From 71b7889ac7211cc6c80ff127f52162bf2da089aaebfd15dd71d37fb7d4b87cd5 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Mon, 9 Aug 2021 08:52:30 +0000 Subject: [PATCH 1/2] Accepting request 908535 from home:gladiac:branches:security:tls - Update to version 1.3.1 * fix: fix -Wconversion warnings (by Ondrej Mosnacek) * fix: fix bad data types in _kcapi_common_send_meta (by Ondrej Mosnacek) * fix: Version symbols to maintain ABI compatibility (by Simo Sorce) * fix: disable io_getevents on systems that do not support it (by Khem Raj) * fix: remove prctl PR_SET_DUMPABLE to allow library to be debugged - as the library does not store any sensitive data in data structures it owns, such security precautions may not be necessary considering the benefit of allowing regular debugging * fix: ensure that sendmsg is always used as fallback when vmsplice cannot be used * enhancement: add kcapi_set_maxsplicesize and kcapi_get_maxsplicesize * enhancement: the variable types are changed from int32_t to ssize_t and from uint32_t to size_t to match common POSIX and Linux APIs - Added libkcapi-fix-lto.patch OBS-URL: https://build.opensuse.org/request/show/908535 OBS-URL: https://build.opensuse.org/package/show/security/libkcapi?expand=0&rev=37 --- libkcapi-1.2.0.tar.xz | 3 --- libkcapi-1.2.0.tar.xz.asc | 11 --------- libkcapi-1.3.1.tar.xz | 3 +++ libkcapi-1.3.1.tar.xz.asc | 11 +++++++++ libkcapi-fix-lto.patch | 47 +++++++++++++++++++++++++++++++++++++++ libkcapi.changes | 19 ++++++++++++++++ libkcapi.spec | 10 +++++---- 7 files changed, 86 insertions(+), 18 deletions(-) delete mode 100644 libkcapi-1.2.0.tar.xz delete mode 100644 libkcapi-1.2.0.tar.xz.asc create mode 100644 libkcapi-1.3.1.tar.xz create mode 100644 libkcapi-1.3.1.tar.xz.asc create mode 100644 libkcapi-fix-lto.patch diff --git a/libkcapi-1.2.0.tar.xz b/libkcapi-1.2.0.tar.xz deleted file mode 100644 index d794125..0000000 --- a/libkcapi-1.2.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:782430512195f146e0e16e6bb689d9a7e61387afcfedc4340c433284b8b66049 -size 318948 diff --git a/libkcapi-1.2.0.tar.xz.asc b/libkcapi-1.2.0.tar.xz.asc deleted file mode 100644 index 7c216af..0000000 --- a/libkcapi-1.2.0.tar.xz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCAAdFiEEO8xD1NLIfReEtp7kQh7pNjJqwVsFAl7K1MMACgkQQh7pNjJq -wVueDgf/SEJfcgYYYcnND38nawuTXequkiq5TrhAb7AY/kx6LDQzXLRHlqLvjppV -QMUQyiiLypo+NF/qrsLhyGi2IwRePaieLfXTZWcE4eO/sqss9CbYsUtk7bcByFvG -YEDjTYooZU4NYx3WtpwegKF+ImBLmadDDbfkcGWcmNG5EEnh1Rtw0agg/5BxCxKy -F5aEdXWs/mU6CxgDi2EFT+8FAD2Lv80Kpn0qWAVWb03IbtzvAZ36CzP4lEywDqV2 -lZq3hZeOvBecjmGDFthMNB0CfknCHdPYvEhXuR6cSiYrmY3heUeS6Py1cPosab3A -xDePoFm3iYY4nALhCWOfp2/vPhZtgw== -=ZgIv ------END PGP SIGNATURE----- diff --git a/libkcapi-1.3.1.tar.xz b/libkcapi-1.3.1.tar.xz new file mode 100644 index 0000000..afb1dff --- /dev/null +++ b/libkcapi-1.3.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6b57946eb87bc9cfa544140b6c9a12ef9eefa0a16695578aebf3395f0a78bede +size 332912 diff --git a/libkcapi-1.3.1.tar.xz.asc b/libkcapi-1.3.1.tar.xz.asc new file mode 100644 index 0000000..9921d2c --- /dev/null +++ b/libkcapi-1.3.1.tar.xz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCAAdFiEEO8xD1NLIfReEtp7kQh7pNjJqwVsFAmDttB4ACgkQQh7pNjJq +wVvV4Af/X0t4iZ8ng+AaItGiK3m2Wx1UTJTA1SYTfTTUpENtePKZADG3MX/I5x5N +VVO6CTF6ADZFrwrswP+3KIwZpEsrssTEGZ54G0nLbaHTzyXvE9Ec3CPGECgjZGzM +T0ZGz0XYykWpEVqQDEFKoLs2yK5U/WYHrde5iV9CW2WHK/6VyuRvzAKzh83n5fDg +WlAWGtBQWaGdJAhduLnFx7U7clbpLCuwAZFURWPT1nUamkioT64Io2MfHx+Y9xu+ +cLLqpOBDZAk34MDA0i09psyfD+NPjtzn5i3IEZO9rs8CpFuEe+tBpoJdGpROhuz2 +9o9G2TEe8khpGuKnkAJ7G60Ggdcnmg== +=e24H +-----END PGP SIGNATURE----- diff --git a/libkcapi-fix-lto.patch b/libkcapi-fix-lto.patch new file mode 100644 index 0000000..a369136 --- /dev/null +++ b/libkcapi-fix-lto.patch @@ -0,0 +1,47 @@ +From 71d80bcffca26373149121e026d612146b4695d5 Mon Sep 17 00:00:00 2001 +From: Simo Sorce +Date: Wed, 14 Jul 2021 10:52:01 -0400 +Subject: [PATCH] Use GCCs __symver__ attribute + +This is needed to allow LTO builds, as the __asm__ directives do not give +enough context to the compiler and the build fails when the -flto flag is +passed in. + +Unfotunately __symver__ is avilbel only startig from GCC 10, so we need +more macro juggling. + +Signed-off-by: Simo Sorce +Signed-off-by: Stephan Mueller +--- + lib/internal.h | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/lib/internal.h b/lib/internal.h +index 29fdb7b..64dad24 100644 +--- a/lib/internal.h ++++ b/lib/internal.h +@@ -350,6 +350,16 @@ static inline int io_getevents(__attribute__((unused)) aio_context_t ctx, + #if __GNUC__ >= 4 + # define DSO_PUBLIC __attribute__ ((visibility ("default"))) + ++#if __GNUC__ >= 10 ++# define IMPL_SYMVER(name, version) \ ++ __attribute__ ((visibility ("default"))) \ ++ __attribute__((__symver__("kcapi_" #name "@@LIBKCAPI_" version))) ++ ++# define ORIG_SYMVER(name, version) \ ++ __attribute__ ((visibility ("default"))) \ ++ __attribute__((__symver__("kcapi_" #name "@LIBKCAPI_" version))) ++ ++#else + # define IMPL_SYMVER(name, version) \ + __asm__(".global impl_" #name ";"\ + ".symver impl_" #name ",kcapi_" #name "@@LIBKCAPI_" version);\ +@@ -359,6 +369,7 @@ static inline int io_getevents(__attribute__((unused)) aio_context_t ctx, + __asm__(".global orig_" #name ";"\ + ".symver orig_" #name ",kcapi_" #name "@LIBKCAPI_" version);\ + __attribute__ ((visibility ("default"))) ++#endif + + #else + # error "Compiler version too old" diff --git a/libkcapi.changes b/libkcapi.changes index 15c2257..7e0bc9b 100644 --- a/libkcapi.changes +++ b/libkcapi.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Tue Jul 27 08:03:48 UTC 2021 - Andreas Schneider + +- Update to version 1.3.1 + * fix: fix -Wconversion warnings (by Ondrej Mosnacek) + * fix: fix bad data types in _kcapi_common_send_meta (by Ondrej Mosnacek) + * fix: Version symbols to maintain ABI compatibility (by Simo Sorce) + * fix: disable io_getevents on systems that do not support it (by Khem Raj) + * fix: remove prctl PR_SET_DUMPABLE to allow library to be debugged - as the + library does not store any sensitive data in data structures it owns, such + security precautions may not be necessary considering the benefit of + allowing regular debugging + * fix: ensure that sendmsg is always used as fallback when vmsplice cannot be + used + * enhancement: add kcapi_set_maxsplicesize and kcapi_get_maxsplicesize + * enhancement: the variable types are changed from int32_t to ssize_t and + from uint32_t to size_t to match common POSIX and Linux APIs +- Added libkcapi-fix-lto.patch + ------------------------------------------------------------------- Mon Aug 31 13:30:58 UTC 2020 - Dirk Mueller diff --git a/libkcapi.spec b/libkcapi.spec index 5ffc807..d225418 100644 --- a/libkcapi.spec +++ b/libkcapi.spec @@ -1,7 +1,7 @@ # # spec file for package libkcapi # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: libkcapi -Version: 1.2.0 +Version: 1.3.1 Release: 0 Summary: Linux Kernel Crypto API User Space Interface Library License: GPL-2.0-only @@ -26,6 +26,8 @@ URL: http://www.chronox.de/libkcapi.html Source: https://www.chronox.de/libkcapi/libkcapi-%{version}.tar.xz Source1: https://www.chronox.de/libkcapi/libkcapi-%{version}.tar.xz.asc Source2: libkcapi.keyring +# https://github.com/smuellerDD/libkcapi/commit/71d80bcffca26373149121e026d612146b4695d5.patch +Patch0: libkcapi-fix-lto.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool @@ -73,7 +75,7 @@ Group: Development/Tools/Other libkcapi user space tools to access certain hash algorithms. %prep -%setup -q +%autosetup -p1 %build autoreconf -i @@ -89,7 +91,7 @@ autoreconf -i make %{?_smp_mflags} %install -make install DESTDIR=%{buildroot} LIBDIR="%{_libdir}" BINDIR=/%{_libexecdir}/libkcapi/ %{?_smp_mflags} +make install DESTDIR=%{buildroot} LIBDIR="%{_libdir}" BINDIR=/%{_libexecdir}/libkcapi/ %{?_smp_mflags} rm %{buildroot}/%_libdir/libkcapi.la mkdir -p %{buildroot}/%{_libexecdir}/libkcapi/ From 0a9344b53c7a333c092090120c1bbf66df43bc6543ba97d05eb161a22eeca1f3 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Tue, 26 Apr 2022 12:47:22 +0000 Subject: [PATCH 2/2] - Update to version 1.4.0 * fix: ensure that LTO is supported (by Simo Sorce) * fix: add LTO regression testing (by Ondrej Mosnacek) * enhancement: add sm3sum, sm3hmac tools, add APIs kcapi_md_sm3, kcapi_md_hmac_sm3 * enhancement: add SM4 convenience functions * fix: support AEAD encryption of arbitrary size with kcapi-enc - removed libkcapi-fix-lto.patch (upstream) - use https url OBS-URL: https://build.opensuse.org/package/show/security/libkcapi?expand=0&rev=38 --- libkcapi-1.3.1.tar.xz | 3 --- libkcapi-1.3.1.tar.xz.asc | 11 --------- libkcapi-1.4.0.tar.xz | 3 +++ libkcapi-1.4.0.tar.xz.asc | 11 +++++++++ libkcapi-fix-lto.patch | 47 --------------------------------------- libkcapi.changes | 16 +++++++++++++ libkcapi.spec | 8 +++---- 7 files changed, 33 insertions(+), 66 deletions(-) delete mode 100644 libkcapi-1.3.1.tar.xz delete mode 100644 libkcapi-1.3.1.tar.xz.asc create mode 100644 libkcapi-1.4.0.tar.xz create mode 100644 libkcapi-1.4.0.tar.xz.asc delete mode 100644 libkcapi-fix-lto.patch diff --git a/libkcapi-1.3.1.tar.xz b/libkcapi-1.3.1.tar.xz deleted file mode 100644 index afb1dff..0000000 --- a/libkcapi-1.3.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6b57946eb87bc9cfa544140b6c9a12ef9eefa0a16695578aebf3395f0a78bede -size 332912 diff --git a/libkcapi-1.3.1.tar.xz.asc b/libkcapi-1.3.1.tar.xz.asc deleted file mode 100644 index 9921d2c..0000000 --- a/libkcapi-1.3.1.tar.xz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCAAdFiEEO8xD1NLIfReEtp7kQh7pNjJqwVsFAmDttB4ACgkQQh7pNjJq -wVvV4Af/X0t4iZ8ng+AaItGiK3m2Wx1UTJTA1SYTfTTUpENtePKZADG3MX/I5x5N -VVO6CTF6ADZFrwrswP+3KIwZpEsrssTEGZ54G0nLbaHTzyXvE9Ec3CPGECgjZGzM -T0ZGz0XYykWpEVqQDEFKoLs2yK5U/WYHrde5iV9CW2WHK/6VyuRvzAKzh83n5fDg -WlAWGtBQWaGdJAhduLnFx7U7clbpLCuwAZFURWPT1nUamkioT64Io2MfHx+Y9xu+ -cLLqpOBDZAk34MDA0i09psyfD+NPjtzn5i3IEZO9rs8CpFuEe+tBpoJdGpROhuz2 -9o9G2TEe8khpGuKnkAJ7G60Ggdcnmg== -=e24H ------END PGP SIGNATURE----- diff --git a/libkcapi-1.4.0.tar.xz b/libkcapi-1.4.0.tar.xz new file mode 100644 index 0000000..bd7ed7e --- /dev/null +++ b/libkcapi-1.4.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:644b47593b3f27f08add7a8808ccdbe569a2f331d70fb8b52551e57379b917fa +size 333040 diff --git a/libkcapi-1.4.0.tar.xz.asc b/libkcapi-1.4.0.tar.xz.asc new file mode 100644 index 0000000..3014d5a --- /dev/null +++ b/libkcapi-1.4.0.tar.xz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCAAdFiEEO8xD1NLIfReEtp7kQh7pNjJqwVsFAmISvaAACgkQQh7pNjJq +wVv6jggAh7UpchOXZ1THbDZ0PE+YGWSr3Y3qKHMls9ixNn/RDSYxPvyZqc6pIAKQ +zVA6bGtB9kqcSexmrk2EyiUYgi1lo+5HwsfAfHBQaq7vD1S8Q/FYx/XVRv2GQfkj +/E1ivlcdcInlpn+vu+7Hei+H/IXtETh8QPwGwRI1Je84pIt7K4K4VPwWpur0su6E +oF1AFT6ldlMczsoDTCi3eP3rZWKvMmX5718W9F6eKuTkKoIiipCUxdMBy4f6YpDB +1ZmQPHjSgG4URlclQnFiGXYAbMBRHYfguJRl/HjZWSQMigRzqGSdvJR8wrfMeQzr +Bk0z0nGayzHgcC7gPz8CsAMJj5C9eQ== +=OA3o +-----END PGP SIGNATURE----- diff --git a/libkcapi-fix-lto.patch b/libkcapi-fix-lto.patch deleted file mode 100644 index a369136..0000000 --- a/libkcapi-fix-lto.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 71d80bcffca26373149121e026d612146b4695d5 Mon Sep 17 00:00:00 2001 -From: Simo Sorce -Date: Wed, 14 Jul 2021 10:52:01 -0400 -Subject: [PATCH] Use GCCs __symver__ attribute - -This is needed to allow LTO builds, as the __asm__ directives do not give -enough context to the compiler and the build fails when the -flto flag is -passed in. - -Unfotunately __symver__ is avilbel only startig from GCC 10, so we need -more macro juggling. - -Signed-off-by: Simo Sorce -Signed-off-by: Stephan Mueller ---- - lib/internal.h | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/lib/internal.h b/lib/internal.h -index 29fdb7b..64dad24 100644 ---- a/lib/internal.h -+++ b/lib/internal.h -@@ -350,6 +350,16 @@ static inline int io_getevents(__attribute__((unused)) aio_context_t ctx, - #if __GNUC__ >= 4 - # define DSO_PUBLIC __attribute__ ((visibility ("default"))) - -+#if __GNUC__ >= 10 -+# define IMPL_SYMVER(name, version) \ -+ __attribute__ ((visibility ("default"))) \ -+ __attribute__((__symver__("kcapi_" #name "@@LIBKCAPI_" version))) -+ -+# define ORIG_SYMVER(name, version) \ -+ __attribute__ ((visibility ("default"))) \ -+ __attribute__((__symver__("kcapi_" #name "@LIBKCAPI_" version))) -+ -+#else - # define IMPL_SYMVER(name, version) \ - __asm__(".global impl_" #name ";"\ - ".symver impl_" #name ",kcapi_" #name "@@LIBKCAPI_" version);\ -@@ -359,6 +369,7 @@ static inline int io_getevents(__attribute__((unused)) aio_context_t ctx, - __asm__(".global orig_" #name ";"\ - ".symver orig_" #name ",kcapi_" #name "@LIBKCAPI_" version);\ - __attribute__ ((visibility ("default"))) -+#endif - - #else - # error "Compiler version too old" diff --git a/libkcapi.changes b/libkcapi.changes index 7e0bc9b..394c384 100644 --- a/libkcapi.changes +++ b/libkcapi.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Tue Apr 26 12:45:21 UTC 2022 - Marcus Meissner + +- Update to version 1.4.0 + * fix: ensure that LTO is supported (by Simo Sorce) + * fix: add LTO regression testing (by Ondrej Mosnacek) + * enhancement: add sm3sum, sm3hmac tools, add APIs kcapi_md_sm3, kcapi_md_hmac_sm3 + * enhancement: add SM4 convenience functions + * fix: support AEAD encryption of arbitrary size with kcapi-enc +- removed libkcapi-fix-lto.patch (upstream) + +------------------------------------------------------------------- +Tue Apr 26 12:44:40 UTC 2022 - Marcus Meissner + +- use https url + ------------------------------------------------------------------- Tue Jul 27 08:03:48 UTC 2021 - Andreas Schneider diff --git a/libkcapi.spec b/libkcapi.spec index d225418..2e50168 100644 --- a/libkcapi.spec +++ b/libkcapi.spec @@ -1,7 +1,7 @@ # # spec file for package libkcapi # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,17 +17,15 @@ Name: libkcapi -Version: 1.3.1 +Version: 1.4.0 Release: 0 Summary: Linux Kernel Crypto API User Space Interface Library License: GPL-2.0-only Group: Productivity/Security -URL: http://www.chronox.de/libkcapi.html +URL: https://www.chronox.de/libkcapi.html Source: https://www.chronox.de/libkcapi/libkcapi-%{version}.tar.xz Source1: https://www.chronox.de/libkcapi/libkcapi-%{version}.tar.xz.asc Source2: libkcapi.keyring -# https://github.com/smuellerDD/libkcapi/commit/71d80bcffca26373149121e026d612146b4695d5.patch -Patch0: libkcapi-fix-lto.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool