From 8b1c8f3d365a5b6a79a3b4517ac641f2de845961d79af5e1c5a15cd7642192fa Mon Sep 17 00:00:00 2001 From: Mark Post Date: Wed, 14 Sep 2022 18:37:50 +0000 Subject: [PATCH 1/5] OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=65 --- libica-4.0.3.tar.gz | 3 +++ ...-possible-to-specify-fipshmac-binary.patch | 8 ++++--- libica-rpmlintrc | 1 + ...ch => libica-sles15sp5-FIPS-hmac-key.patch | 10 +++++---- libica.changes | 22 +++++++++++++++++++ libica.spec | 15 ++++++++----- 6 files changed, 46 insertions(+), 13 deletions(-) create mode 100644 libica-4.0.3.tar.gz rename libica-sles15sp2-FIPS-hmac-key.patch => libica-sles15sp5-FIPS-hmac-key.patch (54%) diff --git a/libica-4.0.3.tar.gz b/libica-4.0.3.tar.gz new file mode 100644 index 0000000..dcff85c --- /dev/null +++ b/libica-4.0.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fe44e8b31f0d0f09da3f86ef46d6089fea7d7c453f5d196b88cee6ab4621a385 +size 553081 diff --git a/libica-FIPS-make-it-possible-to-specify-fipshmac-binary.patch b/libica-FIPS-make-it-possible-to-specify-fipshmac-binary.patch index 7dd262c..b1e8b0c 100644 --- a/libica-FIPS-make-it-possible-to-specify-fipshmac-binary.patch +++ b/libica-FIPS-make-it-possible-to-specify-fipshmac-binary.patch @@ -32,13 +32,15 @@ diff --git a/src/Makefile.am b/src/Makefile.am index 4a1ef14..2be01a5 100644 --- a/src/Makefile.am +++ b/src/Makefile.am -@@ -46,13 +46,13 @@ mp.S : mp.pl +@@ -47,6 +47,7 @@ ./mp.pl mp.S if ICA_FIPS +FIPSHMAC ?= ${top_srcdir}/openssl-fipshmac - hmac-file-lnk: hmac-file - $(AM_V_GEN) cd ${top_builddir}/src/.libs && ln -sf .libica.so.$(VERSION1).hmac .libica.so.$(MAJOR).hmac + fipsinstall: + $(AM_V_GEN) openssl dgst -sha256 -mac hmac -macopt hexkey:00000000 $(DESTDIR)$(libdir)/libica.so.$(VERSION1) | sed -e 's/^.* //' > $(DESTDIR)$(libdir)/.libica.so.$(VERSION1).hmac + $(AM_V_GEN) cd $(DESTDIR)$(libdir) && ln -sf .libica.so.$(VERSION1).hmac .libica.so.$(MAJOR).hmac +@@ -58,8 +59,7 @@ $(AM_V_GEN) cd ${top_builddir}/src/.libs && ln -sf .libica-cex.so.$(VERSION1).hmac .libica-cex.so.$(MAJOR).hmac hmac-file: libica.la libica-cex.la diff --git a/libica-rpmlintrc b/libica-rpmlintrc index d02edc6..dd74098 100644 --- a/libica-rpmlintrc +++ b/libica-rpmlintrc @@ -3,3 +3,4 @@ addFilter("libica-devel-static.* shlib-policy-missing-lib") addFilter("libica-tools.* devel-file-in-non-devel-package .* /usr/lib64/libica.so") addFilter("libica-tools.* files-duplicate /usr/share/doc/packages/libica-tools/COPYING /usr/share/doc/packages/libica-tools/LICENSE") addFilter("libica*.* hidden-file-or-dir /usr/lib64/.libica.so.*.hmac") +addFilter("libica*.* hidden-file-or-dir /usr/lib64/.libica-cex.so.*.hmac") diff --git a/libica-sles15sp2-FIPS-hmac-key.patch b/libica-sles15sp5-FIPS-hmac-key.patch similarity index 54% rename from libica-sles15sp2-FIPS-hmac-key.patch rename to libica-sles15sp5-FIPS-hmac-key.patch index f533fa7..c473357 100644 --- a/libica-sles15sp2-FIPS-hmac-key.patch +++ b/libica-sles15sp5-FIPS-hmac-key.patch @@ -1,6 +1,8 @@ ---- libica-3.6.0/src/fips.c 2020-05-04 17:01:23.238805001 -0400 -+++ libica-3.6.0/src/fips.c 2020-05-04 16:58:51.352241763 -0400 -@@ -45,8 +45,7 @@ +--- libica-4.3.0/src/fips.c 2020-05-04 17:01:23.238805001 -0400 ++++ libica-4.3.0/src/fips.c 2020-05-04 16:58:51.352241763 -0400 +@@ -65,10 +65,9 @@ + * integrity test. The recommended key size for HMAC-SHA256 is 64 bytes. + * The known HMAC is supposed to be provided as hex string in a file * .libica.so.VERSION.hmac in the same directory as the .so module. - */ + /* HMAC key is hexidecimal for: "orboDeJITITejsirpADONivirpUkvarP" */ @@ -9,5 +11,5 @@ - "0000000000000000000000000000000000000000000000000000000000000000"; + "6f72626f44654a49544954656a7369727041444f4e6976697270556b76617250"; - int fips; + #endif /* ICA_INTERNAL_TEST */ diff --git a/libica.changes b/libica.changes index 53400d3..ba1f7fa 100644 --- a/libica.changes +++ b/libica.changes @@ -1,3 +1,25 @@ +------------------------------------------------------------------- +Mon Sep 12 19:09:59 UTC 2022 - Mark Post + +- Upgraded to version 4.0.3 (jsc#PED-581, jsc#PED-621, jsc#PED-629) + v4.0.3 + - [PATCH] Reduce the number of open file descriptors + - [PATCH] Various bug fixes + v4.0.2 + - [PATCH] Various bug fixes + v4.0.1 + - [PATCH] Various bug fixes + - [PATCH] Compute HMAC from installed library + v4.0.0 + - [UPDATE] NO_SW_FALLBACKS is now the default for libica.so + [UPDATE] Removed deprecated API functions including tests + [UPDATE] Introduced 'const' for some API function parameters + [FEATURE] icastats: new parm -k to display detailed counters +- Updated the libica-rpmlintrc file to suppress warnings about the + libica-cex hmac files being hidden. +- Updated the spec file to properly both obsolete and provide two + older versions of the package. + ------------------------------------------------------------------- Tue Oct 19 21:20:22 UTC 2021 - Mark Post diff --git a/libica.spec b/libica.spec index c4444f5..dbb8187 100644 --- a/libica.spec +++ b/libica.spec @@ -1,7 +1,7 @@ # # spec file for package libica # -# Copyright (c) 2018-2021 SUSE LLC +# Copyright (c) 2018-2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,7 +22,7 @@ %endif Name: libica -Version: 3.9.0 +Version: 4.0.3 Release: 0 Summary: Library interface for the IBM Cryptographic Accelerator device driver License: CPL-1.0 @@ -38,7 +38,7 @@ Source5: z90crypt.service Source6: baselibs.conf Source7: %{name}-rpmlintrc Patch01: libica-FIPS-make-it-possible-to-specify-fipshmac-binary.patch -Patch99: libica-sles15sp2-FIPS-hmac-key.patch +Patch99: libica-sles15sp5-FIPS-hmac-key.patch BuildRequires: autoconf BuildRequires: automake @@ -68,10 +68,12 @@ modules to interface with the IBM eServer Cryptographic Accelerator Summary: Utilities for the IBM Cryptographic Accelerator Group: Hardware/Other Obsoletes: libica < %{version}-%{release} -Obsoletes: libica-2_3_0 -Obsoletes: libica2 +Obsoletes: libica-2_3_0 < %{version}-%{release} +Obsoletes: libica2 < %{version}-%{release} Provides: libica = %{version}-%{release} +Provides: libica-2_3_0 = %{version}-%{release} Provides: libica-plugin = %{version}-%{release} +Provides: libica2 = %{version}-%{release} %description tools This package contains command-line utilities to inspect the IBM @@ -127,6 +129,7 @@ autoreconf --force --install %install %make_install FIPSHMAC=fipshmac +make fipsinstall FIPSHMAC=fipshmac DESTDIR=%{buildroot} mkdir -p %{buildroot}%{_includedir} cp -p include/ica_api.h %{buildroot}%{_includedir} mkdir -p %{buildroot}%{_sbindir} @@ -177,7 +180,7 @@ rmdir %{buildroot}%{_datadir}/doc/libica %license LICENSE %doc README.SUSE %{_sbindir}/rcz90crypt -%{_fillupdir}/sysconfig.z90crypt +%attr(644,root,root) %{_fillupdir}/sysconfig.z90crypt %{_bindir}/icainfo %{_bindir}/icainfo-cex %{_bindir}/icastats From 7994780419c1146411ddb4a45f4859c91caec9e06f7bac511f8858782c547c81 Mon Sep 17 00:00:00 2001 From: Mark Post Date: Wed, 14 Sep 2022 18:38:25 +0000 Subject: [PATCH 2/5] OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=66 --- libica-3.9.0.tar.gz | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 libica-3.9.0.tar.gz diff --git a/libica-3.9.0.tar.gz b/libica-3.9.0.tar.gz deleted file mode 100644 index 34c046f..0000000 --- a/libica-3.9.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4969f9d30dbd0e81fe328161dfcbb313d6aebd79224077eaf99779e9ad895d03 -size 553295 From 42eb8cd89932fb39d703ff256d1d0a95a73d8a8a086cecccbbe2aafcd71a3df5 Mon Sep 17 00:00:00 2001 From: Mark Post Date: Wed, 14 Sep 2022 22:15:28 +0000 Subject: [PATCH 3/5] Accepting request 1003628 from home:markkp:branches:devel:openSUSE:Factory Updated package for jsc#PED-581, jsc#PED-621, and jsc#PED-629 OBS-URL: https://build.opensuse.org/request/show/1003628 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=67 --- libica-rpmlintrc | 5 +---- libica.spec | 14 ++++++++------ 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/libica-rpmlintrc b/libica-rpmlintrc index dd74098..7b2660b 100644 --- a/libica-rpmlintrc +++ b/libica-rpmlintrc @@ -1,6 +1,3 @@ -addFilter("libica-tools.* shlib-policy-missing-lib") -addFilter("libica-devel-static.* shlib-policy-missing-lib") -addFilter("libica-tools.* devel-file-in-non-devel-package .* /usr/lib64/libica.so") -addFilter("libica-tools.* files-duplicate /usr/share/doc/packages/libica-tools/COPYING /usr/share/doc/packages/libica-tools/LICENSE") +addFilter("libica-tools.* * devel-file-in-non-devel-package * /usr/lib64/libica.so") addFilter("libica*.* hidden-file-or-dir /usr/lib64/.libica.so.*.hmac") addFilter("libica*.* hidden-file-or-dir /usr/lib64/.libica-cex.so.*.hmac") diff --git a/libica.spec b/libica.spec index dbb8187..625a0c3 100644 --- a/libica.spec +++ b/libica.spec @@ -54,12 +54,12 @@ This package contains the interface library routines used by IBM modules to interface with the IBM eServer Cryptographic Accelerator (ICA). -%package -n libica3 +%package -n libica4 Summary: Library interface for the IBM Cryptographic Accelerator Group: System/Libraries Recommends: libica-tools -%description -n libica3 +%description -n libica4 This package contains the interface library routines used by IBM modules to interface with the IBM eServer Cryptographic Accelerator (ICA). @@ -70,10 +70,12 @@ Group: Hardware/Other Obsoletes: libica < %{version}-%{release} Obsoletes: libica-2_3_0 < %{version}-%{release} Obsoletes: libica2 < %{version}-%{release} +Obsoletes: libica3 < %{version}-%{release} Provides: libica = %{version}-%{release} Provides: libica-2_3_0 = %{version}-%{release} Provides: libica-plugin = %{version}-%{release} Provides: libica2 = %{version}-%{release} +Provides: libica3 = %{version}-%{release} %description tools This package contains command-line utilities to inspect the IBM @@ -82,7 +84,7 @@ eServer Cryptographic Accelerator (ICA). %package devel Summary: Development files for the ICA device driver interface library Group: Development/Libraries/C and C++ -Requires: libica3 = %{version} +Requires: libica4 = %{version} Requires: libopenssl-devel Obsoletes: libica-2_1_0-devel < %{version}-%{release} Provides: libica-2_1_0-devel = %{version}-%{release} @@ -163,10 +165,10 @@ rmdir %{buildroot}%{_datadir}/doc/libica %postun tools %service_del_postun z90crypt.service -%post -n libica3 -p /sbin/ldconfig -%postun -n libica3 -p /sbin/ldconfig +%post -n libica4 -p /sbin/ldconfig +%postun -n libica4 -p /sbin/ldconfig -%files -n libica3 +%files -n libica4 %{_libdir}/libica.so.%{version} %{_libdir}/libica.so.%{major} %{_libdir}/.libica.so.%{version}.hmac From 6d110f7032184798e5cbea4a102d2c75b0094f31de8b44e5e370e46c044bee0e Mon Sep 17 00:00:00 2001 From: Mark Post Date: Wed, 14 Sep 2022 22:27:14 +0000 Subject: [PATCH 4/5] Accepting request 1003630 from home:markkp:branches:devel:openSUSE:Factory Updated package for jsc#PED-581, jsc#PED-621, jsc#PED-629 OBS-URL: https://build.opensuse.org/request/show/1003630 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=68 --- baselibs.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/baselibs.conf b/baselibs.conf index 27ee63c..97c4a6e 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1 +1 @@ -libica3 +libica4 From 462d552a0af6d6dea0badf4149260bde9e81e1be0d9ab63c5953673312f1f086 Mon Sep 17 00:00:00 2001 From: Mark Post Date: Wed, 14 Sep 2022 22:40:22 +0000 Subject: [PATCH 5/5] Accepting request 1003632 from home:markkp:branches:devel:openSUSE:Factory Updated package for jsc#PED-581, jsc#PED-621, jsc#PED-629 OBS-URL: https://build.opensuse.org/request/show/1003632 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=69 --- libica.changes | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libica.changes b/libica.changes index ba1f7fa..24a66d0 100644 --- a/libica.changes +++ b/libica.changes @@ -15,6 +15,8 @@ Mon Sep 12 19:09:59 UTC 2022 - Mark Post [UPDATE] Removed deprecated API functions including tests [UPDATE] Introduced 'const' for some API function parameters [FEATURE] icastats: new parm -k to display detailed counters +- Replaced libica-sles15sp2-FIPS-hmac-key.patch with an updated + version named libica-sles15sp5-FIPS-hmac-key.patch. - Updated the libica-rpmlintrc file to suppress warnings about the libica-cex hmac files being hidden. - Updated the spec file to properly both obsolete and provide two