From 91d5ffa670e7642326b3a2918aeb94b47f24fb23c3816049c2ca569f1f0c63cb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= <adrian@suse.de>
Date: Thu, 20 Feb 2025 09:55:22 +0100
Subject: [PATCH] Sync from SUSE:SLFO:Main mokutil revision
 66594a1f0c4c284c6b5b9652d467db13

---
 0.6.0.tar.gz    |   3 -
 0.7.2.tar.gz    |   3 +
 modhash         | 149 ------------------------------------------------
 mokutil.changes |  61 +++++++++++++++++++-
 mokutil.spec    |   9 +--
 5 files changed, 66 insertions(+), 159 deletions(-)
 delete mode 100644 0.6.0.tar.gz
 create mode 100644 0.7.2.tar.gz
 delete mode 100644 modhash

diff --git a/0.6.0.tar.gz b/0.6.0.tar.gz
deleted file mode 100644
index 872d429..0000000
--- a/0.6.0.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6cc4be216ac083ee19dc986e8a510e1d74f6f4080baa4b5fdc7c503eb483f569
-size 38047
diff --git a/0.7.2.tar.gz b/0.7.2.tar.gz
new file mode 100644
index 0000000..f70fc71
--- /dev/null
+++ b/0.7.2.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:839d677c4fc9805f1565703ca32863e4652692c53da66a88ae9b9e30676f9e17
+size 39226
diff --git a/modhash b/modhash
deleted file mode 100644
index c1bf69f..0000000
--- a/modhash
+++ /dev/null
@@ -1,149 +0,0 @@
-#!/usr/bin/perl
-# 
-# Calculate the digest of the kernel module
-# It will strip kernel modules signature before calculation.
-# 
-# Based on modsign-verify, written by Michal Marek
-# Authors:
-#	Gary Lin <GLin@suse.com>
-#	Joey Lee <JLee@suse.com>
-#
-
-my $USAGE = "Usage: modhash [-v] [-q] [-d <digest algorithm>] <module>\n";
-
-use strict;
-use warnings;
-use IPC::Open2;
-use Getopt::Long;
-use File::Temp qw(tempfile);
-
-my $verbose = 1;
-my $dgst = "sha256";
-GetOptions(
-	"d=s" => \$dgst,
-	"q|quiet" => sub { $verbose-- if $verbose; },
-	"v|verbose" => sub { $verbose++; },
-	"h|help" => sub {
-		print $USAGE;
-		exit(0);
-	}
-) or die($USAGE);
-
-sub _verbose {
-	my $level = shift;
-
-	return if $verbose < $level;
-	print STDERR @_;
-}
-
-sub info    { _verbose(1, @_); }
-sub verbose { _verbose(2, @_); }
-sub debug   { _verbose(3, @_); }
-
-if (@ARGV > 1) {
-	print STDERR "Excess arguments\n";
-	die($USAGE);
-} elsif (@ARGV < 1) {
-	print STDERR "No module supplied\n";
-	die($USAGE);
-}
-my $module_name = shift(@ARGV);
-
-if ($dgst ne "sha"    and $dgst ne "sha1"   and $dgst ne "sha256" and
-    $dgst ne "sha384" and $dgst ne "sha512") {
-	die("unsupported algorithm: $dgst");
-}
-
-#
-# Function to read the contents of a file into a variable.
-#
-sub read_file($)
-{
-    my ($file) = @_;
-    my $contents;
-    my $len;
-
-    open(FD, "<$file") || die $file;
-    binmode FD;
-    my @st = stat(FD);
-    die $file if (!@st);
-    $len = read(FD, $contents, $st[7]) || die $file;
-    close(FD) || die $file;
-    die "$file: Wanted length ", $st[7], ", got ", $len, "\n"
-	if ($len != $st[7]);
-    return $contents;
-}
-
-sub openssl_pipe($$) {
-	my ($input, $cmd) = @_;
-	my ($pid, $res);
-
-	$pid = open2(*read_from, *write_to, $cmd) || die $cmd;
-	binmode write_to;
-	if (defined($input) && $input ne "") {
-		print write_to $input || die "$cmd: $!";
-	}
-	close(write_to) || die "$cmd: $!";
-
-	binmode read_from;
-	read(read_from, $res, 4096) || die "$cmd: $!";
-	close(read_from) || die "$cmd: $!";
-	waitpid($pid, 0) || die;
-	die "$cmd died: $?" if ($? >> 8);
-	return $res;
-}
-
-my $module = read_file($module_name);
-my $module_len = length($module);
-my $magic_number = "~Module signature appended~\n";
-my $magic_len = length($magic_number);
-my $info_len = 12;
-
-if ($module_len < $magic_len) {
-	die "Module size too short\n";
-}
-
-sub eat
-{
-	my $length = shift;
-	if ($module_len < $length) {
-		die "Module size too short\n";
-	}
-	my $res = substr($module, -$length);
-	$module = substr($module, 0, $module_len - $length);
-	$module_len -= $length;
-	return $res;
-}
-
-if (substr($module, -$magic_len) eq $magic_number) {
-	$module = substr($module, 0, $module_len - $magic_len);
-	$module_len -= $magic_len;
-	my $info = eat($info_len);
-	my ($algo, $hash, $id_type, $name_len, $key_len, $sig_len) =
-		unpack("CCCCCxxxN", $info);
-	my $signature = eat($sig_len);
-	if ($id_type == 1) {
-		if (unpack("n", $signature) == $sig_len - 2) {
-			verbose ("signed module (X.509)\n");
-		} else {
-			die "Invalid signature format\n";
-		}
-		if ($algo != 1) {
-			die "Unsupported signature algorithm\n";
-		}
-		$signature = substr($signature, 2);
-		my $key_id = eat($key_len);
-		my $name = eat($name_len);
-	} elsif ($id_type == 2) {
-		verbose ("signed module (PKCS#7)\n");
-	}
-} else {
-	verbose ("unsigned module\n");
-}
-
-verbose("Hash algorithm: $dgst\n");
-
-my $digest = openssl_pipe($module, "openssl dgst -$dgst");
-$digest =~ s/\(stdin\)= //;
-
-print "$module_name: $digest"
diff --git a/mokutil.changes b/mokutil.changes
index c2b7278..036db13 100644
--- a/mokutil.changes
+++ b/mokutil.changes
@@ -1,3 +1,62 @@
+-------------------------------------------------------------------
+Sat Feb  8 21:16:36 UTC 2025 - Dirk Müller <dmueller@suse.com>
+
+- update to 0.7.2:
+  * mokutil: revert the default listing to the verbose form
+- update to 0.7.1:
+  * Fix an off-by-one reading passwords from a file.
+  * Short certificate listing by default
+
+-------------------------------------------------------------------
+Fri Mar  1 08:23:24 UTC 2024 - Dennis Tseng <dennis.tseng@suse.com>
+
+- Update to 0.7.0
+    + 82694cb Show usage instead of aborting on bad flags
+    + 04791c2 mokutil bugfix: del unused opt "-s"
+    + d978c18 Fix leak of list in delete_data_from_req_var()
+    + e498f64 Fix leak of fd in mok_get_variable()
+    + 7b6258a Show the key owner GUID
+    + 51b5e55 Use PKG_PROG_PKG_CONFIG macro from pkg.m4 to detect pkg-config
+    + 1aefcdb mokutil: handle the parsing error from "mok-variables"
+    + 71140ef mokutil: Fix memory leak in export_db_keys
+    + 0011d52 mokutil:check the result of malloc() is necessary
+    + a0d8702 Fix inconsistency in skip messages
+    + ae59d89 man: add "--trust-mok" and "--untrust-mok"
+    + dd55c28 Avoid conflicting efi_char16_t type definitions
+    + 8b6d116 fix: typo "accesss" -> "access"
+    + f68a4f4 Do not exit with non zero status for version query
+    + 5f49730 Check for efi variabales support after processing commands
+    + 2d6c409 Return 0 after printing help messages
+    + c64741d Add support for SSPPolicy, depricate --set-sbat-policy delete
+    + 48e3d2a Fix tab alignment for help (set-fallback-verbosity/set-fallback-noreboot)
+    + c361087 (HEAD -> master, tag: 0.7.0, origin/ssppolicy-v2-fix, origin/master, origin/HEAD) Rename "previous" revocations to "automatic"
+
+-------------------------------------------------------------------
+Fri Feb 23 09:19:54 UTC 2024 - pgajdos@suse.com
+
+- Use %patch -P N instead of deprecated %patchN.
+
+-------------------------------------------------------------------
+Tue Sep 19 08:10:49 UTC 2023 - Joey Lee <jlee@suse.com>
+
+- Sync change log to prepare for sending mokutil 0.6.0 to SLE15-SP6
+  (jsc#PED-6528)
+    - Removed the following backported patches because they are merged
+      to 0.6.0:
+	- mokutil-fix-missing-header.patch
+	  b15e7c4d7 util: add the missing stdio.h
+	- mokutil-enable-setting-fallback-verbosity-and-norebo.patch (bsc#1198458)
+	  57bc38582 mokutil: enable setting fallback verbosity and noreboot mode
+	- mokutil-SBAT-revocation-update-support.patch (bsc#1198458)
+	  6c9890730 SBAT revocation update support
+
+-------------------------------------------------------------------
+Fri Aug 18 07:07:08 UTC 2023 - Gary Ching-Pang Lin <glin@suse.com>
+
+- Remove modhash (bsc#1214358)
+  + The modhash script is rarely used and it's impractical to block
+    a kernel module with the hash.
+
 -------------------------------------------------------------------
 Mon Jun 27 05:00:25 UTC 2022 - Joey Lee <jlee@suse.com>
 
@@ -67,7 +126,7 @@ Thu Jul 15 06:39:26 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
 -------------------------------------------------------------------
 Tue May  4 06:52:03 UTC 2021 - Dirk Müller <dmueller@suse.com>
 
-- spec file cleanup 
+- spec file cleanup
 
 -------------------------------------------------------------------
 Wed Sep 16 09:06:02 UTC 2020 - Gary Ching-Pang Lin <glin@suse.com>
diff --git a/mokutil.spec b/mokutil.spec
index 9b4ea09..fcb5672 100644
--- a/mokutil.spec
+++ b/mokutil.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package mokutil
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,14 +17,13 @@
 
 
 Name:           mokutil
-Version:        0.6.0
+Version:        0.7.2
 Release:        0
 Summary:        Tools for manipulating machine owner keys
 License:        GPL-3.0-only
 Group:          Productivity/Security
 URL:            https://github.com/lcp/mokutil
 Source:         https://github.com/lcp/%{name}/archive/%{version}.tar.gz
-Source1:        modhash
 # PATCH-FIX-SUSE mokutil-remove-libkeyutils-check.patch glin@suse.com -- Disable the check of libkeyutils version
 Patch1:         mokutil-remove-libkeyutils-check.patch
 BuildRequires:  autoconf
@@ -43,7 +42,7 @@ keys (MOK) stored in the database of shim.
 %prep
 %setup -q
 %if 0%{?suse_version} <= 1500
-%patch1 -p1
+%patch -P 1 -p1
 %endif
 
 %build
@@ -53,12 +52,10 @@ keys (MOK) stored in the database of shim.
 
 %install
 %make_install
-install -m 755 -D %{SOURCE1} %{buildroot}/%{_bindir}/modhash
 
 %files
 %license COPYING
 %{_bindir}/mokutil
-%{_bindir}/modhash
 %{_mandir}/man?/*
 %dir %{_datadir}/bash-completion/completions/
 %{_datadir}/bash-completion/completions/mokutil