From 07dbb6c3836f794aaeb94f3f4f47ff347af60066492e595db3eb22954642c1df Mon Sep 17 00:00:00 2001 From: Mark Post Date: Mon, 1 Nov 2021 21:29:20 +0000 Subject: [PATCH 1/4] OBS-URL: https://build.opensuse.org/package/show/security/libzpc?expand=0&rev=4 --- libzpc.spec | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/libzpc.spec b/libzpc.spec index 852315b..3d8c4ef 100644 --- a/libzpc.spec +++ b/libzpc.spec @@ -32,16 +32,15 @@ BuildRequires: libjson-c-devel ExclusiveArch: s390x %description -The IBM Z Protected-key Crypto library libzpc is an open-source -library targeting the 64-bit Linux on IBM Z (s390x) platform. It -provides interfaces for cryptographic primitives. The underlying -implementations make use of z/Architecture's extensive -performance-boosting hardware support and its protected-key feature -which ensures that key material is never present in main memory at any -time. +The IBM Z Protected-key Crypto library libzpc is a library targeting +the 64-bit Linux on IBM Z (s390x) platform. It provides interfaces for +cryptographic primitives. The underlying implementations make use of +z/Architecture's performance-boosting hardware support and its +protected-key feature which ensures that key material is never present +in main memory at any time. %package -n libzpc1 -Summary: Library +Summary: IBM Z Protected-key Crypto library Group: System/Libraries %description -n libzpc1 @@ -49,15 +48,16 @@ This package contains the shared library to work with the IBM protected-key cryptography hardware %package devel -Summary: Deep Learning Library development files -Requires: libzpc0 = %{version}-%{release} +Summary: Header files for the IBM Z Protected-key Crypto library +Group: Productivity/Security +Requires: libzpc1 = %{version}-%{release} %description devel -This package provides the sole include file and symbolic link to the +This package provides the header files and symbolic link to the shared library for the libzpc RPM. %prep -%setup -q +%autosetup -p1 %build mkdir build && cd build From 60362dd61e719040ea2d8ae93f1009c094d47737cf7571609c62ee371b9db7ac Mon Sep 17 00:00:00 2001 From: Mark Post Date: Mon, 1 Nov 2021 21:46:49 +0000 Subject: [PATCH 2/4] OBS-URL: https://build.opensuse.org/package/show/security/libzpc?expand=0&rev=5 --- libzpc.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/libzpc.spec b/libzpc.spec index 3d8c4ef..51602a7 100644 --- a/libzpc.spec +++ b/libzpc.spec @@ -29,6 +29,7 @@ BuildRequires: cmake >= 3.10 BuildRequires: doxygen BuildRequires: gcc-c++ BuildRequires: libjson-c-devel +BuildRequires: texlive-bibtex-bin ExclusiveArch: s390x %description From 39824a8f158df45a244fe81bce4dc4e502a98adefbebc2e29d0c36fa1868279f Mon Sep 17 00:00:00 2001 From: Mark Post Date: Wed, 3 Nov 2021 15:06:22 +0000 Subject: [PATCH 3/4] Accepting request 928949 from home:msmeissn:branches:security - libzpc-sles15p4-mark-stack-nonexec.patch: note the asssembler as non execstack - libzpc-rpmlintrc removed OBS-URL: https://build.opensuse.org/request/show/928949 OBS-URL: https://build.opensuse.org/package/show/security/libzpc?expand=0&rev=6 --- libzpc-rpmlintrc | 2 -- libzpc-sles15p4-mark-stack-nonexec.patch | 7 +++++++ libzpc.changes | 6 ++++++ libzpc.spec | 2 +- 4 files changed, 14 insertions(+), 3 deletions(-) delete mode 100644 libzpc-rpmlintrc create mode 100644 libzpc-sles15p4-mark-stack-nonexec.patch diff --git a/libzpc-rpmlintrc b/libzpc-rpmlintrc deleted file mode 100644 index 7060862..0000000 --- a/libzpc-rpmlintrc +++ /dev/null @@ -1,2 +0,0 @@ -addFilter("libzpc1.* executable-stack /usr/lib64/libzpc.so") - diff --git a/libzpc-sles15p4-mark-stack-nonexec.patch b/libzpc-sles15p4-mark-stack-nonexec.patch new file mode 100644 index 0000000..fff80dc --- /dev/null +++ b/libzpc-sles15p4-mark-stack-nonexec.patch @@ -0,0 +1,7 @@ +--- libzpc-1.0.0/src/misc_asm.S.xx 2021-11-02 15:41:24.603185606 +0100 ++++ libzpc-1.0.0/src/misc_asm.S 2021-11-02 15:41:33.667185600 +0100 +@@ -58,3 +58,4 @@ + .cfi_endproc + .size memcmp_consttime, .-memcmp_consttime + .size memcmp_consttime,.-memcmp_consttime ++.section .note.GNU-stack,"",@progbits diff --git a/libzpc.changes b/libzpc.changes index 0274a3f..84b95f0 100644 --- a/libzpc.changes +++ b/libzpc.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Nov 2 14:42:14 UTC 2021 - Marcus Meissner + +- libzpc-sles15p4-mark-stack-nonexec.patch: note the asssembler as non execstack +- libzpc-rpmlintrc removed + ------------------------------------------------------------------- Tue Oct 19 21:49:30 UTC 2021 - Mark Post diff --git a/libzpc.spec b/libzpc.spec index 51602a7..b1be1ef 100644 --- a/libzpc.spec +++ b/libzpc.spec @@ -24,7 +24,7 @@ License: Apache-2.0 Group: Productivity/Security URL: https://github.com/opencryptoki/libzpc Source: libzpc-1.0.0.tar.gz -Source1: %{name}-rpmlintrc +Patch0: libzpc-sles15p4-mark-stack-nonexec.patch BuildRequires: cmake >= 3.10 BuildRequires: doxygen BuildRequires: gcc-c++ From ba7f3b1f5891d177b0dc39c0ec6e65920bbcc152f9e16b6b726d70f13522e37d Mon Sep 17 00:00:00 2001 From: Mark Post Date: Wed, 3 Nov 2021 15:54:33 +0000 Subject: [PATCH 4/4] - libzpc-sles15p4-mark-stack-nonexec.patch: note the asssembler as non execstack - Cleaned up the wording in the description. Updated the summaries to actually reflect the contents of the packages. - Changed the %setup macro to use $autosetup instead. - Added a BuildRequires for texlive-bibtex-bin OBS-URL: https://build.opensuse.org/package/show/security/libzpc?expand=0&rev=7 --- libzpc.changes | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/libzpc.changes b/libzpc.changes index 84b95f0..9d5032d 100644 --- a/libzpc.changes +++ b/libzpc.changes @@ -1,9 +1,18 @@ ------------------------------------------------------------------- Tue Nov 2 14:42:14 UTC 2021 - Marcus Meissner -- libzpc-sles15p4-mark-stack-nonexec.patch: note the asssembler as non execstack +- libzpc-sles15p4-mark-stack-nonexec.patch: note the asssembler as + non execstack - libzpc-rpmlintrc removed +------------------------------------------------------------------- +Mon Nov 1 15:46:47 UTC 2021 - Mark Post + +- Cleaned up the wording in the description. Updated the + summaries to actually reflect the contents of the packages. +- Changed the %setup macro to use $autosetup instead. +- Added a BuildRequires for texlive-bibtex-bin + ------------------------------------------------------------------- Tue Oct 19 21:49:30 UTC 2021 - Mark Post