rpms
/
libica
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

import libica-4.1.1-2.el9

Browse Source
c9-beta imports/c9-beta/libica-4.1.1-2.el9
CentOS Sources 2 years ago committed by MSVSphere Packaging Team
commit d5458a6c9c
5 changed files with 480 additions and 0 deletions
Show Stats Download Patch File Download Diff File

1
.gitignore vendored
Unescape View File

@ -0,0 +1 @@
SOURCES/libica-4.1.1.tar.gz

1
.libica.metadata
Unescape View File

@ -0,0 +1 @@
a826ac86ded4ed96804fe19634b02838ab78ac86 SOURCES/libica-4.1.1.tar.gz

83
SOURCES/libica-4.0.0-annotate.patch
Unescape View File

@ -0,0 +1,83 @@
From daad2a867cff48a7c4322716917d63538b083284 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
Date: Tue, 25 Sep 2018 13:44:32 +0200
Subject: [libica PATCH] add build note to assembler sources
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When distros use the annobin compiler plugin [1], they have complete overview
what compiler flags were used for compilation and they are able to perform
security checks on the produced binaries. Compiling assembler source can't
provide this kind of information by default, so we need the explicit
-Wa,--generate-missing-build-notes=yes option during build. When the option is
missing, then the annocheck tool reports "GAPS" in the resulting binary.
binutils >= 2.31 or older with backport is needed
[1] https://fedoraproject.org/wiki/Changes/Annobin
Signed-off-by: Dan Horák <dan@danny.cz>
---
configure.ac | 4 ++++
libica.spec | 2 +-
src/Makefile.am | 4 ++--
3 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/configure.ac b/configure.ac
index 958371c..b8d0e42 100644
--- a/configure.ac
+++ b/configure.ac
@@ -113,12 +113,16 @@ if test "x$enable_coverage" = xno && test "x$enable_debug" = xno && test "x$enab
FLAGS="$FLAGS -O3 -D_FORTIFY_SOURCE=2"
fi
+# check if assembler can generate missing build notes, binutils >= 2.31 or older with backport is needed
+AX_CHECK_COMPILE_FLAG([-Wa,--generate-missing-build-notes=yes], [ICA_ASFLAGS="-Wa,--generate-missing-build-notes=yes"])
+
# restore cmdline flags (ignore PROG_AS/PROG_CC defaults)
CFLAGS="$cmdline_CFLAGS"
CCASFLAGS="$cmdline_CFLAGS"
AC_SUBST([FLAGS], $FLAGS)
AC_SUBST([LIBS], $LIBS)
+AC_SUBST([ICA_ASFLAGS], $ICA_ASFLAGS)
AC_CONFIG_FILES([Makefile doc/Makefile include/Makefile src/Makefile test/Makefile])
AC_OUTPUT
diff --git a/libica.spec b/libica.spec
index d71890a..e51430e 100644
--- a/libica.spec
+++ b/libica.spec
@@ -9,7 +9,7 @@ URL: https://github.com/opencryptoki/libica
Source0: %{name}-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-BuildRequires: autoconf automake libtool openssl-devel
+BuildRequires: autoconf automake libtool openssl-devel autoconf-archive
%description
Interface library on Linux for IBM System z to utilize CPACF
diff --git a/src/Makefile.am b/src/Makefile.am
index c630048..1b5ec71 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -31,13 +31,13 @@ SOURCES_common = ica_api.c init.c icastats_shared.c s390_rsa.c \
include/rng.h
libica_la_CFLAGS = ${CFLAGS_common} -DLIBNAME=\"libica\"
-libica_la_CCASFLAGS = ${AM_CFLAGS}
+libica_la_CCASFLAGS = ${AM_CFLAGS} ${ICA_ASFLAGS}
libica_la_LIBADD = ${LIBS_common}
libica_la_LDFLAGS = ${LDFLAGS_common}
libica_la_SOURCES = ${SOURCES_common}
libica_cex_la_CFLAGS = ${CFLAGS_common} -DNO_CPACF -DLIBNAME=\"libica-cex\"
-libica_cex_la_CCASFLAGS = ${AM_CFLAGS}
+libica_cex_la_CCASFLAGS = ${AM_CFLAGS} ${ICA_ASFLAGS}
libica_cex_la_LIBADD = ${LIBS_common}
libica_cex_la_LDFLAGS = ${LDFLAGS_common}
libica_cex_la_SOURCES = ${SOURCES_common}
--
2.31.1

35
SOURCES/libica-4.1.1-shmem.patch
Unescape View File

@ -0,0 +1,35 @@
From cd5b2b75554875111bf375b555ebd3b185cff1a0 Mon Sep 17 00:00:00 2001
From: Joerg Schmidbauer <jschmidb@de.ibm.com>
Date: Wed, 1 Feb 2023 10:54:33 +0100
Subject: [libica PATCH] bugfix: permission denied on shared memory segments
A change to the Linux kernel in 4.19 for added security is
changing the behavior when opening shared memory segments.
The O_CREAT flag must not be used for existing segments.
Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
---
src/icastats_shared.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/icastats_shared.c b/src/icastats_shared.c
index bbc8d0e..8290239 100644
--- a/src/icastats_shared.c
+++ b/src/icastats_shared.c
@@ -54,9 +54,10 @@ int stats_mmap(int user)
sprintf(shm_id, "icastats_%d",
user == -1 ? geteuid() : (uid_t)user);
- stats_shm_handle = shm_open(shm_id,
- O_CREAT | O_RDWR,
- S_IRUSR | S_IWUSR);
+ stats_shm_handle = shm_open(shm_id, O_RDWR, S_IRUSR | S_IWUSR);
+
+ if (stats_shm_handle == -1)
+ stats_shm_handle = shm_open(shm_id, O_CREAT | O_RDWR, S_IRUSR | S_IWUSR);
if (stats_shm_handle == -1)
return rc;
--
2.39.1

360
SPECS/libica.spec
Unescape View File

@ -0,0 +1,360 @@
%global with_fips 1
Summary: Library for accessing ICA hardware crypto on IBM z Systems
Name: libica
Version: 4.1.1
Release: 2%{?dist}
License: CPL
URL: https://github.com/opencryptoki/
Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
# annotate assembler source
# https://bugzilla.redhat.com/show_bug.cgi?id=1630582
# https://github.com/opencryptoki/libica/pull/24
Patch0: %{name}-4.0.0-annotate.patch
# fix permissions for shared memory segments
# https://bugzilla.redhat.com/show_bug.cgi?id=2167364
Patch1: %{name}-4.1.1-shmem.patch
BuildRequires: gcc
BuildRequires: openssl-devel
BuildRequires: openssl
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
BuildRequires: autoconf-archive
BuildRequires: perl(FindBin)
BuildRequires: perl(lib)
BuildRequires: make
ExclusiveArch: s390 s390x
%description
A library of functions and utilities for accessing ICA hardware crypto on
IBM z Systems.
%package devel
Summary: Development tools for programs to access ICA hardware crypto on IBM z Systems
Requires: %{name} = %{version}-%{release}
Requires: openssl-devel
%description devel
The libica-devel package contains the header files and static
libraries necessary for developing programs accessing ICA hardware crypto on
IBM z Systems.
%prep
%autosetup -p1
sh ./bootstrap.sh
%build
# FIPS openssl config is not needed on RHEL/Fedora
# https://bugzilla.redhat.com/show_bug.cgi?id=2084097
CPPFLAGS=-DNO_FIPS_CONFIG_LOAD
export CPPFLAGS
%configure --disable-static \
%if %{with_fips}
--enable-fips
%else
--disable-fips
%endif
%make_build
%install
%make_install
rm %{buildroot}%{_libdir}/libica*.la
rm %{buildroot}%{_pkgdocdir}/{INSTALL,README.md}
%check
# mock doesn't provide the device, so check here
# https://github.com/rpm-software-management/mock/issues/33
if [ -c /dev/hwrng -o -c /dev/prandom ]; then
make check
fi
%if %{with_fips}
%define __spec_install_post \
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
%{__os_install_post} \
make fipsinstall DESTDIR=%{buildroot}
%{nil}
%endif
%files
%doc AUTHORS LICENSE ChangeLog
%{_bindir}/icainfo
%{_bindir}/icainfo-cex
%{_bindir}/icastats
%if %{with_fips}
%if 0%{?fedora} >= 36 || 0%{?rhel} >= 9
%exclude %{_sysconfdir}/libica/openssl3-fips.cnf
%endif
%{_libdir}/.libica.*.hmac
%{_libdir}/.libica-cex.*.hmac
%endif
%{_libdir}/libica.so.*
%{_libdir}/libica-cex.so.*
%{_mandir}/man1/icainfo.1*
%{_mandir}/man1/icainfo-cex.1*
%{_mandir}/man1/icastats.1*
%files devel
%{_includedir}/*
%{_libdir}/libica.so
%{_libdir}/libica-cex.so
%changelog
* Tue Feb 07 2023 Dan Horák <dhorak@redhat.com> - 4.1.1-2
- fix permissions for shared memory segments (#2167364)
- Resolves: #2167364
* Mon Oct 24 2022 Dan Horák <dhorak@redhat.com> - 4.1.1-1
- updated to 4.1.1 (#2110374)
- Resolves: #2110374
* Thu Jun 30 2022 Dan Horák <dhorak@redhat.com> - 4.0.2-1
- updated to 4.0.2 (#2101767)
- Resolves: #2101767
* Mon May 16 2022 Dan Horák <dhorak@redhat.com> - 4.0.1-2
- fix running in FIPS mode (#2084097)
- Resolves: #2084097
* Thu May 12 2022 Dan Horák <dhorak@redhat.com> - 4.0.1-1
- updated to 4.0.1 (#2044178)
- Resolves: #2044178 #2044174
* Tue Feb 01 2022 Dan Horák <dan[at]danny.cz> - 4.0.0-1
- updated to 4.0.0 (#2040237)
- Resolves: #2040237
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.8.0-3
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Wed Jun 16 2021 Florian Weimer <fweimer@redhat.com> - 3.8.0-2
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Fri May 21 2021 Dan Horák <dan[at]danny.cz> - 3.8.0-1
- updated to 3.8.0 (#1869532)
- eliminate SW fallback functions (#1924119)
- updated for OpenSSL 3.0 (#1952946)
- disable FIPS support (broken)
- Resolves: #1869532 #1924119 #1952946
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.7.0-6
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.7.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.7.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jul 22 2020 Dan Horák <dan[at]danny.cz> - 3.7.0-3
- Use make macros (taken from PR#1 by <tstellar at redhat.com>)
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
* Wed Jul 15 2020 Dan Horák <dan[at]danny.cz> - 3.7.0-2
- fix FIPS integrity validation (#1857130)
* Fri May 15 2020 Dan Horák <dan[at]danny.cz> - 3.7.0-1
- updated to 3.7.0
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.6.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Tue Nov 26 2019 Dan Horák <dan[at]danny.cz> - 3.6.1-1
- updated to 3.6.1
* Mon Sep 02 2019 Dan Horák <dan[at]danny.cz> - 3.6.0-1
- updated to 3.6.0
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Wed Apr 24 2019 Dan Horák <dan[at]danny.cz> - 3.5.0-1
- updated to 3.5.0
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.4.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Nov 16 2018 Dan Horák <dan[at]danny.cz> - 3.4.0-1
- updated to 3.4.0
* Fri Sep 21 2018 Dan Horák <dan[at]danny.cz> - 3.3.3-4
- annotate assembler file (#1630582)
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Jun 13 2018 Dan Horák <dan[at]danny.cz> - 3.3.3-2
- fix executable stack in assembler code
* Tue Jun 12 2018 Dan Horák <dan[at]danny.cz> - 3.3.3-1
- updated to 3.3.3
* Tue Apr 17 2018 Dan Horák <dan[at]danny.cz> - 3.3.2-1
- updated to 3.3.2
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Mon Sep 25 2017 Dan Horák <dan[at]danny.cz> - 3.2.0-1
- updated to 3.2.0
* Mon Sep 11 2017 Dan Horák <dan[at]danny.cz> - 3.1.1-1
- updated to 3.1.1
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Tue Apr 18 2017 Dan Horák <dan[at]danny.cz> - 3.0.2-3
- update BR
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Wed Jan 18 2017 Dan Horák <dan[at]danny.cz> - 3.0.2-1
- updated to 3.0.2
* Fri Jan 13 2017 Dan Horák <dan[at]danny.cz> - 3.0.1-2
- check for /dev/prandom before running the test-suite
* Fri Jan 13 2017 Dan Horák <dan[at]danny.cz> - 3.0.1-1
- updated to 3.0.1
* Tue Apr 12 2016 Dan Horák <dan[at]danny.cz> - 2.6.2-1
- updated to 2.6.2
* Thu Mar 17 2016 Dan Horák <dan[at]danny.cz> - 2.6.1-1
- updated to 2.6.1
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Mon Sep 01 2014 Dan Horák <dan[at]danny.cz> - 2.4.2-1
- updated to 2.4.2
* Wed Jun 11 2014 Dan Horák <dan[at]danny.cz> - 2.3.0-5
- fix build with recent kernels
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Fri Mar 14 2014 Dan Horák <dan[at]danny.cz> - 2.3.0-3
- add post release fix (#1066014)
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Fri May 03 2013 Dan Horák <dan[at]danny.cz> - 2.3.0-1
- updated to 2.3.0
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Fri Aug 17 2012 Dan Horák <dan[at]danny.cz> - 2.2.0-1
- updated to 2.2.0
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Mon Jan 16 2012 Dan Horák <dan[at]danny.cz> - 2.1.1-1
- updated to 2.1.1
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Thu Jul 07 2011 Dan Horák <dan[at]danny.cz> - 2.1.0-1
- updated to 2.1.0 with soname set back to 2.0
* Mon Apr 11 2011 Dan Horák <dan[at]danny.cz> - 2.0.6-1
- updated to 2.0.6
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Wed Jan 12 2011 Dan Horák <dan[at]danny.cz> - 2.0.4-1
- Do not use sigill to wrap all HW instructions (#665401)
- updated to 2.0.4
* Tue Nov 9 2010 Dan Horák <dhorak@redhat.com> - 2.0.3-3
- Fix the return value of old_api_sha_test() in libica_sha1_test (#624005)
- Use the right buffer length when operating in 32-bit mode (#640035)
- Resolves: #624005, #640035
* Fri May 21 2010 Dan Horák <dan[at]danny.cz> - 2.0.3-2
- rebuilt with -fno-strict-aliasing (#593779)
- Resolves: #593779
* Thu Apr 22 2010 Dan Horák <dan[at]danny.cz> - 2.0.3-1
- updated to 2.0.3 (#582607)
- Resolves: #582607
* Mon Apr 12 2010 Dan Horák <dan[at]danny.cz> - 2.0.2-3
- add SIGILL handler for add_entropy (#581520)
- Resolves: #581520
* Tue Feb 16 2010 Dan Horák <dan[at]danny.cz> - 2.0.2-2
- dropped the utils sub-package
- Related: #543948
* Tue Dec 08 2009 Dennis Gregorovic <dgregor@redhat.com> - 2.0.2-1.1
- Rebuilt for RHEL 6
* Mon Aug 17 2009 Dan Horák <dan[at]danny.cz> - 2.0.2-1
- update to 2.0.2
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Wed Apr 1 2009 Dan Horák <dan[at]danny.cz> - 2.0.1-1
- update to 2.0.1
* Mon Mar 23 2009 Dan Horák <dan[at]danny.cz> - 2.0-1
- update to 2.0
- spec file cleanup before submitting to Fedora
* Sun Sep 14 2008 Phil Knirsch <pknirsch@redhat.com> - 1.3.7-8.el5
- Added the icainfo tool to libica (#439484)
* Tue Apr 01 2008 Phil Knirsch <pknirsch@redhat.com> - 1.3.7-7.el5
- Fixed build of libica with latest AES & SHA feature (#439390)
* Tue Jan 15 2008 Phil Knirsch <pknirsch@redhat.com> - 1.3.7-6.el5
- Added Software Support for CP Assist Instructions AES & SHA (#318971)
* Thu Nov 23 2006 Phil Knirsch <pknirsch@redhat.com> - 1.3.7-5.el5
- Fixed requires bug where devel packages would get wrong arch lib (#215908)
* Fri Oct 13 2006 Phil Knirsch <pknirsch@redhat.com> - 1.3.7-4
- Fixed bug where libica fails to initialize when no crypto hardware is
available (#210504)
- Only build libica for s390(x), really only needed there.
* Fri Sep 08 2006 Phil Knirsch <pknirsch@redhat.com> - 1.3.7-3
- Build for other archs as well due to openCryptoki requirement (#184631)
* Fri Jul 14 2006 Tim Powers <timp@redhat.com> - 1.3.7-2
- rebuild
* Tue Jun 13 2006 Phil Knirsch <pknirsch@redhat.com> - 1.3.7-1
- Update to libica-1.3.7 final
- Fixed build on latest devel tree
* Tue Apr 04 2006 Phil Knirsch <pknirsch@redhat.com> - 1.3.6-rc3-1
- Initial package.
Write Preview
Loading…
Cancel
Save