lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:   Thu, 7 Feb 2019 13:57:23 -0800
From:   Lucas De Marchi <lucas.de.marchi@...il.com>
To:     linux-modules <linux-modules@...r.kernel.org>
Cc:     Jessica Yu <jeyu@...nel.org>,
        Rusty Russell <rusty@...tcorp.com.au>,
        lkml <linux-kernel@...r.kernel.org>
Subject: [ANNOUNCE] kmod 26

kmod 26 is out:

        https://www.kernel.org/pub/linux/utils/kernel/kmod/kmod-26.tar.xz
        https://www.kernel.org/pub/linux/utils/kernel/kmod/kmod-26.tar.sign

Now we also have a new archive for the mailing list:
        https://lore.kernel.org/linux-modules/

- Improvements
        - Add more error-checking in library functions and remove
warnings on newer
          toolchains

        - Depmod now handles parallel invocations better by protecting
the temporary
          files being used

        - Improvements to testsuite and added tests to check the behavior
          regardless of the features enabled in the kernel and
libraries we link to

        - Teach the --show-exports option to modprobe. This works similarly to
          --show-modversions, but it reports the exported symbols from
that module.
          Under the hood this reads the .symtab and .strtab sections rather than
          __versions so it shows useful data even if kernel is
configured without
          modversions (CONFIG_MODVERSIONS)

        - Teach pkcs7 parsing to modinfo by using openssl. This allows
modinfo to
          correctly parse the signature appended to a module by the kernel build
          system when configured with CONFIG_MODULE_SIG_ALL, or when externally
          signed by the distro. Traditionally modules were signed and a struct
          was appended together with the signature to the end of the module.
          This has changed on the kernel for pkcs#7 and now the structure isn't
          filled out with useful information.  So we have to parse the signature
          block in order to return useful data to the user.

          If kmod is linked with openssl we parse the signature and return the
          fields as we do for other signatures. An example of the relevant part
          on the output of modinfo is below:

          Before:
                  sig_id:         PKCS#7
                  signer:
                  sig_key:
                  sig_hashalgo:   md4
          After:
                  sig_id:         PKCS#7
                  signer:         Fedora kernel signing key
                  sig_key:
51:C4:0C:6D:7E:A5:6C:D8:8F:B4:3A:DF:91:78:4F:18:BC:D5:E4:C5
                  sig_hashalgo:   sha256

          If kmod is not linked to openssl we just start printing
"unknown" in the
          sig_hashalgo field rather than the bogus value.

Shortlog is below:

Caio Marcelo de Oliveira Filho (1):
      testsuite: add Clear's mkosi configuration

Chris Stackpole (1):
      Phrasing correction in modprobe man page

Daniel Kahn Gillmor (1):
      man: Fix typo

Jakov Simunic (1):
      build: fix wrong quotes on bootstrap

Jan Engelhardt (1):
      kmod: build: cure compiler warnings showing up externally

Luca Bruno (1):
      libkmod-module: check for NULL before accessing pointers

Lucas De Marchi (17):
      testsuite: raise arch image to 3GB
      man: depmod: remove deprecated -m option
      mkosi: allow Clear to use test modules
      testsuite: add simple test for --show-exports
      README: Add link to mailing list archive
      Remove bootstrap* scripts
      testsuite: split out function to compare outputs exactly
      testsuite: add support for testing output against regex
      testsuite: move --show-exports test to use regex
      Add semaphoreci 2.0 configuration
      testsuite: fix modinfo test without openssl
      build: enable openssl by default
      build: add openssl to CI deps
      build: check openssl version
      testsuite: mkosi: update files
      build: fix make distcheck
      kmod 26

Michal Suchanek (3):
      depmod: prevent module dependency files missing during depmod invocation
      depmod: prevent module dependency files corruption due to
parallel invocation.
      depmod: shut up gcc insufficinet buffer warning

Yauheni Kaliuta (6):
      modprobe: add --show-exports
      signature: do not report wrong data for pkc#7 signature
      testsuite: track number of descriptors instead of their state
      testsuite: factor out fd related parameters to a structure
      testsuite: add modinfo pkcs7 signature test
      libkmod-signature: implement pkcs7 parsing with openssl


-- 
Lucas De Marchi

Powered by blists - more mailing lists