Accepting request 508954 from security

Add reproduciblesort.patch to always link .o files in the same order and
Add reproducibledate.patch to not add current time to man-pages to fix build-compare (forwarded request 508953 from bmwiedemann)

OBS-URL: https://build.opensuse.org/request/show/508954
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libkcapi?expand=0&rev=2

libkcapi.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Sat Jul  8 14:04:41 UTC 2017 - bwiedemann@suse.com
+
+- Add reproduciblesort.patch to always link .o files in the same order and
+- Add reproducibledate.patch to not add current time to man-pages to fix build-compare
+
 -------------------------------------------------------------------
 Thu Jun 29 08:13:54 UTC 2017 - meissner@suse.com
 

libkcapi.spec

@@ -26,6 +26,10 @@ Url:            http://www.chronox.de/libkcapi.html
 #Source:		https://github.com/smuellerDD/libkcapi/archive/v0.13.0.zip
 Source:         libkcapi-0.13.0.tar.bz2
 Patch0:		libkcapi-use-external-fipshmac.patch
+# PATCH-FIX-UPSTREAM rewritten upstream in https://github.com/smuellerDD/libkcapi/commit/0e7b2b0300782
+Patch1:         reproduciblesort.patch
+# PATCH-FIX-UPSTREAM https://github.com/smuellerDD/libkcapi/pull/12
+Patch2:         reproducibledate.patch
 BuildRequires:  docbook-utils xmlto
 BuildRequires:  fipscheck
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
@@ -73,6 +77,8 @@ libkcapi user space tools to access certain hash algorithms.
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1
+%patch2 -p1
 
 %build
 cd lib

reproducibledate.patch

@@ -0,0 +1,31 @@
+commit fb7b152478b28d998c781f1ad924675b85c314db
+Author: Bernhard M. Wiedemann <bwiedemann@suse.de>
+Date:   Sat Jul 8 15:32:36 2017 +0200
+
+    Allow to override build date
+    
+    in order to allow for reproducible builds.
+    See https://reproducible-builds.org/ for why this is good
+    and https://reproducible-builds.org/specs/source-date-epoch/
+    for the definition of this variable.
+    
+    Also use gmtime instead of localtime to be independent of timezone.
+
+diff --git a/lib/doc/bin/kernel-doc b/lib/doc/bin/kernel-doc
+index 0c8bf6a..2851162 100755
+--- a/lib/doc/bin/kernel-doc
++++ b/lib/doc/bin/kernel-doc
+@@ -253,10 +253,11 @@ my %highlights = %highlights_man;
+ my $blankline = $blankline_man;
+ my $modulename = "Kernel API";
+ my $function_only = 0;
++my $build_date = $ENV{SOURCE_DATE_EPOCH} || time;
+ my $man_date = ('January', 'February', 'March', 'April', 'May', 'June',
+ 		'July', 'August', 'September', 'October',
+-		'November', 'December')[(localtime)[4]] .
+-  " " . ((localtime)[5]+1900);
++		'November', 'December')[(gmtime($build_date))[4]] .
++  " " . ((gmtime($build_date))[5]+1900);
+ my $show_not_found = 0;
+ 
+ # Essentially these are globals.

reproduciblesort.patch

@@ -0,0 +1,26 @@
+Index: libkcapi-0.13.0/lib/Makefile
+===================================================================
+--- libkcapi-0.13.0.orig/lib/Makefile
++++ libkcapi-0.13.0/lib/Makefile
+@@ -100,7 +100,7 @@ LIBNAME		:= lib$(NAME).so.$(LIBVERSION)
+ # Define files to be compiled
+ #
+ ###############################################################################
+-C_SRCS := $(wildcard *.c)
++C_SRCS := $(sort $(wildcard *.c))
+ C_OBJS := ${C_SRCS:.c=.o}
+ OBJS := $(C_OBJS)
+ 
+Index: libkcapi-0.13.0/apps/Makefile
+===================================================================
+--- libkcapi-0.13.0.orig/apps/Makefile
++++ libkcapi-0.13.0/apps/Makefile
+@@ -9,7 +9,7 @@ CFLAGS +=-D_FORTIFY_SOURCE=2 -fwrapv --p
+ LDFLAGS +=-Wl,-z,relro,-z,now
+ 
+ NAME := kcapi-hasher
+-C_SRCS := $(wildcard *.c) $(wildcard ../lib/*.c)
++C_SRCS := $(sort $(wildcard *.c) $(wildcard ../lib/*.c))
+ C_OBJS := ${C_SRCS:.c=.o}
+ C_ASM := ${C_SRCS:.c=.s}
+ OBJS := $(C_OBJS)