Accepting request 908535 from home:gladiac:branches:security:tls

- Update to version 1.3.1
  * fix: fix -Wconversion warnings (by Ondrej Mosnacek)
  * fix: fix bad data types in _kcapi_common_send_meta (by Ondrej Mosnacek)
  * fix: Version symbols to maintain ABI compatibility (by Simo Sorce)
  * fix: disable io_getevents on systems that do not support it (by Khem Raj)
  * fix: remove prctl PR_SET_DUMPABLE to allow library to be debugged - as the
    library does not store any sensitive data in data structures it owns, such
    security precautions may not be necessary considering the benefit of
    allowing regular debugging
  * fix: ensure that sendmsg is always used as fallback when vmsplice cannot be
    used
  * enhancement: add kcapi_set_maxsplicesize and kcapi_get_maxsplicesize
  * enhancement: the variable types are changed from int32_t to ssize_t and
    from uint32_t to size_t to match common POSIX and Linux APIs
- Added libkcapi-fix-lto.patch

OBS-URL: https://build.opensuse.org/request/show/908535
OBS-URL: https://build.opensuse.org/package/show/security/libkcapi?expand=0&rev=37
This commit is contained in:
Marcus Meissner 2021-08-09 08:52:30 +00:00 committed by Git OBS Bridge
parent 742ba25f6d
commit 71b7889ac7
7 changed files with 86 additions and 18 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:782430512195f146e0e16e6bb689d9a7e61387afcfedc4340c433284b8b66049
size 318948

View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEO8xD1NLIfReEtp7kQh7pNjJqwVsFAl7K1MMACgkQQh7pNjJq
wVueDgf/SEJfcgYYYcnND38nawuTXequkiq5TrhAb7AY/kx6LDQzXLRHlqLvjppV
QMUQyiiLypo+NF/qrsLhyGi2IwRePaieLfXTZWcE4eO/sqss9CbYsUtk7bcByFvG
YEDjTYooZU4NYx3WtpwegKF+ImBLmadDDbfkcGWcmNG5EEnh1Rtw0agg/5BxCxKy
F5aEdXWs/mU6CxgDi2EFT+8FAD2Lv80Kpn0qWAVWb03IbtzvAZ36CzP4lEywDqV2
lZq3hZeOvBecjmGDFthMNB0CfknCHdPYvEhXuR6cSiYrmY3heUeS6Py1cPosab3A
xDePoFm3iYY4nALhCWOfp2/vPhZtgw==
=ZgIv
-----END PGP SIGNATURE-----

3
libkcapi-1.3.1.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:6b57946eb87bc9cfa544140b6c9a12ef9eefa0a16695578aebf3395f0a78bede
size 332912

11
libkcapi-1.3.1.tar.xz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEO8xD1NLIfReEtp7kQh7pNjJqwVsFAmDttB4ACgkQQh7pNjJq
wVvV4Af/X0t4iZ8ng+AaItGiK3m2Wx1UTJTA1SYTfTTUpENtePKZADG3MX/I5x5N
VVO6CTF6ADZFrwrswP+3KIwZpEsrssTEGZ54G0nLbaHTzyXvE9Ec3CPGECgjZGzM
T0ZGz0XYykWpEVqQDEFKoLs2yK5U/WYHrde5iV9CW2WHK/6VyuRvzAKzh83n5fDg
WlAWGtBQWaGdJAhduLnFx7U7clbpLCuwAZFURWPT1nUamkioT64Io2MfHx+Y9xu+
cLLqpOBDZAk34MDA0i09psyfD+NPjtzn5i3IEZO9rs8CpFuEe+tBpoJdGpROhuz2
9o9G2TEe8khpGuKnkAJ7G60Ggdcnmg==
=e24H
-----END PGP SIGNATURE-----

47
libkcapi-fix-lto.patch Normal file
View File

@ -0,0 +1,47 @@
From 71d80bcffca26373149121e026d612146b4695d5 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Wed, 14 Jul 2021 10:52:01 -0400
Subject: [PATCH] Use GCCs __symver__ attribute
This is needed to allow LTO builds, as the __asm__ directives do not give
enough context to the compiler and the build fails when the -flto flag is
passed in.
Unfotunately __symver__ is avilbel only startig from GCC 10, so we need
more macro juggling.
Signed-off-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
lib/internal.h | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/lib/internal.h b/lib/internal.h
index 29fdb7b..64dad24 100644
--- a/lib/internal.h
+++ b/lib/internal.h
@@ -350,6 +350,16 @@ static inline int io_getevents(__attribute__((unused)) aio_context_t ctx,
#if __GNUC__ >= 4
# define DSO_PUBLIC __attribute__ ((visibility ("default")))
+#if __GNUC__ >= 10
+# define IMPL_SYMVER(name, version) \
+ __attribute__ ((visibility ("default"))) \
+ __attribute__((__symver__("kcapi_" #name "@@LIBKCAPI_" version)))
+
+# define ORIG_SYMVER(name, version) \
+ __attribute__ ((visibility ("default"))) \
+ __attribute__((__symver__("kcapi_" #name "@LIBKCAPI_" version)))
+
+#else
# define IMPL_SYMVER(name, version) \
__asm__(".global impl_" #name ";"\
".symver impl_" #name ",kcapi_" #name "@@LIBKCAPI_" version);\
@@ -359,6 +369,7 @@ static inline int io_getevents(__attribute__((unused)) aio_context_t ctx,
__asm__(".global orig_" #name ";"\
".symver orig_" #name ",kcapi_" #name "@LIBKCAPI_" version);\
__attribute__ ((visibility ("default")))
+#endif
#else
# error "Compiler version too old"

View File

@ -1,3 +1,22 @@
-------------------------------------------------------------------
Tue Jul 27 08:03:48 UTC 2021 - Andreas Schneider <asn@cryptomilk.org>
- Update to version 1.3.1
* fix: fix -Wconversion warnings (by Ondrej Mosnacek)
* fix: fix bad data types in _kcapi_common_send_meta (by Ondrej Mosnacek)
* fix: Version symbols to maintain ABI compatibility (by Simo Sorce)
* fix: disable io_getevents on systems that do not support it (by Khem Raj)
* fix: remove prctl PR_SET_DUMPABLE to allow library to be debugged - as the
library does not store any sensitive data in data structures it owns, such
security precautions may not be necessary considering the benefit of
allowing regular debugging
* fix: ensure that sendmsg is always used as fallback when vmsplice cannot be
used
* enhancement: add kcapi_set_maxsplicesize and kcapi_get_maxsplicesize
* enhancement: the variable types are changed from int32_t to ssize_t and
from uint32_t to size_t to match common POSIX and Linux APIs
- Added libkcapi-fix-lto.patch
-------------------------------------------------------------------
Mon Aug 31 13:30:58 UTC 2020 - Dirk Mueller <dmueller@suse.com>

View File

@ -1,7 +1,7 @@
#
# spec file for package libkcapi
#
# Copyright (c) 2020 SUSE LLC
# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -17,7 +17,7 @@
Name: libkcapi
Version: 1.2.0
Version: 1.3.1
Release: 0
Summary: Linux Kernel Crypto API User Space Interface Library
License: GPL-2.0-only
@ -26,6 +26,8 @@ URL: http://www.chronox.de/libkcapi.html
Source: https://www.chronox.de/libkcapi/libkcapi-%{version}.tar.xz
Source1: https://www.chronox.de/libkcapi/libkcapi-%{version}.tar.xz.asc
Source2: libkcapi.keyring
# https://github.com/smuellerDD/libkcapi/commit/71d80bcffca26373149121e026d612146b4695d5.patch
Patch0: libkcapi-fix-lto.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
@ -73,7 +75,7 @@ Group: Development/Tools/Other
libkcapi user space tools to access certain hash algorithms.
%prep
%setup -q
%autosetup -p1
%build
autoreconf -i