From 455515e8007879918a21bbaa78a9845360a4df8e057c1f389c7ed6c89034caef Mon Sep 17 00:00:00 2001 From: Mark Post Date: Wed, 14 Nov 2018 18:51:09 +0000 Subject: [PATCH] Accepting request 649045 from home:markkp:branches:devel:openSUSE:Factory - Upgraded to version 3.3.3 (Fate#325690) * v3.3.3 [PATCH] Various bug fixes * v3.3.2 [PATCH] Skip ECC tests if required HW is not available [PATCH] Update spec file * v3.3.1 [PATCH] Fix configure.ac to honour CFLAGS * v3.3.0 [FEATURE] Add CEX supported elliptic-curve crypto interfaces [FEATURE] Add SIMD supported multiple-precision arithmetic interfaces [FEATURE] Add interface to enable/disable SW fallbacks [FEATURE] Add 'make check' target, test-suite rework * v3.2.1 [FEATURE] Use z14 PRNO-TRNG to seed SHA512-DRBG. [PATCH] Various bug fixes. - Dropped obsolete patch increment-icastats-counter-for-aes-gcm.patch - Added "Obsoletes: libica-2_3_0" to the libica-tools package to fix a problem with upgrading from SLES12 SP2 to either SLES12 SP3/SP4, or SLES15. (bsc#1112655) - Added "Obsoletes: libica2" to the libica-tools package to fix a problem with upgrading from SLES12 SP2 to either SLES12 SP3/SP4, or SLES15. (bsc#1046435, bsc#1104638) - Removed COPYING from %files, since it is no longer in the tarball. - Added Add-non-executable-gnu-stack-markings-in-the-assembl.patch (bsc#1103493). - Added increment-icastats-counter-for-aes-gcm.patch (bsc#1086756) - Updated boot.z90crypt script to fix a problem with the modprobe command not being found. (bsc#1040229). - Added "Recommends: libica-tools" (bsc#1046435). - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) - Added "--enable-fips" to the %configure parms (Fate#324115) - Upgraded to version 3.2 (Fate#321517) * v3.2.0 [FEATURE] New AES-GCM interface. [UPDATE] Add symbol versioning. * v3.1.1 [PATCH] Various bug fixes related to old and new AES-GCM implementations. [UPDATE] Add SHA3 test cases. Improved and extended test suite. * v3.1.0 [FEATURE] Add KMA support for AES-GCM. [FEATURE] Add SHA-3 support. [PATCH] Reject RSA keys with invalid key-length. [PATCH] Allow zero output length for ica_random_number_generate. [PATCH] icastats: Correct owner of shared segment when root creates it. * Removed the following obsolete patches: libica-3.0.2-01-fix-old-aes-gcm-decrypt-code-path.patch libica-3.0.2-02-fix-aes-ccm-encrypt-code-path.patch libica-3.0.2-03-fix-aes-ctr.patch libica-3.0.2-04-fix-aes-gcm-to-allow-zero-pt-ct-length.patch - libica: AES-GCM/CCM sometimes compute wrong tag values (bsc#1058567) - Added the following patches (bsc#1058567) - libica-3.0.2-01-fix-old-aes-gcm-decrypt-code-path.patch - libica-3.0.2-02-fix-aes-ccm-encrypt-code-path.patch - libica-3.0.2-03-fix-aes-ctr.patch - libica-3.0.2-04-fix-aes-gcm-to-allow-zero-pt-ct-length.patch - baselibs.conf doesn't need any additional provides/conflicts for libica3. - Update baselibs.conf with proper name for library package name, stop providing/obsoleting libica-2_1_0/libica-2_3-0. - Upgraded to version 3.0.2 (Fate#322025). - v3.0.2 - Fix locking callbacks for openSSL APIs. - v3.0.1 - Fixed msa level detection on zEC/BC12 GA1 and predecessors. - v3.0.0 - Added FIPS mode. - Sanitized exported symbols. - Removed deprecated APIs. Marked some APIs as deprecated. - Adapted to OpenSSL v1.1.0. - RSA key generation is thread-safe now. - Removed the following obsolete patches: - fix-initialization-of-s390-hardware-switches-1.patch - fix-initialization-of-s390-hardware-switches-2.patch - fix-msa-level-detection.patch - fix-segfault-during-multithread-keygen.patch - rng-performance.patch - Made the following packaging changes: - Implemented the shared library packaging guidelines. - Consolidated double invocation of %setup into just one. - Dropped redundant %ifarch, the package is already ExclusiveArch. - Updated descriptions. - Added an libica-rpmlintrc file. - Added the following two patches: - fix-segfault-during-multithread-keygen.patch (bsc#991485) - fix-msa-level-detection.patch (bsc#1010927) - Added rng-performance.patch (bsc#990850). - Updated baselibs.conf to obsolete prior versions of the 32bit package. (bsc#983897): provides "libica- = " obsoletes "libica- < " provides "libica-2_1_0- = " obsoletes "libica-2_1_0- < " provides "libica-2_3_0- = " obsoletes "libica-2_3_0- < " - Added fix-initialization-of-s390-hardware-switches-1.patch and fix-initialization-of-s390-hardware-switches-2.patch (bsc#980548) - Upgraded to version 2.6.2 (FATE#319610). - Renamed /etc/init.d/z90crypt to boot.z90crypt to conform to naming standards. - Found the original location of the icaioctl.h file and downloaded it to replace what we had previously. - Removed the unnecessary libica2.la file - Removed unnecessary Requires for glibc-devel - Added Requires libica2 to the -devel package - Converted call to configure to %configure macro - Removed obsolete and unnecessary INSROOT and bindir parameters from the make install command - Add Provides/Obsoletes for libica-2_3_0 so that the package from SLE12 GA is replaced (bsc#953096). - move the .so file to the mainpackage, the openssl-ibmca engine will only load "libica.so" (bsc#952871) - Update to libica v2.4.2 (FATE#318035) - Removed outdated libica-aes_ccm-31-bit-compatibility.patch - Moved init script into libica-SuSE.tar.bz2 archive - sanitize release line in specfile - Moved z90crypt out of useless libica-SuSE.tar.bz2 tarball to root - Removed libica-SuSE.tar.bz2 - z90crypt now starts and stops ap kernel module (bnc#888943) - libica-aes_ccm-31-bit-compatibility.patch: AES_CCM: fixed 64/31 bit compatibility - add obsoletes and provides for older libica versions - update to 2.3.0 (fate#315342) - obsolete/upstreamed patches: libica-2_1_0-fix_temporary_buffer_allocation_in_ica_get_version.patch libica-2_1_0-msa4-extension.patch libica-2_1_0-synchronize_shared_memory_ref_counting.patch - Added COPYING to %files - Fixed build dependency errors by requiring autoconf, automake and libtool - Changed license to CPL-1.0 - Created devel package - Support for MSA4 extension (bnc#794518, fate#314078) - synchronize shared memory reference counting for library statistics (bnc#719659) - fix temporary buffer allocation in ica_get_version() (bnc#719660) - update -> 2.1.0 (fate#311914) - Moved icainfo into /usr/bin (bnc#448643) - obsolete old -XXbit packages (bnc#437293) - fix build on all platforms - Added CPL license to include/z90crypt.h, removed GPL reference (This patch is upstream) - Changed package name to libica-1_3_9 to conform to rpmlint requirements. (bnc#433432) - Removed soname filter for rpmlint - Several RPM fixes to help satisfy rpmlint - Updated to libica 1.3.9 - added baselibs.conf file to build xxbit packages for multilib support - remove inclusion of linux/config.h - z90crypt: handle errors (bug #247799) - Add gcc-c++ to BuildRequires. - fix build for the rest of platforms - Update to libica 1.3.7 (#160036 - LTC22571) - Increasing # of open handles with symmetric crypto support (#165323 - LTC23095) - converted neededforbuild to BuildRequires - include string.h and unistd.h in icalinux.c - Port package from SLES9 SP3 - Update to libica 1.3.6-rc3. - Close all filehandles (#130060 - LTC19221). - downgrade to libica 1.3.6-rc2 (contains AES software fallback, bug #117336) - Update to libica 1.3.6 (#117336) - fix implicit declaration - Changing the default value from 0 to -1 in rcz90crypt (#114371) - Finally fix 'reload' messages (#81824 - LTC15733). - Fix sigill patch. - Remove printf output from sigill patch (#81829 - LTC15731). - Use correct default value for z90crypt (#81825 - LTC15732). - Fix messages for 'reload' (#81824 - LTC15733). - Fixed SIGILL on z900 (#46422). - Fixed range for 'domain' parameter in sysconfig.z90crypt (#42005). - Fix module loading error (#42006). - Add sysconfig variable to set the 'domain' parameter (#42005). - update -> 1.3.5-3 (bug #42122) - Update README.SuSE and correct name as well - Use modprobe instead of insmod and fix module load error(#40526) - Fix error checking for no hardware found case and hw error on load - Update Readme again for the correct name (SUSE LINUX Server). - Moved README.SuSE to README.SUSE. - Update Readme to refer to the correct name (SUSE Linux Server). - Update to 1.3.5-2 (#38511, #39693). - Update Readme to refer to SUSE Linux Server instead of SuSE Linux Enterprise Server. - Update to 1.3.5 - export CFLAGS & CPPFLAGS for configure - Exclude S/390-specific files for other archs (#37183) - add "-I./include" to CFLAGS and use RPM_OPT_FLAGS - fix build - build as user - update to 1.3.4 - update to 1.3.2 - update to 1.3.1: now supports DES, TDES and SHA, as well as RSA. - throw libica.patch away, since autoversion and Makefile.am have similar changes now, and the renaming from _LINUX_S390_ to __s390__ is not really necessary - use %defattr - checked that icaioctl.h is still current - dump the bin-only z90crypt-2.4.7-s390-2.tar.gz which has gone open source meanwhile and comes with the kernel sources - added documentation how to set up crypto hardware support, esp. S/390 and zSeries. (#16011, #22056) - upgraded to version 1.2 as requested by IBM to make openCryptoki 1.5 actually work. (#20737) - Correct PreReq - fixed src/Makefile.am and ugly ./autoversion to honor %_lib and to build on non-s390 - updated to current libica - hacked in icaioctl.h for build, 'til we have the module in the kernel. - add %run_ldconfig - fix for current automake/autoconf - removed old fillup-template and START_ variable - modified etc/init.d/z90crypt-script to report result at start. - Added openssl to #neededforbuild, which is needed in addition to openssl-devel - initial version OBS-URL: https://build.opensuse.org/request/show/649045 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=27 --- ...le-gnu-stack-markings-in-the-assembl.patch | 27 +++++++++++++++++ increment-icastats-counter-for-aes-gcm.patch | 25 ---------------- libica-3.2.0.tar.gz | 3 -- libica-3.3.3.tar.gz | 3 ++ libica.changes | 30 ++++++++++++++----- libica.spec | 28 +++++++++-------- 6 files changed, 68 insertions(+), 48 deletions(-) create mode 100644 Add-non-executable-gnu-stack-markings-in-the-assembl.patch delete mode 100644 increment-icastats-counter-for-aes-gcm.patch delete mode 100644 libica-3.2.0.tar.gz create mode 100644 libica-3.3.3.tar.gz diff --git a/Add-non-executable-gnu-stack-markings-in-the-assembl.patch b/Add-non-executable-gnu-stack-markings-in-the-assembl.patch new file mode 100644 index 0000000..622d6b2 --- /dev/null +++ b/Add-non-executable-gnu-stack-markings-in-the-assembl.patch @@ -0,0 +1,27 @@ +From 524659f8e042aed45015e1aca930a3cfe5ffa628 Mon Sep 17 00:00:00 2001 +From: Patrick Steuer +Date: Tue, 12 Jun 2018 14:36:45 +0200 +Subject: [PATCH 303/303] Add non-executable gnu stack markings in the + assembly. + +Signed-off-by: Patrick Steuer +--- + src/mp.pl | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/mp.pl b/src/mp.pl +index 3c73736..e249f61 100755 +--- a/src/mp.pl ++++ b/src/mp.pl +@@ -505,4 +505,8 @@ LONG (0x100e0f00,0x01020304,0x10050607,0x18191a1b); + LONG (0x10000102,0x03040506,0x10071819,0x1a1b1c1d); + LONG (0x00000000,0x00000018,0x00191a1b,0x1c1d1e1f); + ++VERBATIM("#if defined(__linux__) && defined(__ELF__)\n"); ++SECTION (".note.GNU-stack,\"\",%progbits"); ++VERBATIM("#endif\n"); ++ + PERLASM_END(); +-- +2.13.7 + diff --git a/increment-icastats-counter-for-aes-gcm.patch b/increment-icastats-counter-for-aes-gcm.patch deleted file mode 100644 index 872375c..0000000 --- a/increment-icastats-counter-for-aes-gcm.patch +++ /dev/null @@ -1,25 +0,0 @@ -From ae94822a5d949b45d5a5630ff2819b10e55f88d1 Mon Sep 17 00:00:00 2001 -From: Joerg Schmidbauer -Date: Mon, 13 Nov 2017 15:23:26 +0100 -Subject: [PATCH] Bugfix: Increment icastats counter for AES-GCM. - Signed-off-by: Joerg Schmidbauer - ---- - src/include/s390_gcm.h | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/include/s390_gcm.h b/src/include/s390_gcm.h -index 4f1d853..e856a1c 100644 ---- a/src/include/s390_gcm.h -+++ b/src/include/s390_gcm.h -@@ -749,6 +749,10 @@ static inline int s390_aes_gcm_kma(const unsigned char *in_data, - - if (rc >= 0) { - ctx->subkey_provided = 1; -+ if (ctx->direction) -+ stats_increment(ICA_STATS_AES_GCM, ALGO_HW, ENCRYPT); -+ else -+ stats_increment(ICA_STATS_AES_GCM, ALGO_HW, DECRYPT); - return 0; - } else - return EIO; diff --git a/libica-3.2.0.tar.gz b/libica-3.2.0.tar.gz deleted file mode 100644 index 70fb11c..0000000 --- a/libica-3.2.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b548095991269ef1ecfa081266ed7f43d46294bde48a0b7a4db63d1c0e212e50 -size 428645 diff --git a/libica-3.3.3.tar.gz b/libica-3.3.3.tar.gz new file mode 100644 index 0000000..8108cfa --- /dev/null +++ b/libica-3.3.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:034f20b74bacb049dac1a7797039369434dcde8035c96ca8a964471bf431b53a +size 467543 diff --git a/libica.changes b/libica.changes index 3652a84..0942fed 100644 --- a/libica.changes +++ b/libica.changes @@ -1,16 +1,32 @@ ------------------------------------------------------------------- -Mon Oct 22 19:09:13 UTC 2018 - mpost@suse.com +Wed Nov 14 18:01:37 UTC 2018 - mpost@suse.com +- Upgraded to version 3.3.3 (Fate#325690) + * v3.3.3 + [PATCH] Various bug fixes + * v3.3.2 + [PATCH] Skip ECC tests if required HW is not available + [PATCH] Update spec file + * v3.3.1 + [PATCH] Fix configure.ac to honour CFLAGS + * v3.3.0 + [FEATURE] Add CEX supported elliptic-curve crypto interfaces + [FEATURE] Add SIMD supported multiple-precision arithmetic interfaces + [FEATURE] Add interface to enable/disable SW fallbacks + [FEATURE] Add 'make check' target, test-suite rework + * v3.2.1 + [FEATURE] Use z14 PRNO-TRNG to seed SHA512-DRBG. + [PATCH] Various bug fixes. +- Dropped obsolete patch increment-icastats-counter-for-aes-gcm.patch - Added "Obsoletes: libica-2_3_0" to the libica-tools package to fix a problem with upgrading from SLES12 SP2 to either SLES12 SP3/SP4, or SLES15. (bsc#1112655) - -------------------------------------------------------------------- -Tue Sep 11 17:19:57 UTC 2018 - mpost@suse.com - - Added "Obsoletes: libica2" to the libica-tools package to fix a problem with upgrading from SLES12 SP2 to either SLES12 SP3/SP4, or SLES15. (bsc#1046435, bsc#1104638) +- Removed COPYING from %files, since it is no longer in the tarball. +- Added Add-non-executable-gnu-stack-markings-in-the-assembl.patch + (bsc#1103493). ------------------------------------------------------------------- Wed Apr 18 02:29:29 UTC 2018 - mpost@suse.com @@ -36,8 +52,8 @@ Fri Sep 22 21:27:04 UTC 2017 - mpost@suse.com - Upgraded to version 3.2 (Fate#321517) * v3.2.0 - [FEATURE] New AES-GCM interface. - [UPDATE] Add symbol versioning. + [FEATURE] New AES-GCM interface. + [UPDATE] Add symbol versioning. * v3.1.1 [PATCH] Various bug fixes related to old and new AES-GCM implementations. [UPDATE] Add SHA3 test cases. Improved and extended test suite. diff --git a/libica.spec b/libica.spec index cd0e6a5..53b0dd2 100644 --- a/libica.spec +++ b/libica.spec @@ -30,7 +30,7 @@ BuildRequires: openssl-devel Summary: Library interface for the IBM Cryptographic Accelerator device driver License: CPL-1.0 Group: Hardware/Other -Version: 3.2.0 +Version: 3.3.3 Release: 0 Source: libica-%{version}.tar.gz Source1: libica-SuSE.tar.bz2 @@ -40,7 +40,7 @@ Source4: README.SUSE Source5: sysconfig.z90crypt Source6: baselibs.conf Source7: %{name}-rpmlintrc -Patch1: increment-icastats-counter-for-aes-gcm.patch +Patch1: Add-non-executable-gnu-stack-markings-in-the-assembl.patch Url: https://github.com/opencryptoki/libica BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -121,21 +121,23 @@ make clean make %{?_smp_mflags} %install -mkdir -p $RPM_BUILD_ROOT/usr/include -make DESTDIR=$RPM_BUILD_ROOT install -cp -p include/ica_api.h $RPM_BUILD_ROOT/usr/include -cp -a SuSE/* $RPM_BUILD_ROOT -install -D %{S:5} $RPM_BUILD_ROOT%{_fillupdir}/sysconfig.z90crypt -cp -a $RPM_SOURCE_DIR/README.SUSE . -rm -f $RPM_BUILD_ROOT/%{_libdir}/libica.la +mkdir -p ${RPM_BUILD_ROOT}/usr/include +make DESTDIR=${RPM_BUILD_ROOT} install +cp -p include/ica_api.h ${RPM_BUILD_ROOT}/usr/include +cp -a SuSE/* ${RPM_BUILD_ROOT} +install -D %{S:5} ${RPM_BUILD_ROOT%}%{_fillupdir}/sysconfig.z90crypt +cp -a ${RPM_SOURCE_DIR}/README.SUSE . +rm -f ${RPM_BUILD_ROOT}%{_libdir}/libica.la +rm -f ${RPM_BUILD_ROOT}/usr/share/doc/libica/* +rmdir ${RPM_BUILD_ROOT}/usr/share/doc/libica -%post +%post -n libica-tools %{fillup_and_insserv -n boot.z90crypt} -%preun +%preun -n libica-tools %stop_on_removal boot.z90crypt -%postun +%postun -n libica-tools %restart_on_update boot.z90crypt %{insserv_cleanup} @@ -148,7 +150,7 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libica.la %files tools %defattr(-, root, root) -%doc README.SUSE COPYING LICENSE +%doc README.SUSE LICENSE %{_initddir}/boot.z90crypt %{_sbindir}/rcz90crypt %attr(0644,root,root) %{_fillupdir}/sysconfig.z90crypt