Accepting request 649819 from devel:openSUSE:Factory

- Upgraded to version 3.3.3 (Fate#325690)
  * v3.3.3
    [PATCH] Various bug fixes
  * v3.3.2
    [PATCH] Skip ECC tests if required HW is not available
    [PATCH] Update spec file
  * v3.3.1
    [PATCH] Fix configure.ac to honour CFLAGS
  * v3.3.0
    [FEATURE] Add CEX supported elliptic-curve crypto interfaces
    [FEATURE] Add SIMD supported multiple-precision arithmetic interfaces
    [FEATURE] Add interface to enable/disable SW fallbacks
    [FEATURE] Add 'make check' target, test-suite rework
  * v3.2.1
    [FEATURE] Use z14 PRNO-TRNG to seed SHA512-DRBG.
    [PATCH] Various bug fixes.
- Dropped obsolete patch increment-icastats-counter-for-aes-gcm.patch
- Removed COPYING from %files, since it is no longer in the tarball.
- Added Add-non-executable-gnu-stack-markings-in-the-assembl.patch
  (bsc#1103493).
- Made multiple changes to the spec file based on the output of
  spec-cleaner
- Added "Obsoletes: libica-2_3_0" to the libica-tools package to
  fix a problem with upgrading from SLES12 SP2 to either SLES12
  SP3/SP4, or SLES15. (bsc#1112655)
- Added "Obsoletes: libica2" to the libica-tools package to fix
  a problem with upgrading from SLES12 SP2 to either SLES12
  SP3/SP4, or SLES15. (bsc#1046435, bsc#1104638)
- Added increment-icastats-counter-for-aes-gcm.patch (bsc#1086756)
- Updated boot.z90crypt script to fix a problem with the modprobe
  command not being found. (bsc#1040229).
- Added "Recommends: libica-tools" (bsc#1046435).
- Replace references to /var/adm/fillup-templates with new 
  %_fillupdir macro (boo#1069468)
- Added "--enable-fips" to the %configure parms (Fate#324115)
- Upgraded to version 3.2 (Fate#321517)
  * v3.2.0
    [FEATURE] New AES-GCM interface.
    [UPDATE] Add symbol versioning.
  * v3.1.1
    [PATCH] Various bug fixes related to old and new AES-GCM implementations.
    [UPDATE] Add SHA3 test cases. Improved and extended test suite.
  * v3.1.0
    [FEATURE] Add KMA support for AES-GCM.
    [FEATURE] Add SHA-3 support.
    [PATCH] Reject RSA keys with invalid key-length.
    [PATCH] Allow zero output length for ica_random_number_generate.
    [PATCH] icastats: Correct owner of shared segment when root creates it.
  * Removed the following obsolete patches:
    libica-3.0.2-01-fix-old-aes-gcm-decrypt-code-path.patch
    libica-3.0.2-02-fix-aes-ccm-encrypt-code-path.patch
    libica-3.0.2-03-fix-aes-ctr.patch
    libica-3.0.2-04-fix-aes-gcm-to-allow-zero-pt-ct-length.patch
- libica: AES-GCM/CCM sometimes compute wrong tag values (bsc#1058567)
  - Added the following patches (bsc#1058567)
    - libica-3.0.2-01-fix-old-aes-gcm-decrypt-code-path.patch
    - libica-3.0.2-02-fix-aes-ccm-encrypt-code-path.patch
    - libica-3.0.2-03-fix-aes-ctr.patch
    - libica-3.0.2-04-fix-aes-gcm-to-allow-zero-pt-ct-length.patch
- baselibs.conf doesn't need any additional provides/conflicts for
  libica3.
- Update baselibs.conf with proper name for library package name,
  stop providing/obsoleting libica-2_1_0/libica-2_3-0.
- Upgraded to version 3.0.2 (Fate#322025).
  - v3.0.2
    - Fix locking callbacks for openSSL APIs.
  - v3.0.1
    - Fixed msa level detection on zEC/BC12 GA1 and predecessors.
  - v3.0.0
    - Added FIPS mode.
    - Sanitized exported symbols.
    - Removed deprecated APIs. Marked some APIs as deprecated.
    - Adapted to OpenSSL v1.1.0.
    - RSA key generation is thread-safe now.
- Removed the following obsolete patches:
  - fix-initialization-of-s390-hardware-switches-1.patch
  - fix-initialization-of-s390-hardware-switches-2.patch
  - fix-msa-level-detection.patch
  - fix-segfault-during-multithread-keygen.patch
  - rng-performance.patch
- Made the following packaging changes:
  - Implemented the shared library packaging guidelines.
  - Consolidated double invocation of %setup into just one.
  - Dropped redundant %ifarch, the package is already ExclusiveArch.
  - Updated descriptions.
- Added an libica-rpmlintrc file.
- Added the following two patches:
  - fix-segfault-during-multithread-keygen.patch (bsc#991485)
  - fix-msa-level-detection.patch (bsc#1010927)
- Added rng-performance.patch (bsc#990850).
- Updated baselibs.conf to obsolete prior versions of the 32bit
  package. (bsc#983897):
   provides "libica-<targettype> = <version>"
   obsoletes "libica-<targettype> < <version>"
   provides "libica-2_1_0-<targettype> = <version>"
   obsoletes "libica-2_1_0-<targettype> < <version>"
   provides "libica-2_3_0-<targettype> = <version>"
   obsoletes "libica-2_3_0-<targettype> < <version>"
- Added fix-initialization-of-s390-hardware-switches-1.patch and
  fix-initialization-of-s390-hardware-switches-2.patch (bsc#980548)
- Upgraded to version 2.6.2 (FATE#319610).
- Renamed /etc/init.d/z90crypt to boot.z90crypt to conform to
  naming standards.
- Found the original location of the icaioctl.h file and downloaded
  it to replace what we had previously.
- Removed the unnecessary libica2.la file
- Removed unnecessary Requires for glibc-devel
- Added Requires libica2 to the -devel package
- Converted call to configure to %configure macro
- Removed obsolete and unnecessary INSROOT and bindir parameters
  from the make install command
- Add Provides/Obsoletes for libica-2_3_0 so that the package from
  SLE12 GA is replaced (bsc#953096).
- move the .so file to the mainpackage, the openssl-ibmca engine
  will only load "libica.so" (bsc#952871)
- Update to libica v2.4.2 (FATE#318035)
- Removed outdated libica-aes_ccm-31-bit-compatibility.patch
- Moved init script into libica-SuSE.tar.bz2 archive
- sanitize release line in specfile
- Moved z90crypt out of useless libica-SuSE.tar.bz2 tarball to root
- Removed libica-SuSE.tar.bz2
- z90crypt now starts and stops ap kernel module (bnc#888943)
- libica-aes_ccm-31-bit-compatibility.patch: AES_CCM:
  fixed 64/31 bit compatibility
- add obsoletes and provides for older libica versions 
- update to 2.3.0 (fate#315342) 
- obsolete/upstreamed patches:
  libica-2_1_0-fix_temporary_buffer_allocation_in_ica_get_version.patch
  libica-2_1_0-msa4-extension.patch
  libica-2_1_0-synchronize_shared_memory_ref_counting.patch
- Added COPYING to %files
- Fixed build dependency errors by requiring autoconf, automake
  and libtool
- Changed license to CPL-1.0
- Created devel package
- Support for MSA4 extension (bnc#794518, fate#314078)
- synchronize shared memory reference counting for library
  statistics (bnc#719659)
- fix temporary buffer allocation in ica_get_version() (bnc#719660)
- update -> 2.1.0 (fate#311914)
- Moved icainfo into /usr/bin (bnc#448643)
- obsolete old -XXbit packages (bnc#437293)
- fix build on all platforms 
- Added CPL license to include/z90crypt.h, removed GPL reference
  (This patch is upstream)
- Changed package name to libica-1_3_9 to conform to rpmlint
  requirements. (bnc#433432)
- Removed soname filter for rpmlint
- Several RPM fixes to help satisfy rpmlint
- Updated to libica 1.3.9
- added baselibs.conf file to build xxbit packages
  for multilib support
- remove inclusion of linux/config.h
- z90crypt: handle errors (bug #247799)
- Add gcc-c++ to BuildRequires.
- fix build for the rest of platforms 
- Update to libica 1.3.7 (#160036 - LTC22571)
- Increasing # of open handles with symmetric crypto support
  (#165323 - LTC23095)
- converted neededforbuild to BuildRequires
- include string.h and unistd.h in icalinux.c 
- Port package from SLES9 SP3
- Update to libica 1.3.6-rc3.
- Close all filehandles (#130060 - LTC19221).
- downgrade to libica 1.3.6-rc2 (contains AES software fallback,
  bug #117336)
- Update to libica 1.3.6 (#117336)
- fix implicit declaration 
- Changing the default value from 0 to -1 in rcz90crypt (#114371) 
- Finally fix 'reload' messages (#81824 - LTC15733).
- Fix sigill patch.
- Remove printf output from sigill patch (#81829 - LTC15731).
- Use correct default value for z90crypt (#81825 - LTC15732).
- Fix messages for 'reload' (#81824 - LTC15733).
- Fixed SIGILL on z900 (#46422).
- Fixed range for 'domain' parameter in sysconfig.z90crypt (#42005).
- Fix module loading error (#42006).
- Add sysconfig variable to set the 'domain' parameter (#42005).
- update -> 1.3.5-3 (bug #42122)
- Update README.SuSE and correct name as well
- Use modprobe instead of insmod and fix module load error(#40526)
- Fix error checking for no hardware found case and hw error on load
- Update Readme again for the correct name (SUSE LINUX Server).
- Moved README.SuSE to README.SUSE.
- Update Readme to refer to the correct name (SUSE Linux Server).
- Update to 1.3.5-2 (#38511, #39693).
- Update Readme to refer to SUSE Linux Server instead of
  SuSE Linux Enterprise Server.
- Update to 1.3.5
- export CFLAGS & CPPFLAGS for configure
- Exclude S/390-specific files for other archs (#37183) 
- add "-I./include" to CFLAGS and use RPM_OPT_FLAGS
- fix build
- build as user
- update to 1.3.4
- update to 1.3.2
- update to 1.3.1:
  now supports DES, TDES and SHA, as well as RSA.
- throw libica.patch away, since autoversion and Makefile.am have
  similar changes now, and the renaming from _LINUX_S390_ to
  __s390__ is not really necessary
- use %defattr
- checked that icaioctl.h is still current
- dump the bin-only z90crypt-2.4.7-s390-2.tar.gz which has gone
  open source meanwhile and comes with the kernel sources
- added documentation how to set up crypto hardware support,
  esp. S/390 and zSeries. (#16011, #22056)
- upgraded to version 1.2 as requested by IBM to make openCryptoki 1.5
  actually work. (#20737)
- Correct PreReq
- fixed src/Makefile.am and ugly ./autoversion to honor %_lib and
  to build on non-s390
- updated to current libica
- hacked in icaioctl.h for build, 'til we have the module in the
  kernel.
- add %run_ldconfig
- fix for current automake/autoconf
- removed old fillup-template and START_ variable 
- modified etc/init.d/z90crypt-script to report result at start.
- Added openssl to #neededforbuild, which is needed in addition to
  openssl-devel
- initial version

OBS-URL: https://build.opensuse.org/request/show/649819
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libica?expand=0&rev=12

Add-non-executable-gnu-stack-markings-in-the-assembl.patch

@@ -0,0 +1,27 @@
+From 524659f8e042aed45015e1aca930a3cfe5ffa628 Mon Sep 17 00:00:00 2001
+From: Patrick Steuer <patrick.steuer@de.ibm.com>
+Date: Tue, 12 Jun 2018 14:36:45 +0200
+Subject: [PATCH 303/303] Add non-executable gnu stack markings in the
+ assembly.
+
+Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
+---
+ src/mp.pl | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/mp.pl b/src/mp.pl
+index 3c73736..e249f61 100755
+--- a/src/mp.pl
++++ b/src/mp.pl
+@@ -505,4 +505,8 @@ LONG	(0x100e0f00,0x01020304,0x10050607,0x18191a1b);
+ LONG	(0x10000102,0x03040506,0x10071819,0x1a1b1c1d);
+ LONG	(0x00000000,0x00000018,0x00191a1b,0x1c1d1e1f);
+ 
++VERBATIM("#if defined(__linux__) && defined(__ELF__)\n");
++SECTION	(".note.GNU-stack,\"\",%progbits");
++VERBATIM("#endif\n");
++
+ PERLASM_END();
+-- 
+2.13.7
+

increment-icastats-counter-for-aes-gcm.patch

@@ -1,25 +0,0 @@
-From ae94822a5d949b45d5a5630ff2819b10e55f88d1 Mon Sep 17 00:00:00 2001
-From: Joerg Schmidbauer <jschmidb@de.ibm.com>
-Date: Mon, 13 Nov 2017 15:23:26 +0100
-Subject: [PATCH] Bugfix: Increment icastats counter for AES-GCM.
- Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
-
----
- src/include/s390_gcm.h | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/include/s390_gcm.h b/src/include/s390_gcm.h
-index 4f1d853..e856a1c 100644
---- a/src/include/s390_gcm.h
-+++ b/src/include/s390_gcm.h
-@@ -749,6 +749,10 @@ static inline int s390_aes_gcm_kma(const unsigned char *in_data,
- 
- 	if (rc >= 0) {
- 		ctx->subkey_provided = 1;
-+		if (ctx->direction)
-+			stats_increment(ICA_STATS_AES_GCM, ALGO_HW, ENCRYPT);
-+		else
-+			stats_increment(ICA_STATS_AES_GCM, ALGO_HW, DECRYPT);
- 		return 0;
- 	} else
- 		return EIO;

libica-3.2.0.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b548095991269ef1ecfa081266ed7f43d46294bde48a0b7a4db63d1c0e212e50
-size 428645

libica-3.3.3.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:034f20b74bacb049dac1a7797039369434dcde8035c96ca8a964471bf431b53a
+size 467543

libica.changes

@@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Wed Nov 14 18:01:37 UTC 2018 - mpost@suse.com
+
+- Upgraded to version 3.3.3 (Fate#325690)
+  * v3.3.3
+    [PATCH] Various bug fixes
+  * v3.3.2
+    [PATCH] Skip ECC tests if required HW is not available
+    [PATCH] Update spec file
+  * v3.3.1
+    [PATCH] Fix configure.ac to honour CFLAGS
+  * v3.3.0
+    [FEATURE] Add CEX supported elliptic-curve crypto interfaces
+    [FEATURE] Add SIMD supported multiple-precision arithmetic interfaces
+    [FEATURE] Add interface to enable/disable SW fallbacks
+    [FEATURE] Add 'make check' target, test-suite rework
+  * v3.2.1
+    [FEATURE] Use z14 PRNO-TRNG to seed SHA512-DRBG.
+    [PATCH] Various bug fixes.
+- Dropped obsolete patch increment-icastats-counter-for-aes-gcm.patch
+- Removed COPYING from %files, since it is no longer in the tarball.
+- Added Add-non-executable-gnu-stack-markings-in-the-assembl.patch
+  (bsc#1103493).
+- Made multiple changes to the spec file based on the output of
+  spec-cleaner
+
 -------------------------------------------------------------------
 Mon Oct 22 19:09:13 UTC 2018 - mpost@suse.com
 
@@ -36,8 +62,8 @@ Fri Sep 22 21:27:04 UTC 2017 - mpost@suse.com
 
 - Upgraded to version 3.2 (Fate#321517)
   * v3.2.0
-   [FEATURE] New AES-GCM interface.
-   [UPDATE] Add symbol versioning.
+    [FEATURE] New AES-GCM interface.
+    [UPDATE] Add symbol versioning.
   * v3.1.1
     [PATCH] Various bug fixes related to old and new AES-GCM implementations.
     [UPDATE] Add SHA3 test cases. Improved and extended test suite.

libica.spec

@@ -18,20 +18,16 @@
 
 #Compat macro for new _fillupdir macro introduced in Nov 2017
 %if ! %{defined _fillupdir}
-  %define _fillupdir /var/adm/fillup-templates
+  %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 
 Name:           libica
-BuildRequires:  autoconf
-BuildRequires:  automake
-BuildRequires:  gcc-c++
-BuildRequires:  libtool
-BuildRequires:  openssl-devel
+Version:        3.3.3
+Release:        0
 Summary:        Library interface for the IBM Cryptographic Accelerator device driver
 License:        CPL-1.0
 Group:          Hardware/Other
-Version:        3.2.0
-Release:        0
+Url:            https://github.com/opencryptoki/libica
 Source:         libica-%{version}.tar.gz
 Source1:        libica-SuSE.tar.bz2
 # The icaioctl.h file came from https://sourceforge.net/p/opencryptoki/icadd/ci/master/tree/
@@ -40,11 +36,14 @@ Source4:        README.SUSE
 Source5:        sysconfig.z90crypt
 Source6:        baselibs.conf
 Source7:        %{name}-rpmlintrc
-Patch1:         increment-icastats-counter-for-aes-gcm.patch
-
-Url:            https://github.com/opencryptoki/libica
-BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-PreReq:         %fillup_prereq %insserv_prereq
+Patch1:         Add-non-executable-gnu-stack-markings-in-the-assembl.patch
+BuildRequires:  autoconf
+BuildRequires:  automake
+BuildRequires:  gcc-c++
+BuildRequires:  libtool
+BuildRequires:  openssl-devel
+PreReq:         %fillup_prereq
+PreReq:         %insserv_prereq
 ExclusiveArch:  s390 s390x
 
 %description
@@ -78,12 +77,12 @@ eServer Cryptographic Accelerator (ICA).
 %package        devel
 Summary:        Development files for the ICA device driver interface library
 Group:          Development/Libraries/C and C++
+Requires:       libica3 = %{version}
+Requires:       libopenssl-devel
 Obsoletes:      libica-2_1_0-devel < %{version}-%{release}
 Provides:       libica-2_1_0-devel = %{version}-%{release}
 Obsoletes:      libica-2_3_0-devel < %{version}-%{release}
 Provides:       libica-2_3_0-devel = %{version}-%{release}
-Requires:       libica3 = %{version}
-Requires:       libopenssl-devel
 
 %description devel
 This package contains the interface library routines used by IBM
@@ -107,35 +106,37 @@ This RPM contains all the tools necessary to compile and link using
 the libica library.
 
 %prep
-%setup -a 1
+%setup -q -a 1
 %patch1 -p1
 
 %build
 mkdir -p include/linux/
-cp %{S:3} include/linux/
+cp %{SOURCE3} include/linux/
 
 autoreconf --force --install
-%configure CPPFLAGS="-Iinclude -fPIC" CFLAGS="%optflags -fPIC" \
+%configure CPPFLAGS="-Iinclude -fPIC" CFLAGS="%{optflags} -fPIC" \
   --enable-fips
 make clean
 make %{?_smp_mflags}
 
 %install
-mkdir -p $RPM_BUILD_ROOT/usr/include
-make DESTDIR=$RPM_BUILD_ROOT install
-cp -p include/ica_api.h $RPM_BUILD_ROOT/usr/include
-cp -a SuSE/* $RPM_BUILD_ROOT
-install -D %{S:5} $RPM_BUILD_ROOT%{_fillupdir}/sysconfig.z90crypt
-cp -a $RPM_SOURCE_DIR/README.SUSE .
-rm -f $RPM_BUILD_ROOT/%{_libdir}/libica.la
+mkdir -p %{buildroot}%{_includedir}
+%make_install
+cp -p include/ica_api.h %{buildroot}%{_includedir}
+cp -a SuSE/* %{buildroot}
+install -D %{SOURCE5} %{buildroot}%{_fillupdir}/sysconfig.z90crypt
+cp -a %{_sourcedir}/README.SUSE .
+rm -f %{buildroot}%{_libdir}/libica.la
+rm -f %{buildroot}%{_datadir}/doc/libica/*
+rmdir %{buildroot}%{_datadir}/doc/libica
 
-%post
+%post tools
 %{fillup_and_insserv -n boot.z90crypt}
 
-%preun
+%preun tools
 %stop_on_removal boot.z90crypt
 
-%postun
+%postun tools
 %restart_on_update boot.z90crypt
 %{insserv_cleanup}
 
@@ -148,20 +149,21 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libica.la
 
 %files tools
 %defattr(-, root, root)
-%doc README.SUSE COPYING LICENSE
+%license LICENSE
+%doc README.SUSE
 %{_initddir}/boot.z90crypt
 %{_sbindir}/rcz90crypt
 %attr(0644,root,root) %{_fillupdir}/sysconfig.z90crypt
 %{_bindir}/icainfo
 %{_bindir}/icastats
-%{_mandir}/man1/icainfo.1.gz
-%{_mandir}/man1/icastats.1.gz
+%{_mandir}/man1/icainfo.1%{?ext_man}
+%{_mandir}/man1/icastats.1%{?ext_man}
 # Must be in here, otherwise openssl-ibmca does not find it via DSO_load() bsc#952871
 %{_libdir}/libica.so
 
 %files devel
 %defattr(-, root, root)
-%attr(0644,root,root) /usr/include/ica_api.h
+%attr(0644,root,root) %{_includedir}/ica_api.h
 
 %files devel-static
 %defattr(-, root, root)