Accepting request 986335 from home:cgiboudeaux:branches:devel:libraries:c_c++

- Add upstream changes:
  * 0001-Add-support-for-powerpc64.-1160.patch
  * 0002-Mark-stack-non-executable-when-compiling-with-clang-.patch
- Spec cleanup

OBS-URL: https://build.opensuse.org/request/show/986335
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/liboqs?expand=0&rev=5

0001-Add-support-for-powerpc64.-1160.patch

@@ -0,0 +1,152 @@
+From eb2f38c44ed15e058bc7ab217ba614b32f012090 Mon Sep 17 00:00:00 2001
+From: pkubaj <pkubaj@FreeBSD.org>
+Date: Fri, 24 Dec 2021 00:03:25 +0100
+Subject: [PATCH 1/2] Add support for powerpc64. (#1160)
+
+This is 64-bit POWER big-endian. Since s390x (64-bit big-endian) and ppc64le
+(64-bit POWER) are already supported, this shouldn't be an issue.
+---
+ .CMake/alg_support.cmake                   | 4 ++--
+ CMakeLists.txt                             | 7 +++++++
+ src/kem/sike/CMakeLists.txt                | 3 +++
+ src/kem/sike/external/P434/P434_internal.h | 2 +-
+ src/kem/sike/external/P503/P503_internal.h | 2 +-
+ src/kem/sike/external/P610/P610_internal.h | 2 +-
+ src/kem/sike/external/P751/P751_internal.h | 2 +-
+ src/kem/sike/external/config.h             | 7 +++++++
+ 8 files changed, 23 insertions(+), 6 deletions(-)
+
+diff --git a/.CMake/alg_support.cmake b/.CMake/alg_support.cmake
+index 0de57e8..bb9ebea 100644
+--- a/.CMake/alg_support.cmake
++++ b/.CMake/alg_support.cmake
+@@ -27,8 +27,8 @@ if(OQS_DIST_X86_64_BUILD OR OQS_USE_AVX2_INSTRUCTIONS)
+ endif()
+ endif()
+ 
+-# BIKE is not supported on Windows, 32-bit ARM and S390X (big endian)
+-cmake_dependent_option(OQS_ENABLE_KEM_BIKE "Enable BIKE algorithm family" ON "NOT WIN32; NOT ARCH_ARM32v7; NOT ARCH_X86; NOT ARCH_S390X" OFF)
++# BIKE is not supported on Windows, 32-bit ARM, S390X (big endian) and PPC64 (big endian)
++cmake_dependent_option(OQS_ENABLE_KEM_BIKE "Enable BIKE algorithm family" ON "NOT WIN32; NOT ARCH_ARM32v7; NOT ARCH_X86; NOT ARCH_S390X; NOT ARCH_PPC64" OFF)
+ cmake_dependent_option(OQS_ENABLE_KEM_bike_l1 "" ON "OQS_ENABLE_KEM_BIKE" OFF)
+ cmake_dependent_option(OQS_ENABLE_KEM_bike_l3 "" ON "OQS_ENABLE_KEM_BIKE" OFF)
+ 
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 140cfb8..416da83 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -59,6 +59,13 @@ elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "ppc64le|powerpc64le")
+     if(${OQS_DIST_BUILD})
+         set(OQS_DIST_PPC64LE_BUILD ON)
+     endif()
++elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "(ppc64|powerpc64)")
++    message(WARNING "There is currently no CI for: " ${CMAKE_SYSTEM_PROCESSOR})
++    set(ARCH "ppc64")
++    set(ARCH_PPC64 ON)
++    if(${OQS_DIST_BUILD})
++        set(OQS_DIST_PPC64_BUILD ON)
++    endif()
+ elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "s390x")
+     set(ARCH "s390x")
+     set(ARCH_S390X ON)
+diff --git a/src/kem/sike/CMakeLists.txt b/src/kem/sike/CMakeLists.txt
+index c260ce1..0f4714b 100644
+--- a/src/kem/sike/CMakeLists.txt
++++ b/src/kem/sike/CMakeLists.txt
+@@ -8,6 +8,7 @@ if(
+    ARCH_ARM32v7 OR
+    ARCH_ARM64v8 OR
+    ARCH_PPC64LE OR
++   ARCH_PPC64 OR
+    ARCH_S390X)
+   AND
+   # check that one SIDH/SIKE alg is enabled
+@@ -137,6 +138,8 @@ if(
+                 target_compile_definitions(sike PRIVATE USE_SIKEP751_ASM)
+             endif()
+         endif()
++    elseif(ARCH_PPC64)
++        target_compile_definitions(sike PRIVATE _GENERIC_ _PPC64_)
+     elseif(ARCH_PPC64LE)
+         target_compile_definitions(sike PRIVATE _GENERIC_ _PPC64LE_)
+     elseif(ARCH_S390X)
+diff --git a/src/kem/sike/external/P434/P434_internal.h b/src/kem/sike/external/P434/P434_internal.h
+index 6c7f66c..168ac9f 100644
+--- a/src/kem/sike/external/P434/P434_internal.h
++++ b/src/kem/sike/external/P434/P434_internal.h
+@@ -9,7 +9,7 @@
+ 
+ #include "../config.h"
+ 
+-#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == TARGET_S390X) || (TARGET == TARGET_PPC64LE)
++#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == TARGET_S390X) || (TARGET == TARGET_PPC64) || (TARGET == TARGET_PPC64LE)
+ #define NWORDS_FIELD 7    // Number of words of a 434-bit field element
+ #define p434_ZERO_WORDS 3 // Number of "0" digits in the least significant part of p434 + 1
+ #elif (TARGET == TARGET_x86) || (TARGET == TARGET_ARM)
+diff --git a/src/kem/sike/external/P503/P503_internal.h b/src/kem/sike/external/P503/P503_internal.h
+index 3a9bb32..3c72a4b 100644
+--- a/src/kem/sike/external/P503/P503_internal.h
++++ b/src/kem/sike/external/P503/P503_internal.h
+@@ -9,7 +9,7 @@
+ 
+ #include "../config.h"
+ 
+-#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == TARGET_S390X) || (TARGET == TARGET_PPC64LE)
++#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == TARGET_S390X) || (TARGET == TARGET_PPC64) || (TARGET == TARGET_PPC64LE)
+ #define NWORDS_FIELD 8    // Number of words of a 503-bit field element
+ #define p503_ZERO_WORDS 3 // Number of "0" digits in the least significant part of p503 + 1
+ #elif (TARGET == TARGET_x86) || (TARGET == TARGET_ARM)
+diff --git a/src/kem/sike/external/P610/P610_internal.h b/src/kem/sike/external/P610/P610_internal.h
+index 8a6a08f..7d6f60d 100644
+--- a/src/kem/sike/external/P610/P610_internal.h
++++ b/src/kem/sike/external/P610/P610_internal.h
+@@ -9,7 +9,7 @@
+ 
+ #include "../config.h"
+ 
+-#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == TARGET_S390X) || (TARGET == TARGET_PPC64LE)
++#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == TARGET_S390X) || (TARGET == TARGET_PPC64) || (TARGET == TARGET_PPC64LE)
+ #define NWORDS_FIELD 10   // Number of words of a 610-bit field element
+ #define p610_ZERO_WORDS 4 // Number of "0" digits in the least significant part of p610 + 1
+ #elif (TARGET == TARGET_x86) || (TARGET == TARGET_ARM)
+diff --git a/src/kem/sike/external/P751/P751_internal.h b/src/kem/sike/external/P751/P751_internal.h
+index 1f9f231..0b17da1 100644
+--- a/src/kem/sike/external/P751/P751_internal.h
++++ b/src/kem/sike/external/P751/P751_internal.h
+@@ -9,7 +9,7 @@
+ 
+ #include "../config.h"
+ 
+-#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == TARGET_S390X) || (TARGET == TARGET_PPC64LE)
++#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == TARGET_S390X) || (TARGET == TARGET_PPC64) || (TARGET == TARGET_PPC64LE)
+ #define NWORDS_FIELD 12   // Number of words of a 751-bit field element
+ #define p751_ZERO_WORDS 5 // Number of "0" digits in the least significant part of p751 + 1
+ #elif (TARGET == TARGET_x86) || (TARGET == TARGET_ARM)
+diff --git a/src/kem/sike/external/config.h b/src/kem/sike/external/config.h
+index 1a915d3..46cd312 100644
+--- a/src/kem/sike/external/config.h
++++ b/src/kem/sike/external/config.h
+@@ -32,6 +32,7 @@
+ #define TARGET_ARM 4
+ #define TARGET_ARM64 5
+ #define TARGET_PPC64LE 6
++#define TARGET_PPC64 7
+ 
+ #if defined(_AMD64_)
+ #define TARGET TARGET_AMD64
+@@ -63,6 +64,12 @@ typedef uint16_t hdigit_t; // Unsigned 16-bit digit
+ #define LOG2RADIX 6
+ typedef uint64_t digit_t;  // Unsigned 64-bit digit
+ typedef uint32_t hdigit_t; // Unsigned 32-bit digit
++#elif defined(_PPC64_)
++#define TARGET TARGET_PPC64
++#define RADIX           64
++#define LOG2RADIX       6
++typedef uint64_t digit_t;  // Unsigned 64-bit digit
++typedef uint32_t hdigit_t; // Unsigned 32-bit digit
+ #elif defined(_PPC64LE_)
+ #define TARGET TARGET_PPC64LE
+ #define RADIX           64
+-- 
+2.36.1
+

0002-Mark-stack-non-executable-when-compiling-with-clang-.patch

@@ -0,0 +1,83 @@
+From 9f72562d661a0fd1b5773966fb199a8faea144c1 Mon Sep 17 00:00:00 2001
+From: Douglas Stebila <dstebila@users.noreply.github.com>
+Date: Sun, 9 Jan 2022 11:30:10 -0500
+Subject: [PATCH 2/2] Mark stack non-executable when compiling with clang or
+ gcc (#1161)
+
+* Mark stack non-executable when compiling with clang or gcc
+
+Fixes #1159
+
+* Change noexecstack option on gcc
+
+* Use gcc noexecstack only on non-Darwin
+
+* Check for non-executable stack in shared object builds on Linux
+---
+ .CMake/compiler_opts.cmake                  |  4 ++++
+ tests/{test_namespace.py => test_binary.py} | 16 ++++++++++++++++
+ 2 files changed, 20 insertions(+)
+ rename tests/{test_namespace.py => test_binary.py} (74%)
+
+diff --git a/.CMake/compiler_opts.cmake b/.CMake/compiler_opts.cmake
+index 9dd5b32..72c741a 100644
+--- a/.CMake/compiler_opts.cmake
++++ b/.CMake/compiler_opts.cmake
+@@ -67,6 +67,7 @@ if(CMAKE_C_COMPILER_ID MATCHES "Clang")
+     add_compile_options(-Wextra)
+     add_compile_options(-Wpedantic)
+     add_compile_options(-Wno-unused-command-line-argument)
++    set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -Wa,--noexecstack")
+ 
+     if(NOT ${OQS_BUILD_ONLY_LIB})
+         set(THREADS_PREFER_PTHREAD_FLAG ON)
+@@ -117,6 +118,9 @@ elseif(CMAKE_C_COMPILER_ID STREQUAL "GNU")
+     add_compile_options(-Wformat=2)
+     add_compile_options(-Wfloat-equal)
+     add_compile_options(-Wwrite-strings)
++    if (NOT CMAKE_SYSTEM_NAME STREQUAL "Darwin")
++        set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -Wa,--noexecstack")
++    endif()
+ 
+     if(NOT ${OQS_BUILD_ONLY_LIB})
+         set(THREADS_PREFER_PTHREAD_FLAG ON)
+diff --git a/tests/test_namespace.py b/tests/test_binary.py
+similarity index 74%
+rename from tests/test_namespace.py
+rename to tests/test_binary.py
+index 9a3fb9e..d212f41 100644
+--- a/tests/test_namespace.py
++++ b/tests/test_binary.py
+@@ -1,6 +1,7 @@
+ # SPDX-License-Identifier: MIT
+ 
+ import helpers
++import os
+ import pytest
+ import sys
+ import glob
+@@ -51,6 +52,21 @@ def test_namespace():
+ 
+     assert(len(non_namespaced) == 0)
+ 
++@helpers.filtered_test
++@pytest.mark.skipif(not(sys.platform.startswith("linux")), reason="Only supported on Linux")
++@pytest.mark.skipif(not(os.path.exists(helpers.get_current_build_dir_name()+'/lib/liboqs.so')), reason="Only supported on builds with a shared library")
++def test_non_executable_stack():
++    liboqs = helpers.get_current_build_dir_name()+'/lib/liboqs.so'
++    out = helpers.run_subprocess(
++        ['readelf', '--wide', '--segments', liboqs]
++    )
++    lines = out.strip().split("\n")
++    for line in lines:
++        if "GNU_STACK" in line:
++            chunks = line.strip().split()
++            flags = chunks[6]
++            assert(flags == 'RW')
++
+ if __name__ == "__main__":
+     import sys
+     pytest.main(sys.argv)
+-- 
+2.36.1
+

liboqs.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Sat Jul  2 07:21:42 UTC 2022 - Christophe Giboudeaux <christophe@krop.fr>
+
+- Add upstream changes:
+  * 0001-Add-support-for-powerpc64.-1160.patch
+  * 0002-Mark-stack-non-executable-when-compiling-with-clang-.patch
+- Spec cleanup
+
 -------------------------------------------------------------------
 Tue Jan 25 07:48:57 UTC 2022 - Bernhard Wiedemann <bwiedemann@suse.com>
 

liboqs.spec

@@ -1,7 +1,7 @@
 #
-# spec file for package libkcapi
+# spec file for package liboqs
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
@@ -22,13 +22,16 @@ Release:        0
 Summary:        C library for quantum-resistant cryptographic algorithms
 License:        MIT
 Group:          Productivity/Security
-Url:            https://github.com/open-quantum-safe/liboqs/
-Source:		https://github.com/open-quantum-safe/liboqs/archive/refs/tags/%{version}.tar.gz
-Source1:	baselibs.conf
-Patch0:		liboqs-fix-build.patch
-BuildRequires:	cmake
-BuildRequires:	libopenssl-devel
-BuildRequires:	doxygen
+URL:            https://github.com/open-quantum-safe/liboqs/
+Source:         https://github.com/open-quantum-safe/liboqs/archive/refs/tags/%{version}.tar.gz
+Source1:        baselibs.conf
+Patch0:         liboqs-fix-build.patch
+# PATCH-FIX-UPSTREAM
+Patch1:         0001-Add-support-for-powerpc64.-1160.patch
+Patch2:         0002-Mark-stack-non-executable-when-compiling-with-clang-.patch
+BuildRequires:  cmake
+BuildRequires:  doxygen
+BuildRequires:  libopenssl-devel
 
 %description
 liboqs is an open source C library for quantum-resistant cryptographic
@@ -40,17 +43,17 @@ Summary:        C library for quantum-resistant cryptographic algorithms
 Group:          System/Libraries
 
 %description -n liboqs0
-liboqs is a C library for quantum-resistant cryptographic 
+liboqs is a C library for quantum-resistant cryptographic
 algorithms. Details about liboqs can be found in README.md. See in
 particular limitations on intended use.
 
 %package devel
 Summary:        Open source C library for quantum-resistant cryptographic algorithms
 Group:          Development/Languages/C and C++
-Requires:	liboqs0 = %version
+Requires:       liboqs0 = %{version}
 
 %description devel
-liboqs is an open source C library for quantum-resistant cryptographic 
+liboqs is an open source C library for quantum-resistant cryptographic
 algorithms. Details about liboqs can be found in README.md. See in
 particular limitations on intended use.
 
@@ -58,36 +61,43 @@ particular limitations on intended use.
 %autosetup -p1
 
 %build
-mkdir build
-export RPM_OPT_FLAGS="%optflags -std=gnu11"
-cd build
-cmake -DBUILD_SHARED_LIBS=ON -DOQS_DIST_BUILD=ON ..
-%cmake_build 
+export RPM_OPT_FLAGS="%{optflags} -std=gnu11"
+
+# 20220702: The %%cmake macro can't be used because a 'CMakeLists.txt' folder
+# exists
+cmake -S . -B build -DBUILD_SHARED_LIBS:BOOL=ON -DOQS_DIST_BUILD:BOOL=ON
+
+pushd build
+%cmake_build
+popd
 
 %install
 %cmake_install
+
 # need to find out what cmake option is needed
-mv %buildroot/usr/local/* %buildroot/usr
-if [ "%_lib" != "lib" ]; then
-	mv %buildroot/usr/lib %buildroot/usr/%_lib
+mv %{buildroot}%{_prefix}/local/* %{buildroot}%{_prefix}
+
+if [ "%{_lib}" != "lib" ]; then
+  mv %{buildroot}%{_prefix}/lib %{buildroot}%{_libdir}
 fi
-rmdir %buildroot/usr/local/
+
+rmdir %{buildroot}%{_prefix}/local/
 
 %post -n liboqs0 -p /sbin/ldconfig
 %postun -n liboqs0 -p /sbin/ldconfig
 
 %files -n liboqs0
-%license LICENSE.txt 
-/%{_libdir}/liboqs.so.0*
+%license LICENSE.txt
+%{_libdir}/liboqs.so.0*
 
 %files devel
-%license LICENSE.txt 
+%license LICENSE.txt
 %dir %{_includedir}/oqs
 %{_includedir}/oqs/*
-/%_libdir/liboqs.so
-%dir /%_libdir/cmake/
-%dir /%_libdir/cmake/liboqs/
-/%_libdir/cmake/liboqs/liboqsConfig-noconfig.cmake
-/%_libdir/cmake/liboqs/liboqsConfig.cmake
+%{_libdir}/liboqs.so
+%dir %{_libdir}/cmake/
+%dir %{_libdir}/cmake/liboqs/
+%{_libdir}/cmake/liboqs/liboqsConfig-noconfig.cmake
+%{_libdir}/cmake/liboqs/liboqsConfig.cmake
 
 %changelog