int nid;
-
- nid = OBJ_obj2nid(o);
- switch (nid) {
- case NID_md4:
- return PKEY_HASH_MD4;
- case NID_md5:
- return PKEY_HASH_MD5;
- case NID_sha1:
- return PKEY_HASH_SHA1;
- case NID_ripemd160:
- return PKEY_HASH_RIPE_MD_160;
- case NID_sha256:
- return PKEY_HASH_SHA256;
- case NID_sha384:
- return PKEY_HASH_SHA384;
- case NID_sha512:
- return PKEY_HASH_SHA512;
- case NID_sha224:
- return PKEY_HASH_SHA224;
-# ifndef OPENSSL_NO_SM3
- case NID_sm3:
- return PKEY_HASH_SM3;
-# endif
- default:
- return -1;
- }
- return -1;
-}
-
static const char *x509_name_to_str(X509_NAME *name)
{
int i;
@@ -219,7 +189,8 @@ static bool fill_pkcs7(const char *mem, off_t size,
unsigned char *key_id_str;
struct pkcs7_private *pvt;
const char *issuer_str;
- int hash_algo;
+ char *hash_algo;
+ int hash_algo_len;
size -= sig_len;
pkcs7_raw = mem + size;
@@ -278,27 +249,37 @@ static bool fill_pkcs7(const char *mem, off_t size,
X509_ALGOR_get0(&o, NULL, NULL, dig_alg);
- hash_algo = obj_to_hash_algo(o);
- if (hash_algo < 0)
+ // Use OBJ_obj2txt to calculate string length
+ hash_algo_len = OBJ_obj2txt(NULL, 0, o, 0);
+ if (hash_algo_len < 0)
goto err3;
- sig_info->hash_algo = pkey_hash_algo[hash_algo];
- // hash algo has not been recognized
- if (sig_info->hash_algo == NULL)
+ hash_algo = malloc(hash_algo_len + 1);
+ if (hash_algo == NULL)
goto err3;
+ hash_algo_len = OBJ_obj2txt(hash_algo, hash_algo_len + 1, o, 0);
+ if (hash_algo_len < 0)
+ goto err4;
+
+ // Assign libcrypto hash algo string or number
+ sig_info->hash_algo = hash_algo;
+
sig_info->id_type = pkey_id_type[modsig->id_type];
pvt = malloc(sizeof(*pvt));
if (pvt == NULL)
- goto err3;
+ goto err4;
pvt->pkcs7 = pkcs7;
pvt->key_id = key_id_str;
pvt->sno = sno_bn;
+ pvt->hash_algo = hash_algo;
sig_info->private = pvt;
sig_info->free = pkcs7_free;
return true;
+err4:
+ free(hash_algo);
err3:
free(key_id_str);
err2:
--
2.41.0

58
SOURCES/man-rmmod-explain-why-modprobe-r-is-more-useful.patch
Unescape View File

@ -1,58 +0,0 @@
From 06fadcc6b17c3b9a534540dd6d74b0c5fb1d948d Mon Sep 17 00:00:00 2001
From: Yauheni Kaliuta <ykaliuta@redhat.com>
Date: Thu, 2 Feb 2023 15:47:36 +0200
Subject: [PATCH] man/rmmod: explain why modprobe -r is more useful
Improve user experience by explaining the option so the user may
not search explanations in other manpages (modprobe).
Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com>
Reviewed-by: Luis Chamberlain <mcgrof@kernel.org>
Signed-off-by: Lucas De Marchi <lucas.de.marchi@gmail.com>
---
man/rmmod.xml | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/man/rmmod.xml b/man/rmmod.xml
index e7c7e5f9e7dc..67bcbedd972b 100644
--- a/man/rmmod.xml
+++ b/man/rmmod.xml
@@ -52,7 +52,8 @@
want to use
<citerefentry>
<refentrytitle>modprobe</refentrytitle><manvolnum>8</manvolnum>
- </citerefentry> with the <option>-r</option> option instead.
+ </citerefentry> with the <option>-r</option> option instead
+ since it removes unused dependent modules as well.
</para>
</refsect1>
--- a/man/rmmod.8 2020-12-28 02:58:30.085851136 +0200
+++ b/man/rmmod.8 2023-02-09 16:55:55.967128297 +0200
@@ -2,12 +2,12 @@
.\" Title: rmmod
.\" Author: Jon Masters <jcm@jonmasters.org>
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\" Date: 12/27/2020
+.\" Date: 02/09/2023
.\" Manual: rmmod
.\" Source: kmod
.\" Language: English
.\"
-.TH "RMMOD" "8" "12/27/2020" "kmod" "rmmod"
+.TH "RMMOD" "8" "02/09/2023" "kmod" "rmmod"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -39,7 +39,7 @@
\fBmodprobe\fR(8)
with the
\fB\-r\fR
-option instead\&.
+option instead since it removes unused dependent modules as well\&.
.SH "OPTIONS"
.PP
\fB\-v\fR, \fB\-\-verbose\fR
--
2.39.1

20
SOURCES/weak-modules
Unescape View File

@ -179,24 +179,24 @@ compare_initramfs_modules() {
mkdir "$tmpdir/new_initramfs"
decompress_initramfs "$old_initramfs" "$tmpdir/old_initramfs.img"
pushd "$tmpdir/old_initramfs" >/dev/null
pushd "$tmpdir/old_initramfs" >/dev/null || exit
cpio -i < "$tmpdir/old_initramfs.img" 2>/dev/null
rm "$tmpdir/old_initramfs.img"
n=0; for i in `list_module_files|sort`; do
old_initramfs_modules[n]="$i"
n=$((n+1))
done
popd >/dev/null
popd >/dev/null || exit
decompress_initramfs "$new_initramfs" "$tmpdir/new_initramfs.img"
pushd "$tmpdir/new_initramfs" >/dev/null
pushd "$tmpdir/new_initramfs" >/dev/null || exit
cpio -i < "$tmpdir/new_initramfs.img" 2>/dev/null
rm "$tmpdir/new_initramfs.img"
n=0; for i in `list_module_files|sort`; do
new_initramfs_modules[n]="$i"
n=$((n+1))
done
popd >/dev/null
popd >/dev/null || exit
# Compare the length and contents of the arrays
if [ "${#old_initramfs_modules[@]}" == "${#new_initramfs_modules[@]}" -a \
@ -758,6 +758,7 @@ validate_weak_links() {
# to return to caller that original proposal is not valid
# here 0 is true, 1 is false, since it will be the return code
local is_configuration_valid=0
local cat_prog
tmp=$(mktemp -p $tmpdir)
compatible_modules=()
@ -766,7 +767,12 @@ validate_weak_links() {
local symvers_path=$(find_symvers_file "$krel")
[[ -n "$symvers_path" ]] || return
zcat "$symvers_path" > $tmpdir/symvers-$krel
cat_prog="cat"
case "$symvers" in
*.gz) cat_prog="zcat" ;;
*.xz) cat_prog="xzcat" ;;
esac
"$cat_prog" "$symvers_path" > $tmpdir/symvers-$krel
fi
while ((is_updates_changed)); do
@ -940,7 +946,7 @@ do_make_groups()
declare -a mods
while read i; do
mods=($i)
read -a mods <<< "$i"
echo "${mods[0]}" |grep -q "extra/" || continue
@ -992,7 +998,7 @@ filter_extra_absoluted()
# to speed up handling in general cases
echo "$i" |grep -q "extra/" || continue
mods=($i)
read -a mods <<< "$i"
for j in "${!mods[@]}"; do
mod="${mods[$j]}"

197
SPECS/kmod.spec
Unescape View File

@ -1,33 +1,92 @@
# Fedora does not support CONFIG_MODVERSIONS. Without kabi support
# weak-modules is useless at best, and can be actively harmful.
# Since RHEL *does* support this and offers kabi support,
# turn it on there by default.
%if 0%{?rhel}
%bcond_without weak_modules
%bcond_without dist_conf
%else
%bcond_with weak_modules
%bcond_with dist_conf
%endif
%bcond_without zlib
%bcond_without xz
%bcond_without zstd
Name: kmod
Version: 28
Release: 10%{?dist}
Version: 31
Release: 8%{?dist}
Summary: Linux kernel module management utilities
License: GPLv2+
# https://docs.fedoraproject.org/en-US/legal/license-field/#_no_effective_license_analysis
# GPL-2.0-or-later:
# build-aux/compile
# build-aux/depcomp
# build-aux/ltmain.sh
# build-aux/ltmain.sh
# build-aux/missing
# build-aux/py-compile
# build-aux/test-driver
# m4/attributes.m4
# m4/features.m4
# tools
# GPL-3.0-or-later:
# build-aux/config.guess
# build-aux/config.sub
# build-aux/git-version-gen
# libkmod/docs/gtk-doc.make
# m4/gtk-doc.m4
# FSFUL:
# configure
# FSFULLRWD:
# aclocal.m4
# libkmod/docs/Makefile.in
# m4/libtool.m4
# m4/lt~obsolete.m4
# m4/ltoptions.m4
# m4/ltsugar.m4
# m4/ltversion.m4
# Makefile.in
# LGPL-2.1-only:
# libkmod/python/kmod/error.py
# libkmod/python/kmod/__init__.py
# libkmod/python/kmod/version.py
# libkmod/python/kmod/version.py.in
# LGPL-2.1-or-later:
# config.h.in (no explicit license, the one in COPYING is assumed)
# libkmod
# man (no explicit license, the one in COPYING is assumed)
# shared
# shell-completion/bash/kmod
# testsuite
# X11:
# build-aux/install-sh
License: GPL-2.0-or-later AND GPL-3.0-or-later AND FSFUL AND FSFULLRWD AND LGPL-2.1-only AND LGPL-2.1-or-later AND X11
URL: https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git
Source0: https://www.kernel.org/pub/linux/utils/kernel/kmod/%{name}-%{version}.tar.xz
Source1: weak-modules
Source2: depmod.conf.dist
Exclusiveos: Linux
Patch01: man-rmmod-explain-why-modprobe-r-is-more-useful.patch
# v29~5 "libkmod: fix an overflow with wrong modules.builtin.modinfo"
Patch02: 0001-libkmod-fix-an-overflow-with-wrong-modules.builtin.m.patch
# v31~29 "libkmod: do not crash on unknown signature algorithm"
Patch03: 0001-libkmod-do-not-crash-on-unknown-signature-algorithm.patch
# v31~18 "libkmod: error out on unknown hash algorithm"
Patch04: 0001-libkmod-error-out-on-unknown-hash-algorithm.patch
Patch1: kmod-tip.patch
# v33~1 "libkmod: avoid undefined behaviour in libkmod-builtin.c:get_string"
Patch05: 0001-libkmod-avoid-undefined-behaviour-in-libkmod-builtin.patch
Patch2: 0001-libkmod-avoid-undefined-behaviour-in-libkmod-builtin.patch
Exclusiveos: Linux
BuildRequires: gcc
BuildRequires: chrpath
%if %{with zlib}
BuildRequires: zlib-devel
%endif
%if %{with xz}
BuildRequires: xz-devel
BuildRequires: libxslt
%endif
BuildRequires: libxslt docbook-style-xsl
BuildRequires: openssl-devel
BuildRequires: make
BuildRequires: make automake
%if %{with zstd}
BuildRequires: libzstd-devel
%endif
Provides: module-init-tools = 4.0-1
Obsoletes: module-init-tools < 4.0-1
@ -41,7 +100,6 @@ examples of loaded and unloaded modules.
%package libs
Summary: Libraries to handle kernel module loading and unloading
License: LGPLv2+
%description libs
The kmod-libs package provides runtime libraries for any application that
@ -61,9 +119,16 @@ applications that wish to load or unload Linux kernel modules.
%build
%configure \
--with-openssl \
%if %{with zlib}
--with-zlib \
%endif
%if %{with xz}
--with-xz \
--with-zstd
%endif
%if %{with zstd}
--with-zstd \
%endif
--enable-debug
%{make_build} V=1
@ -88,8 +153,13 @@ mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/modprobe.d
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d
mkdir -p $RPM_BUILD_ROOT%{_prefix}/lib/modprobe.d
%if %{with weak_modules}
install -pm 755 %{SOURCE1} $RPM_BUILD_ROOT%{_sbindir}/weak-modules
%endif
%if %{with dist_conf}
install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf
%endif
%files
%dir %{_sysconfdir}/depmod.d
@ -102,12 +172,18 @@ install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf
%{_sbindir}/rmmod
%{_sbindir}/lsmod
%{_sbindir}/depmod
%if %{with weak_modules}
%{_sbindir}/weak-modules
%endif
%{_datadir}/bash-completion/
%if %{with dist_conf}
%{_sysconfdir}/depmod.d/dist.conf
%attr(0644,root,root) %{_mandir}/man5/*.5*
%endif
%attr(0644,root,root) %{_mandir}/man5/mod*.d*.5*
%attr(0644,root,root) %{_mandir}/man5/depmod.d.5*
%{_mandir}/man5/modprobe.conf.5*
%attr(0644,root,root) %{_mandir}/man8/*.8*
%doc NEWS README TODO
%doc NEWS README.md TODO
%files libs
%license COPYING
@ -115,39 +191,82 @@ install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/depmod.d/dist.conf
%files devel
%{_includedir}/libkmod.h
%{_libdir}/pkgconfig/kmod.pc
%{_libdir}/pkgconfig/libkmod.pc
%{_libdir}/libkmod.so
%changelog
* Thu Aug 15 2024 Eugene Syromiatnikov <esyr@redhat.com> - 28-10
* Thu Aug 15 2024 Eugene Syromiatnikov <esyr@redhat.com> - 31-8
- Fix issues discovered by static analysis
- Resolves: RHEL-34073
- Resolves: RHEL-44931
* Mon Aug 12 2024 Eugene Syromiatnikov <esyr@redhat.com> - 31-7
- weak-modules: use either zcat or xzcat based on symvers file extension
- Resolves: RHEL-39388
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 31-6
- Bump release for June 2024 mass rebuild
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 31-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 31-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu May 11 2023 Eugene Syromiatnikov <esyr@redhat.com> - 28-9
* Fri Dec 01 2023 Eugene Syromiatnikov <esyr@redhat.com> - 31-3
- migrated to SPDX license
* Thu Nov 09 2023 Josh Boyer <jwboyer@fedoraproject.org> - 31-2
- Add upstream patches to enable SHA3 support
- New upstream v31
- Resolves: rhbz#2241394
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 30-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue May 09 2023 Eugene Syromiatnikov <esyr@redhat.com> - 30-5
- Add symvers.xz support to weak-modules
- Resolves: rhbz#2192895
* Thu Feb 9 2023 Yauheni Kaliuta <ykaliuta@redhat.com> - 28-8
- man/rmmod: explain why modprobe -r is more useful
Resolves: rhbz#2164253
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 30-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Sat Dec 17 2022 Florian Weimer <fweimer@redhat.com> - 30-3
- Port configure script to C99
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 30-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jul 4 2022 Yauheni Kaliuta <ykaliuta@redhat.com> - 30-1
- New upstream v30
- Resolves: rhbz#2102796
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 29-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 29-6
- Rebuilt with OpenSSL 3.0.0
* Tue Aug 10 2021 Yauheni Kaliuta <ykaliuta@redhat.com> - 29-5
- kmod.spec: enable debug
- weak-modules: compare_initramfs_modules: exit on pushd/popd failures
- weak-modules: split modules into array with read -a
- Add default config file, /etc/depmod.d/dist.conf
* Thu Oct 21 2021 Yauheni Kaliuta <ykaliuta@redhat.com> - 28-7
- Add RHEL gating configuration. Related: rhbz#1985100
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 29-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Aug 10 2021 Yauheni Kaliuta <ykaliuta@redhat.com> - 28-6
- add default config.
Resolves: rhbz#1985100
* Tue Jun 08 2021 Neal Gompa <ngompa13@gmail.com> - 29-3
- Fix conditional to only install weak-modules for RHEL
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 28-5
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Tue May 25 2021 Justin M. Forbes <jforbes@fedoraproject.org> - 29-2
- Rebuild for weak-modules drop in Fedora
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 28-4
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Mon May 24 2021 Justin M. Forbes <jforbes@fedoraproject.org>
- Remove weak-modules for Fedora as it causes problems.
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 28-3
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Fri May 14 2021 Josh Boyer <jwboyer@fedoraproject.org> - 29-1
- New upstream v29
- Resolves: rhbz#1962980
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 28-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

Write Preview
Loading…
Cancel
Save