forked from pool/libica
7870ea3fd9
106 Commits
Author | SHA256 | Message | Date | |
---|---|---|---|---|
Ana Guerrero
|
7870ea3fd9 |
Accepting request 1185106 from security:tls
OBS-URL: https://build.opensuse.org/request/show/1185106 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libica?expand=0&rev=33 |
||
Nikolay Gueorguiev
|
03f2923765 |
- Applied patches
* libica-4.3.0-01-disable-CEX-usage-in-OpenSSL-for-all-tests.patch * libica-4.3.0-02-correct-rc-handling-with-s390_pcc-function.patch * libica-4.3.0-03-Use-__asm__-instead-of-asm.patch - Amended the .spec file to enable FIPS OBS-URL: https://build.opensuse.org/package/show/security:tls/libica?expand=0&rev=18 |
||
Ana Guerrero
|
00d51c1b2e |
Accepting request 1142194 from security:tls
OBS-URL: https://build.opensuse.org/request/show/1142194 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libica?expand=0&rev=32 |
||
Nikolay Gueorguiev
|
9db005d6c6 |
Accepting request 1142192 from home:ngueorguiev:branches:security:tls
Upgrade libica to 2.3.0 (jsc#PED-5446) OBS-URL: https://build.opensuse.org/request/show/1142192 OBS-URL: https://build.opensuse.org/package/show/security:tls/libica?expand=0&rev=16 |
||
Ana Guerrero
|
0c6f4d173f |
Accepting request 1117652 from security:tls
OBS-URL: https://build.opensuse.org/request/show/1117652 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libica?expand=0&rev=31 |
||
Nikolay Gueorguiev
|
88edd08c5b |
Accepting request 1117650 from home:ngueorguiev:branches:security:tls
- Upgrade to version 4.2.3 (jsc#PED-5446) * Add OPENSSL_init_crypto in libica constructor * Remove deprecated ioctl Z90STAT_STATUS_MASK * Bug fixes OBS-URL: https://build.opensuse.org/request/show/1117650 OBS-URL: https://build.opensuse.org/package/show/security:tls/libica?expand=0&rev=14 |
||
Dominique Leuenberger
|
63b7a0c64c |
Accepting request 1088689 from security:tls
OBS-URL: https://build.opensuse.org/request/show/1088689 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libica?expand=0&rev=30 |
||
Nikolay Gueorguiev
|
7d0eadbc1e |
Accepting request 1088688 from home:ngueorguiev:branches:security:tls
- Upgrade to version 4.2.2 (jsc#PED-3277, jsc#PED-3276) - [UPDATE] syslog msgs only in error cases - [UPDATE] don't count statistics in fips power-on self tests - [PATCH] various fixes and some new tests - Remove file /etc/libica/openssl3-fips.cnf - we don't support FIPS yet - Prefix /etc/libica with %dir to ensure we don't package unversioned files in libica4, as otherwise we violate SLPP. - Add /etc/libica directory into %files section. - Upgrade to version 4.2.1 (jsc#PED-2872) - [PATCH] fix regression opening shared memory - Upgrade to version 4.2.0 (jsc#PED-581, bsc#1202365). - [FEATURE] Display build info via icainfo -v - [FEATURE] New API function ica_get_build_version() - [FEATURE] Display fips indication via icainfo -f - [FEATURE] New API function ica_get_fips_indicator() - [FEATURE] New API function ica_aes_gcm_initialize_fips() - [FEATURE] New API function ica_aes_gcm_kma_get_iv() - [FEATURE] New API function ica_get_msa_level() - [PATCH] icainfo: check for malloc error when getting functionlist - Upgrade to version 4.1.1 (jsc#PED-581, bsc#1202365). v4.1.1 - [PATCH] Fix aes-xts multi-part operations [PATCH] Fix make dist v4.1.0 - [FEATURE] FIPS: make libica FIPS 140-3 compliant [FEATURE] New API function ica_ecdsa_sign_ex() [FEATURE] New icainfo output option -r - [PATCH] Various bug fixes - Removed the following obsolete files: baselibs.conf icaioctl.h - Upgraded to version 4.0.3 (jsc#PED-581, jsc#PED-621, jsc#PED-629) v4.0.3 - [PATCH] Reduce the number of open file descriptors - [PATCH] Various bug fixes v4.0.2 - [PATCH] Various bug fixes v4.0.1 - [PATCH] Various bug fixes - [PATCH] Compute HMAC from installed library v4.0.0 - [UPDATE] NO_SW_FALLBACKS is now the default for libica.so [UPDATE] Removed deprecated API functions including tests [UPDATE] Introduced 'const' for some API function parameters [FEATURE] icastats: new parm -k to display detailed counters - Replaced libica-sles15sp2-FIPS-hmac-key.patch with an updated version named libica-sles15sp5-FIPS-hmac-key.patch. - Updated the libica-rpmlintrc file to suppress warnings about the libica-cex hmac files being hidden. - Updated the spec file to properly both obsolete and provide two older versions of the package. - Upgrade to version 3.9.0 (jsc#SLE-18454, jsc#SLE-18564) - [FEATURE] Add support for OpenSSL 3.0 - [FEATURE] icainfo: new parm -c to display available EC curves - Replaced the obsolete PreReq: %fillup_prereq with Requires(post): %fillup_prereq in the spec file. - Update to version 3.8.0 (jsc#SLE-18334) - [FEATURE] provide libica-cex module to satisfy special security requirements - [FEATURE] FIPS: enforce the HMAC check - Remove upstreamed patches: - libica-sles15sp2-FIPS-add-SHA3-KATs-to-fips_powerup_tests.patch - libica-sles15sp2-FIPS-skip-SHA3-tests-if-running-on-hardware-without-.patch - libica-sles15sp2-Zeroize-local-variables.patch - Remove patches obsoleted by upstrea developent: * FIPS: Find libica from phdrs. - libica-sles15sp2-FIPS-use-full-library-version-for-hmac-filename.patch * FIPS: enforce the hmac check - libica-sles15sp2-FIPS-fix-inconsistent-error-handling.patch - Fix up tests and hmac generation + libica-FIPS-make-it-possible-to-specify-fipshmac-binary.patch - Remove obsolete attributes from filelists - Upgraded to version 3.7.0 (jsc#SLE-13708) * Version 3.7.0 - [FEATURE] FIPS: Add HMAC based library integrity check - [PATCH] icainfo: bugfix for RSA and EC related info for software column. - [PATCH] FIPS: provide output iv in cbc-cs decrypt as required by FIPS tests - [PATCH] FIPS: Fix DES and TDES key length - [PATCH] icastats: Fix stats counter format * Version 3.6.1 - [PATCH] Fix x25519 and x448 handling of non-canonical values - Removed the following obsolete patches * libica-sles15sp2-x25519-x448-fix-handling-of-non-canonical-values.patch * libica-sles15sp2-Fix-DES-and-TDES-key-length.patch * libica-sles15sp2-FIPS-provide-output-iv-as-required-by-FIPS-tests.patch * libica-sles15sp2-icainfo-bugfix-for-RSA-and-EC-related-info-for-softw.patch * libica-sles15sp2-Build-with-pthread-flag.patch * libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch * libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-addon.patch * libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-rename-variables.patch - Fix lack of SHA3 KATs in "make check" processing (bsc#1175277) * Added libica-sles15sp2-FIPS-add-SHA3-KATs-to-fips_powerup_tests.patch * Added libica-sles15sp2-FIPS-skip-SHA3-tests-if-running-on-hardware-without-.patch - Fix FIPS hmac check (bsc#1175356). * Update FIPS support to upstream - Refresh libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch from upstream. - Add libica-sles15sp2-Build-with-pthread-flag.patch - Add libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-addon.patch - Add libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-rename-variables.patch - Add libica-sles15sp2-FIPS-use-full-library-version-for-hmac-filename.patch * FIPS check should fail when hmac is missing - Add libica-sles15sp2-FIPS-fix-inconsistent-error-handling.patch - Create an hmac for the selftest - Check that selftest fails without a hmac - Hash libica.so.3 rather than libica.so.3.6.0 * Fix hmac key format. It should be hexadecimal, not ASCII - Refresh libica-sles15sp2-FIPS-hmac-key.patch - Fix Some internal variables used to store sensitive information (keys) were not zeroized before returning to the calling application. (bsc#1175357) * Added libica-sles15sp2-Zeroize-local-variables.patch - Updated libica-rpmlintrc to eliminate the warning about the HMAC file being a hidden file. It is supposed to be hidden. - Added the following patches for FIPS certification (bsc#1162533) * libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch * libica-sles15sp2-FIPS-hmac-key.patch - Added a BuildRequires for the fipscheck package. - Made a couple of changes to the spec file based upon recommendations by spec-cleaner. - Added the following patches for FIPS certification. * libica-sles15sp2-Fix-DES-and-TDES-key-length.patch (bsc#1166071) Although a DES key has only 56 effective bits, all 64 bits must be considered, because the parity bits are spread over all 8 bytes of the key. * libica-sles15sp2-FIPS-provide-output-iv-as-required-by-FIPS-tests.patch (bsc#1166210) FIPS tests require the output iv to be the iv resulting from decrypting the last block with a zero iv as input. * libica-sles15sp2-icainfo-bugfix-for-RSA-and-EC-related-info-for-softw.patch (bsc#1166224) The output from icainfo never shows 'yes' for RSA ME, RSA CRT, ECDH, ECDSA sign, ECDSA verify, and ECKGEN, due to the missing ICA_FLAG_SW flag in the icaList. - Added libica-sles15sp2-x25519-x448-fix-handling-of-non-canonical-values.patch (bsc#1156768) - Upgraded to version 3.6.0 (jsc#SLE-7584) * [FEATURE] Add MSA9 CPACF support for Ed25519, Ed448, X25519 and X448 - Upgraded to version 3.5.0 (Fate#327840) - [FEATURE] Add MSA9 CPACF support for ECDSA sign/verify - Reworked how libica-tools loads and unloads kernel modules to avoid spurious error messages (bsc#1134004): * Converted the boot.z90crypt sysV init script to a systemd unit file. * Removed any references to insserv in the spec file. * Updated the z90crypt script itself to properly load and unload the kernel modules as they exist today. * Eliminated the obsolete libica-SuSE.tar.bz2 archive. - Updated the README.SUSE file to reflect the change from sysV init style script to systemd. - Made numerous changes to the spec file, based on the output from the spec-cleaner command. - Run testsuite during build - Upgraded to version 3.4.0 (Fate#325690) * v3.4.0 [FEATURE] Add SHA-512/224 and SHA-512/256 support - Dropped obsolete patch Add-non-executable-gnu-stack-markings-in-the-assembl.patch - Made numerous updates to spec file based on spec-cleanup run. - Upgraded to version 3.3.3 (Fate#325690) * v3.3.3 [PATCH] Various bug fixes * v3.3.2 [PATCH] Skip ECC tests if required HW is not available [PATCH] Update spec file * v3.3.1 [PATCH] Fix configure.ac to honour CFLAGS * v3.3.0 [FEATURE] Add CEX supported elliptic-curve crypto interfaces [FEATURE] Add SIMD supported multiple-precision arithmetic interfaces [FEATURE] Add interface to enable/disable SW fallbacks [FEATURE] Add 'make check' target, test-suite rework * v3.2.1 [FEATURE] Use z14 PRNO-TRNG to seed SHA512-DRBG. [PATCH] Various bug fixes. - Dropped obsolete patch increment-icastats-counter-for-aes-gcm.patch - Removed COPYING from %files, since it is no longer in the tarball. - Added Add-non-executable-gnu-stack-markings-in-the-assembl.patch (bsc#1103493). - Made multiple changes to the spec file based on the output of spec-cleaner - Added "Obsoletes: libica-2_3_0" to the libica-tools package to fix a problem with upgrading from SLES12 SP2 to either SLES12 SP3/SP4, or SLES15. (bsc#1112655) - Added "Obsoletes: libica2" to the libica-tools package to fix a problem with upgrading from SLES12 SP2 to either SLES12 SP3/SP4, or SLES15. (bsc#1046435, bsc#1104638) - Added increment-icastats-counter-for-aes-gcm.patch (bsc#1086756) - Updated boot.z90crypt script to fix a problem with the modprobe command not being found. (bsc#1040229). - Added "Recommends: libica-tools" (bsc#1046435). - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) - Added "--enable-fips" to the %configure parms (Fate#324115) - Upgraded to version 3.2 (Fate#321517) * v3.2.0 [FEATURE] New AES-GCM interface. [UPDATE] Add symbol versioning. * v3.1.1 [PATCH] Various bug fixes related to old and new AES-GCM implementations. [UPDATE] Add SHA3 test cases. Improved and extended test suite. * v3.1.0 [FEATURE] Add KMA support for AES-GCM. [FEATURE] Add SHA-3 support. [PATCH] Reject RSA keys with invalid key-length. [PATCH] Allow zero output length for ica_random_number_generate. [PATCH] icastats: Correct owner of shared segment when root creates it. * Removed the following obsolete patches: libica-3.0.2-01-fix-old-aes-gcm-decrypt-code-path.patch libica-3.0.2-02-fix-aes-ccm-encrypt-code-path.patch libica-3.0.2-03-fix-aes-ctr.patch libica-3.0.2-04-fix-aes-gcm-to-allow-zero-pt-ct-length.patch - libica: AES-GCM/CCM sometimes compute wrong tag values (bsc#1058567) - Added the following patches (bsc#1058567) - libica-3.0.2-01-fix-old-aes-gcm-decrypt-code-path.patch - libica-3.0.2-02-fix-aes-ccm-encrypt-code-path.patch - libica-3.0.2-03-fix-aes-ctr.patch - libica-3.0.2-04-fix-aes-gcm-to-allow-zero-pt-ct-length.patch - baselibs.conf doesn't need any additional provides/conflicts for libica3. - Update baselibs.conf with proper name for library package name, stop providing/obsoleting libica-2_1_0/libica-2_3-0. - Upgraded to version 3.0.2 (Fate#322025). - v3.0.2 - Fix locking callbacks for openSSL APIs. - v3.0.1 - Fixed msa level detection on zEC/BC12 GA1 and predecessors. - v3.0.0 - Added FIPS mode. - Sanitized exported symbols. - Removed deprecated APIs. Marked some APIs as deprecated. - Adapted to OpenSSL v1.1.0. - RSA key generation is thread-safe now. - Removed the following obsolete patches: - fix-initialization-of-s390-hardware-switches-1.patch - fix-initialization-of-s390-hardware-switches-2.patch - fix-msa-level-detection.patch - fix-segfault-during-multithread-keygen.patch - rng-performance.patch - Made the following packaging changes: - Implemented the shared library packaging guidelines. - Consolidated double invocation of %setup into just one. - Dropped redundant %ifarch, the package is already ExclusiveArch. - Updated descriptions. - Added an libica-rpmlintrc file. - Added the following two patches: - fix-segfault-during-multithread-keygen.patch (bsc#991485) - fix-msa-level-detection.patch (bsc#1010927) - Added rng-performance.patch (bsc#990850). - Updated baselibs.conf to obsolete prior versions of the 32bit package. (bsc#983897): provides "libica-<targettype> = <version>" obsoletes "libica-<targettype> < <version>" provides "libica-2_1_0-<targettype> = <version>" obsoletes "libica-2_1_0-<targettype> < <version>" provides "libica-2_3_0-<targettype> = <version>" obsoletes "libica-2_3_0-<targettype> < <version>" - Added fix-initialization-of-s390-hardware-switches-1.patch and fix-initialization-of-s390-hardware-switches-2.patch (bsc#980548) - Upgraded to version 2.6.2 (FATE#319610). - Renamed /etc/init.d/z90crypt to boot.z90crypt to conform to naming standards. - Found the original location of the icaioctl.h file and downloaded it to replace what we had previously. - Removed the unnecessary libica2.la file - Removed unnecessary Requires for glibc-devel - Added Requires libica2 to the -devel package - Converted call to configure to %configure macro - Removed obsolete and unnecessary INSROOT and bindir parameters from the make install command - Add Provides/Obsoletes for libica-2_3_0 so that the package from SLE12 GA is replaced (bsc#953096). - move the .so file to the mainpackage, the openssl-ibmca engine will only load "libica.so" (bsc#952871) - Update to libica v2.4.2 (FATE#318035) - Removed outdated libica-aes_ccm-31-bit-compatibility.patch - Moved init script into libica-SuSE.tar.bz2 archive - sanitize release line in specfile - Moved z90crypt out of useless libica-SuSE.tar.bz2 tarball to root - Removed libica-SuSE.tar.bz2 - z90crypt now starts and stops ap kernel module (bnc#888943) - libica-aes_ccm-31-bit-compatibility.patch: AES_CCM: fixed 64/31 bit compatibility - add obsoletes and provides for older libica versions - update to 2.3.0 (fate#315342) - obsolete/upstreamed patches: libica-2_1_0-fix_temporary_buffer_allocation_in_ica_get_version.patch libica-2_1_0-msa4-extension.patch libica-2_1_0-synchronize_shared_memory_ref_counting.patch - Added COPYING to %files - Fixed build dependency errors by requiring autoconf, automake and libtool - Changed license to CPL-1.0 - Created devel package - Support for MSA4 extension (bnc#794518, fate#314078) - synchronize shared memory reference counting for library statistics (bnc#719659) - fix temporary buffer allocation in ica_get_version() (bnc#719660) - update -> 2.1.0 (fate#311914) - Moved icainfo into /usr/bin (bnc#448643) - obsolete old -XXbit packages (bnc#437293) - fix build on all platforms - Added CPL license to include/z90crypt.h, removed GPL reference (This patch is upstream) - Changed package name to libica-1_3_9 to conform to rpmlint requirements. (bnc#433432) - Removed soname filter for rpmlint - Several RPM fixes to help satisfy rpmlint - Updated to libica 1.3.9 - added baselibs.conf file to build xxbit packages for multilib support - remove inclusion of linux/config.h - z90crypt: handle errors (bug #247799) - Add gcc-c++ to BuildRequires. - fix build for the rest of platforms - Update to libica 1.3.7 (#160036 - LTC22571) - Increasing # of open handles with symmetric crypto support (#165323 - LTC23095) - converted neededforbuild to BuildRequires - include string.h and unistd.h in icalinux.c - Port package from SLES9 SP3 - Update to libica 1.3.6-rc3. - Close all filehandles (#130060 - LTC19221). - downgrade to libica 1.3.6-rc2 (contains AES software fallback, bug #117336) - Update to libica 1.3.6 (#117336) - fix implicit declaration - Changing the default value from 0 to -1 in rcz90crypt (#114371) - Finally fix 'reload' messages (#81824 - LTC15733). - Fix sigill patch. - Remove printf output from sigill patch (#81829 - LTC15731). - Use correct default value for z90crypt (#81825 - LTC15732). - Fix messages for 'reload' (#81824 - LTC15733). - Fixed SIGILL on z900 (#46422). - Fixed range for 'domain' parameter in sysconfig.z90crypt (#42005). - Fix module loading error (#42006). - Add sysconfig variable to set the 'domain' parameter (#42005). - update -> 1.3.5-3 (bug #42122) - Update README.SuSE and correct name as well - Use modprobe instead of insmod and fix module load error(#40526) - Fix error checking for no hardware found case and hw error on load - Update Readme again for the correct name (SUSE LINUX Server). - Moved README.SuSE to README.SUSE. - Update Readme to refer to the correct name (SUSE Linux Server). - Update to 1.3.5-2 (#38511, #39693). - Update Readme to refer to SUSE Linux Server instead of SuSE Linux Enterprise Server. - Update to 1.3.5 - export CFLAGS & CPPFLAGS for configure - Exclude S/390-specific files for other archs (#37183) - add "-I./include" to CFLAGS and use RPM_OPT_FLAGS - fix build - build as user - update to 1.3.4 - update to 1.3.2 - update to 1.3.1: now supports DES, TDES and SHA, as well as RSA. - throw libica.patch away, since autoversion and Makefile.am have similar changes now, and the renaming from _LINUX_S390_ to __s390__ is not really necessary - use %defattr - checked that icaioctl.h is still current - dump the bin-only z90crypt-2.4.7-s390-2.tar.gz which has gone open source meanwhile and comes with the kernel sources - added documentation how to set up crypto hardware support, esp. S/390 and zSeries. (#16011, #22056) - upgraded to version 1.2 as requested by IBM to make openCryptoki 1.5 actually work. (#20737) - Correct PreReq - fixed src/Makefile.am and ugly ./autoversion to honor %_lib and to build on non-s390 - updated to current libica - hacked in icaioctl.h for build, 'til we have the module in the kernel. - add %run_ldconfig - fix for current automake/autoconf - removed old fillup-template and START_ variable - modified etc/init.d/z90crypt-script to report result at start. - Added openssl to #neededforbuild, which is needed in addition to openssl-devel - initial version OBS-URL: https://build.opensuse.org/request/show/1088688 OBS-URL: https://build.opensuse.org/package/show/security:tls/libica?expand=0&rev=12 |
||
Nikolay Gueorguiev
|
6ed506a7ab |
Accepting request 1088677 from home:ngueorguiev:branches:security:tls
jsc#PED-3277 * [UPDATE] syslog msgs only in error cases * [UPDATE] don't count statistics in fips power-on self tests * [PATCH] various fixes and some new tests OBS-URL: https://build.opensuse.org/request/show/1088677 OBS-URL: https://build.opensuse.org/package/show/security:tls/libica?expand=0&rev=11 |
||
Nikolay Gueorguiev
|
d894bcceca |
Accepting request 1088541 from home:ngueorguiev:branches:security:tls
- Upgrade to version 4.2.2 (jsc#PED-3277, jsc#PED-3276) - [UPDATE] syslog msgs only in error cases - [UPDATE] don't count statistics in fips power-on self tests - [PATCH] various fixes and some new tests - Remove file /etc/libica/openssl3-fips.cnf - we don't support FIPS yet - Prefix /etc/libica with %dir to ensure we don't package unversioned files in libica4, as otherwise we violate SLPP. - Add /etc/libica directory into %files section. - Upgrade to version 4.2.1 (jsc#PED-2872) - [PATCH] fix regression opening shared memory - Upgrade to version 4.2.0 (jsc#PED-581, bsc#1202365). - [FEATURE] Display build info via icainfo -v - [FEATURE] New API function ica_get_build_version() - [FEATURE] Display fips indication via icainfo -f - [FEATURE] New API function ica_get_fips_indicator() - [FEATURE] New API function ica_aes_gcm_initialize_fips() - [FEATURE] New API function ica_aes_gcm_kma_get_iv() - [FEATURE] New API function ica_get_msa_level() - [PATCH] icainfo: check for malloc error when getting functionlist - Upgrade to version 4.1.1 (jsc#PED-581, bsc#1202365). v4.1.1 - [PATCH] Fix aes-xts multi-part operations [PATCH] Fix make dist v4.1.0 - [FEATURE] FIPS: make libica FIPS 140-3 compliant [FEATURE] New API function ica_ecdsa_sign_ex() [FEATURE] New icainfo output option -r - [PATCH] Various bug fixes - Removed the following obsolete files: baselibs.conf icaioctl.h - Upgraded to version 4.0.3 (jsc#PED-581, jsc#PED-621, jsc#PED-629) v4.0.3 - [PATCH] Reduce the number of open file descriptors - [PATCH] Various bug fixes v4.0.2 - [PATCH] Various bug fixes v4.0.1 - [PATCH] Various bug fixes - [PATCH] Compute HMAC from installed library v4.0.0 - [UPDATE] NO_SW_FALLBACKS is now the default for libica.so [UPDATE] Removed deprecated API functions including tests [UPDATE] Introduced 'const' for some API function parameters [FEATURE] icastats: new parm -k to display detailed counters - Replaced libica-sles15sp2-FIPS-hmac-key.patch with an updated version named libica-sles15sp5-FIPS-hmac-key.patch. - Updated the libica-rpmlintrc file to suppress warnings about the libica-cex hmac files being hidden. - Updated the spec file to properly both obsolete and provide two older versions of the package. - Upgrade to version 3.9.0 (jsc#SLE-18454, jsc#SLE-18564) - [FEATURE] Add support for OpenSSL 3.0 - [FEATURE] icainfo: new parm -c to display available EC curves - Replaced the obsolete PreReq: %fillup_prereq with Requires(post): %fillup_prereq in the spec file. - Update to version 3.8.0 (jsc#SLE-18334) - [FEATURE] provide libica-cex module to satisfy special security requirements - [FEATURE] FIPS: enforce the HMAC check - Remove upstreamed patches: - libica-sles15sp2-FIPS-add-SHA3-KATs-to-fips_powerup_tests.patch - libica-sles15sp2-FIPS-skip-SHA3-tests-if-running-on-hardware-without-.patch - libica-sles15sp2-Zeroize-local-variables.patch - Remove patches obsoleted by upstrea developent: * FIPS: Find libica from phdrs. - libica-sles15sp2-FIPS-use-full-library-version-for-hmac-filename.patch * FIPS: enforce the hmac check - libica-sles15sp2-FIPS-fix-inconsistent-error-handling.patch - Fix up tests and hmac generation + libica-FIPS-make-it-possible-to-specify-fipshmac-binary.patch - Remove obsolete attributes from filelists - Upgraded to version 3.7.0 (jsc#SLE-13708) * Version 3.7.0 - [FEATURE] FIPS: Add HMAC based library integrity check - [PATCH] icainfo: bugfix for RSA and EC related info for software column. - [PATCH] FIPS: provide output iv in cbc-cs decrypt as required by FIPS tests - [PATCH] FIPS: Fix DES and TDES key length - [PATCH] icastats: Fix stats counter format * Version 3.6.1 - [PATCH] Fix x25519 and x448 handling of non-canonical values - Removed the following obsolete patches * libica-sles15sp2-x25519-x448-fix-handling-of-non-canonical-values.patch * libica-sles15sp2-Fix-DES-and-TDES-key-length.patch * libica-sles15sp2-FIPS-provide-output-iv-as-required-by-FIPS-tests.patch * libica-sles15sp2-icainfo-bugfix-for-RSA-and-EC-related-info-for-softw.patch * libica-sles15sp2-Build-with-pthread-flag.patch * libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch * libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-addon.patch * libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-rename-variables.patch - Fix lack of SHA3 KATs in "make check" processing (bsc#1175277) * Added libica-sles15sp2-FIPS-add-SHA3-KATs-to-fips_powerup_tests.patch * Added libica-sles15sp2-FIPS-skip-SHA3-tests-if-running-on-hardware-without-.patch - Fix FIPS hmac check (bsc#1175356). * Update FIPS support to upstream - Refresh libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch from upstream. - Add libica-sles15sp2-Build-with-pthread-flag.patch - Add libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-addon.patch - Add libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-rename-variables.patch - Add libica-sles15sp2-FIPS-use-full-library-version-for-hmac-filename.patch * FIPS check should fail when hmac is missing - Add libica-sles15sp2-FIPS-fix-inconsistent-error-handling.patch - Create an hmac for the selftest - Check that selftest fails without a hmac - Hash libica.so.3 rather than libica.so.3.6.0 * Fix hmac key format. It should be hexadecimal, not ASCII - Refresh libica-sles15sp2-FIPS-hmac-key.patch - Fix Some internal variables used to store sensitive information (keys) were not zeroized before returning to the calling application. (bsc#1175357) * Added libica-sles15sp2-Zeroize-local-variables.patch - Updated libica-rpmlintrc to eliminate the warning about the HMAC file being a hidden file. It is supposed to be hidden. - Added the following patches for FIPS certification (bsc#1162533) * libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch * libica-sles15sp2-FIPS-hmac-key.patch - Added a BuildRequires for the fipscheck package. - Made a couple of changes to the spec file based upon recommendations by spec-cleaner. - Added the following patches for FIPS certification. * libica-sles15sp2-Fix-DES-and-TDES-key-length.patch (bsc#1166071) Although a DES key has only 56 effective bits, all 64 bits must be considered, because the parity bits are spread over all 8 bytes of the key. * libica-sles15sp2-FIPS-provide-output-iv-as-required-by-FIPS-tests.patch (bsc#1166210) FIPS tests require the output iv to be the iv resulting from decrypting the last block with a zero iv as input. * libica-sles15sp2-icainfo-bugfix-for-RSA-and-EC-related-info-for-softw.patch (bsc#1166224) The output from icainfo never shows 'yes' for RSA ME, RSA CRT, ECDH, ECDSA sign, ECDSA verify, and ECKGEN, due to the missing ICA_FLAG_SW flag in the icaList. - Added libica-sles15sp2-x25519-x448-fix-handling-of-non-canonical-values.patch (bsc#1156768) - Upgraded to version 3.6.0 (jsc#SLE-7584) * [FEATURE] Add MSA9 CPACF support for Ed25519, Ed448, X25519 and X448 - Upgraded to version 3.5.0 (Fate#327840) - [FEATURE] Add MSA9 CPACF support for ECDSA sign/verify - Reworked how libica-tools loads and unloads kernel modules to avoid spurious error messages (bsc#1134004): * Converted the boot.z90crypt sysV init script to a systemd unit file. * Removed any references to insserv in the spec file. * Updated the z90crypt script itself to properly load and unload the kernel modules as they exist today. * Eliminated the obsolete libica-SuSE.tar.bz2 archive. - Updated the README.SUSE file to reflect the change from sysV init style script to systemd. - Made numerous changes to the spec file, based on the output from the spec-cleaner command. - Run testsuite during build - Upgraded to version 3.4.0 (Fate#325690) * v3.4.0 [FEATURE] Add SHA-512/224 and SHA-512/256 support - Dropped obsolete patch Add-non-executable-gnu-stack-markings-in-the-assembl.patch - Made numerous updates to spec file based on spec-cleanup run. - Upgraded to version 3.3.3 (Fate#325690) * v3.3.3 [PATCH] Various bug fixes * v3.3.2 [PATCH] Skip ECC tests if required HW is not available [PATCH] Update spec file * v3.3.1 [PATCH] Fix configure.ac to honour CFLAGS * v3.3.0 [FEATURE] Add CEX supported elliptic-curve crypto interfaces [FEATURE] Add SIMD supported multiple-precision arithmetic interfaces [FEATURE] Add interface to enable/disable SW fallbacks [FEATURE] Add 'make check' target, test-suite rework * v3.2.1 [FEATURE] Use z14 PRNO-TRNG to seed SHA512-DRBG. [PATCH] Various bug fixes. - Dropped obsolete patch increment-icastats-counter-for-aes-gcm.patch - Removed COPYING from %files, since it is no longer in the tarball. - Added Add-non-executable-gnu-stack-markings-in-the-assembl.patch (bsc#1103493). - Made multiple changes to the spec file based on the output of spec-cleaner - Added "Obsoletes: libica-2_3_0" to the libica-tools package to fix a problem with upgrading from SLES12 SP2 to either SLES12 SP3/SP4, or SLES15. (bsc#1112655) - Added "Obsoletes: libica2" to the libica-tools package to fix a problem with upgrading from SLES12 SP2 to either SLES12 SP3/SP4, or SLES15. (bsc#1046435, bsc#1104638) - Added increment-icastats-counter-for-aes-gcm.patch (bsc#1086756) - Updated boot.z90crypt script to fix a problem with the modprobe command not being found. (bsc#1040229). - Added "Recommends: libica-tools" (bsc#1046435). - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) - Added "--enable-fips" to the %configure parms (Fate#324115) - Upgraded to version 3.2 (Fate#321517) * v3.2.0 [FEATURE] New AES-GCM interface. [UPDATE] Add symbol versioning. * v3.1.1 [PATCH] Various bug fixes related to old and new AES-GCM implementations. [UPDATE] Add SHA3 test cases. Improved and extended test suite. * v3.1.0 [FEATURE] Add KMA support for AES-GCM. [FEATURE] Add SHA-3 support. [PATCH] Reject RSA keys with invalid key-length. [PATCH] Allow zero output length for ica_random_number_generate. [PATCH] icastats: Correct owner of shared segment when root creates it. * Removed the following obsolete patches: libica-3.0.2-01-fix-old-aes-gcm-decrypt-code-path.patch libica-3.0.2-02-fix-aes-ccm-encrypt-code-path.patch libica-3.0.2-03-fix-aes-ctr.patch libica-3.0.2-04-fix-aes-gcm-to-allow-zero-pt-ct-length.patch - libica: AES-GCM/CCM sometimes compute wrong tag values (bsc#1058567) - Added the following patches (bsc#1058567) - libica-3.0.2-01-fix-old-aes-gcm-decrypt-code-path.patch - libica-3.0.2-02-fix-aes-ccm-encrypt-code-path.patch - libica-3.0.2-03-fix-aes-ctr.patch - libica-3.0.2-04-fix-aes-gcm-to-allow-zero-pt-ct-length.patch - baselibs.conf doesn't need any additional provides/conflicts for libica3. - Update baselibs.conf with proper name for library package name, stop providing/obsoleting libica-2_1_0/libica-2_3-0. - Upgraded to version 3.0.2 (Fate#322025). - v3.0.2 - Fix locking callbacks for openSSL APIs. - v3.0.1 - Fixed msa level detection on zEC/BC12 GA1 and predecessors. - v3.0.0 - Added FIPS mode. - Sanitized exported symbols. - Removed deprecated APIs. Marked some APIs as deprecated. - Adapted to OpenSSL v1.1.0. - RSA key generation is thread-safe now. - Removed the following obsolete patches: - fix-initialization-of-s390-hardware-switches-1.patch - fix-initialization-of-s390-hardware-switches-2.patch - fix-msa-level-detection.patch - fix-segfault-during-multithread-keygen.patch - rng-performance.patch - Made the following packaging changes: - Implemented the shared library packaging guidelines. - Consolidated double invocation of %setup into just one. - Dropped redundant %ifarch, the package is already ExclusiveArch. - Updated descriptions. - Added an libica-rpmlintrc file. - Added the following two patches: - fix-segfault-during-multithread-keygen.patch (bsc#991485) - fix-msa-level-detection.patch (bsc#1010927) - Added rng-performance.patch (bsc#990850). - Updated baselibs.conf to obsolete prior versions of the 32bit package. (bsc#983897): provides "libica-<targettype> = <version>" obsoletes "libica-<targettype> < <version>" provides "libica-2_1_0-<targettype> = <version>" obsoletes "libica-2_1_0-<targettype> < <version>" provides "libica-2_3_0-<targettype> = <version>" obsoletes "libica-2_3_0-<targettype> < <version>" - Added fix-initialization-of-s390-hardware-switches-1.patch and fix-initialization-of-s390-hardware-switches-2.patch (bsc#980548) - Upgraded to version 2.6.2 (FATE#319610). - Renamed /etc/init.d/z90crypt to boot.z90crypt to conform to naming standards. - Found the original location of the icaioctl.h file and downloaded it to replace what we had previously. - Removed the unnecessary libica2.la file - Removed unnecessary Requires for glibc-devel - Added Requires libica2 to the -devel package - Converted call to configure to %configure macro - Removed obsolete and unnecessary INSROOT and bindir parameters from the make install command - Add Provides/Obsoletes for libica-2_3_0 so that the package from SLE12 GA is replaced (bsc#953096). - move the .so file to the mainpackage, the openssl-ibmca engine will only load "libica.so" (bsc#952871) - Update to libica v2.4.2 (FATE#318035) - Removed outdated libica-aes_ccm-31-bit-compatibility.patch - Moved init script into libica-SuSE.tar.bz2 archive - sanitize release line in specfile - Moved z90crypt out of useless libica-SuSE.tar.bz2 tarball to root - Removed libica-SuSE.tar.bz2 - z90crypt now starts and stops ap kernel module (bnc#888943) - libica-aes_ccm-31-bit-compatibility.patch: AES_CCM: fixed 64/31 bit compatibility - add obsoletes and provides for older libica versions - update to 2.3.0 (fate#315342) - obsolete/upstreamed patches: libica-2_1_0-fix_temporary_buffer_allocation_in_ica_get_version.patch libica-2_1_0-msa4-extension.patch libica-2_1_0-synchronize_shared_memory_ref_counting.patch - Added COPYING to %files - Fixed build dependency errors by requiring autoconf, automake and libtool - Changed license to CPL-1.0 - Created devel package - Support for MSA4 extension (bnc#794518, fate#314078) - synchronize shared memory reference counting for library statistics (bnc#719659) - fix temporary buffer allocation in ica_get_version() (bnc#719660) - update -> 2.1.0 (fate#311914) - Moved icainfo into /usr/bin (bnc#448643) - obsolete old -XXbit packages (bnc#437293) - fix build on all platforms - Added CPL license to include/z90crypt.h, removed GPL reference (This patch is upstream) - Changed package name to libica-1_3_9 to conform to rpmlint requirements. (bnc#433432) - Removed soname filter for rpmlint - Several RPM fixes to help satisfy rpmlint - Updated to libica 1.3.9 - added baselibs.conf file to build xxbit packages for multilib support - remove inclusion of linux/config.h - z90crypt: handle errors (bug #247799) - Add gcc-c++ to BuildRequires. - fix build for the rest of platforms - Update to libica 1.3.7 (#160036 - LTC22571) - Increasing # of open handles with symmetric crypto support (#165323 - LTC23095) - converted neededforbuild to BuildRequires - include string.h and unistd.h in icalinux.c - Port package from SLES9 SP3 - Update to libica 1.3.6-rc3. - Close all filehandles (#130060 - LTC19221). - downgrade to libica 1.3.6-rc2 (contains AES software fallback, bug #117336) - Update to libica 1.3.6 (#117336) - fix implicit declaration - Changing the default value from 0 to -1 in rcz90crypt (#114371) - Finally fix 'reload' messages (#81824 - LTC15733). - Fix sigill patch. - Remove printf output from sigill patch (#81829 - LTC15731). - Use correct default value for z90crypt (#81825 - LTC15732). - Fix messages for 'reload' (#81824 - LTC15733). - Fixed SIGILL on z900 (#46422). - Fixed range for 'domain' parameter in sysconfig.z90crypt (#42005). - Fix module loading error (#42006). - Add sysconfig variable to set the 'domain' parameter (#42005). - update -> 1.3.5-3 (bug #42122) - Update README.SuSE and correct name as well - Use modprobe instead of insmod and fix module load error(#40526) - Fix error checking for no hardware found case and hw error on load - Update Readme again for the correct name (SUSE LINUX Server). - Moved README.SuSE to README.SUSE. - Update Readme to refer to the correct name (SUSE Linux Server). - Update to 1.3.5-2 (#38511, #39693). - Update Readme to refer to SUSE Linux Server instead of SuSE Linux Enterprise Server. - Update to 1.3.5 - export CFLAGS & CPPFLAGS for configure - Exclude S/390-specific files for other archs (#37183) - add "-I./include" to CFLAGS and use RPM_OPT_FLAGS - fix build - build as user - update to 1.3.4 - update to 1.3.2 - update to 1.3.1: now supports DES, TDES and SHA, as well as RSA. - throw libica.patch away, since autoversion and Makefile.am have similar changes now, and the renaming from _LINUX_S390_ to __s390__ is not really necessary - use %defattr - checked that icaioctl.h is still current - dump the bin-only z90crypt-2.4.7-s390-2.tar.gz which has gone open source meanwhile and comes with the kernel sources - added documentation how to set up crypto hardware support, esp. S/390 and zSeries. (#16011, #22056) - upgraded to version 1.2 as requested by IBM to make openCryptoki 1.5 actually work. (#20737) - Correct PreReq - fixed src/Makefile.am and ugly ./autoversion to honor %_lib and to build on non-s390 - updated to current libica - hacked in icaioctl.h for build, 'til we have the module in the kernel. - add %run_ldconfig - fix for current automake/autoconf - removed old fillup-template and START_ variable - modified etc/init.d/z90crypt-script to report result at start. - Added openssl to #neededforbuild, which is needed in addition to openssl-devel - initial version OBS-URL: https://build.opensuse.org/request/show/1088541 OBS-URL: https://build.opensuse.org/package/show/security:tls/libica?expand=0&rev=10 |
||
Nikolay Gueorguiev
|
48135b8bf2 |
Accepting request 1088514 from home:ngueorguiev:branches:security:tls
- Upgrade to version 4.2.2 (jsc#PED-3277, jsc#PED-3276) - [UPDATE] syslog msgs only in error cases - [UPDATE] don't count statistics in fips power-on self tests - [PATCH] various fixes and some new tests - Removed patches * libica-FIPS-make-it-possible-to-specify-fipshmac-binary.patch * libica-sles15sp5-FIPS-hmac-key.patch - Remove file /etc/libica/openssl3-fips.cnf - we don't support FIPS yet - Prefix /etc/libica with %dir to ensure we don't package unversioned files in libica4, as otherwise we violate SLPP. - Add /etc/libica directory into %files section. - Upgrade to version 4.2.1 (jsc#PED-2872) - [PATCH] fix regression opening shared memory - Upgrade to version 4.2.0 (jsc#PED-581, bsc#1202365). - [FEATURE] Display build info via icainfo -v - [FEATURE] New API function ica_get_build_version() - [FEATURE] Display fips indication via icainfo -f - [FEATURE] New API function ica_get_fips_indicator() - [FEATURE] New API function ica_aes_gcm_initialize_fips() - [FEATURE] New API function ica_aes_gcm_kma_get_iv() - [FEATURE] New API function ica_get_msa_level() - [PATCH] icainfo: check for malloc error when getting functionlist - Upgrade to version 4.1.1 (jsc#PED-581, bsc#1202365). v4.1.1 - [PATCH] Fix aes-xts multi-part operations [PATCH] Fix make dist v4.1.0 - [FEATURE] FIPS: make libica FIPS 140-3 compliant [FEATURE] New API function ica_ecdsa_sign_ex() [FEATURE] New icainfo output option -r - [PATCH] Various bug fixes - Removed the following obsolete files: baselibs.conf icaioctl.h - Upgraded to version 4.0.3 (jsc#PED-581, jsc#PED-621, jsc#PED-629) v4.0.3 - [PATCH] Reduce the number of open file descriptors - [PATCH] Various bug fixes v4.0.2 - [PATCH] Various bug fixes v4.0.1 - [PATCH] Various bug fixes - [PATCH] Compute HMAC from installed library v4.0.0 - [UPDATE] NO_SW_FALLBACKS is now the default for libica.so [UPDATE] Removed deprecated API functions including tests [UPDATE] Introduced 'const' for some API function parameters [FEATURE] icastats: new parm -k to display detailed counters - Replaced libica-sles15sp2-FIPS-hmac-key.patch with an updated version named libica-sles15sp5-FIPS-hmac-key.patch. - Updated the libica-rpmlintrc file to suppress warnings about the libica-cex hmac files being hidden. - Updated the spec file to properly both obsolete and provide two older versions of the package. - Upgrade to version 3.9.0 (jsc#SLE-18454, jsc#SLE-18564) - [FEATURE] Add support for OpenSSL 3.0 - [FEATURE] icainfo: new parm -c to display available EC curves - Replaced the obsolete PreReq: %fillup_prereq with Requires(post): %fillup_prereq in the spec file. - Update to version 3.8.0 (jsc#SLE-18334) - [FEATURE] provide libica-cex module to satisfy special security requirements - [FEATURE] FIPS: enforce the HMAC check - Remove upstreamed patches: - libica-sles15sp2-FIPS-add-SHA3-KATs-to-fips_powerup_tests.patch - libica-sles15sp2-FIPS-skip-SHA3-tests-if-running-on-hardware-without-.patch - libica-sles15sp2-Zeroize-local-variables.patch - Remove patches obsoleted by upstrea developent: * FIPS: Find libica from phdrs. - libica-sles15sp2-FIPS-use-full-library-version-for-hmac-filename.patch * FIPS: enforce the hmac check - libica-sles15sp2-FIPS-fix-inconsistent-error-handling.patch - Fix up tests and hmac generation + libica-FIPS-make-it-possible-to-specify-fipshmac-binary.patch - Remove obsolete attributes from filelists - Upgraded to version 3.7.0 (jsc#SLE-13708) * Version 3.7.0 - [FEATURE] FIPS: Add HMAC based library integrity check - [PATCH] icainfo: bugfix for RSA and EC related info for software column. - [PATCH] FIPS: provide output iv in cbc-cs decrypt as required by FIPS tests - [PATCH] FIPS: Fix DES and TDES key length - [PATCH] icastats: Fix stats counter format * Version 3.6.1 - [PATCH] Fix x25519 and x448 handling of non-canonical values - Removed the following obsolete patches * libica-sles15sp2-x25519-x448-fix-handling-of-non-canonical-values.patch * libica-sles15sp2-Fix-DES-and-TDES-key-length.patch * libica-sles15sp2-FIPS-provide-output-iv-as-required-by-FIPS-tests.patch * libica-sles15sp2-icainfo-bugfix-for-RSA-and-EC-related-info-for-softw.patch * libica-sles15sp2-Build-with-pthread-flag.patch * libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch * libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-addon.patch * libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-rename-variables.patch - Fix lack of SHA3 KATs in "make check" processing (bsc#1175277) * Added libica-sles15sp2-FIPS-add-SHA3-KATs-to-fips_powerup_tests.patch * Added libica-sles15sp2-FIPS-skip-SHA3-tests-if-running-on-hardware-without-.patch - Fix FIPS hmac check (bsc#1175356). * Update FIPS support to upstream - Refresh libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch from upstream. - Add libica-sles15sp2-Build-with-pthread-flag.patch - Add libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-addon.patch - Add libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-rename-variables.patch - Add libica-sles15sp2-FIPS-use-full-library-version-for-hmac-filename.patch * FIPS check should fail when hmac is missing - Add libica-sles15sp2-FIPS-fix-inconsistent-error-handling.patch - Create an hmac for the selftest - Check that selftest fails without a hmac - Hash libica.so.3 rather than libica.so.3.6.0 * Fix hmac key format. It should be hexadecimal, not ASCII - Refresh libica-sles15sp2-FIPS-hmac-key.patch - Fix Some internal variables used to store sensitive information (keys) were not zeroized before returning to the calling application. (bsc#1175357) * Added libica-sles15sp2-Zeroize-local-variables.patch - Updated libica-rpmlintrc to eliminate the warning about the HMAC file being a hidden file. It is supposed to be hidden. - Added the following patches for FIPS certification (bsc#1162533) * libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch * libica-sles15sp2-FIPS-hmac-key.patch - Added a BuildRequires for the fipscheck package. - Made a couple of changes to the spec file based upon recommendations by spec-cleaner. - Added the following patches for FIPS certification. * libica-sles15sp2-Fix-DES-and-TDES-key-length.patch (bsc#1166071) Although a DES key has only 56 effective bits, all 64 bits must be considered, because the parity bits are spread over all 8 bytes of the key. * libica-sles15sp2-FIPS-provide-output-iv-as-required-by-FIPS-tests.patch (bsc#1166210) FIPS tests require the output iv to be the iv resulting from decrypting the last block with a zero iv as input. * libica-sles15sp2-icainfo-bugfix-for-RSA-and-EC-related-info-for-softw.patch (bsc#1166224) The output from icainfo never shows 'yes' for RSA ME, RSA CRT, ECDH, ECDSA sign, ECDSA verify, and ECKGEN, due to the missing ICA_FLAG_SW flag in the icaList. - Added libica-sles15sp2-x25519-x448-fix-handling-of-non-canonical-values.patch (bsc#1156768) - Upgraded to version 3.6.0 (jsc#SLE-7584) * [FEATURE] Add MSA9 CPACF support for Ed25519, Ed448, X25519 and X448 - Upgraded to version 3.5.0 (Fate#327840) - [FEATURE] Add MSA9 CPACF support for ECDSA sign/verify - Reworked how libica-tools loads and unloads kernel modules to avoid spurious error messages (bsc#1134004): * Converted the boot.z90crypt sysV init script to a systemd unit file. * Removed any references to insserv in the spec file. * Updated the z90crypt script itself to properly load and unload the kernel modules as they exist today. * Eliminated the obsolete libica-SuSE.tar.bz2 archive. - Updated the README.SUSE file to reflect the change from sysV init style script to systemd. - Made numerous changes to the spec file, based on the output from the spec-cleaner command. - Run testsuite during build - Upgraded to version 3.4.0 (Fate#325690) * v3.4.0 [FEATURE] Add SHA-512/224 and SHA-512/256 support - Dropped obsolete patch Add-non-executable-gnu-stack-markings-in-the-assembl.patch - Made numerous updates to spec file based on spec-cleanup run. - Upgraded to version 3.3.3 (Fate#325690) * v3.3.3 [PATCH] Various bug fixes * v3.3.2 [PATCH] Skip ECC tests if required HW is not available [PATCH] Update spec file * v3.3.1 [PATCH] Fix configure.ac to honour CFLAGS * v3.3.0 [FEATURE] Add CEX supported elliptic-curve crypto interfaces [FEATURE] Add SIMD supported multiple-precision arithmetic interfaces [FEATURE] Add interface to enable/disable SW fallbacks [FEATURE] Add 'make check' target, test-suite rework * v3.2.1 [FEATURE] Use z14 PRNO-TRNG to seed SHA512-DRBG. [PATCH] Various bug fixes. - Dropped obsolete patch increment-icastats-counter-for-aes-gcm.patch - Removed COPYING from %files, since it is no longer in the tarball. - Added Add-non-executable-gnu-stack-markings-in-the-assembl.patch (bsc#1103493). - Made multiple changes to the spec file based on the output of spec-cleaner - Added "Obsoletes: libica-2_3_0" to the libica-tools package to fix a problem with upgrading from SLES12 SP2 to either SLES12 SP3/SP4, or SLES15. (bsc#1112655) - Added "Obsoletes: libica2" to the libica-tools package to fix a problem with upgrading from SLES12 SP2 to either SLES12 SP3/SP4, or SLES15. (bsc#1046435, bsc#1104638) - Added increment-icastats-counter-for-aes-gcm.patch (bsc#1086756) - Updated boot.z90crypt script to fix a problem with the modprobe command not being found. (bsc#1040229). - Added "Recommends: libica-tools" (bsc#1046435). - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) - Added "--enable-fips" to the %configure parms (Fate#324115) - Upgraded to version 3.2 (Fate#321517) * v3.2.0 [FEATURE] New AES-GCM interface. [UPDATE] Add symbol versioning. * v3.1.1 [PATCH] Various bug fixes related to old and new AES-GCM implementations. [UPDATE] Add SHA3 test cases. Improved and extended test suite. * v3.1.0 [FEATURE] Add KMA support for AES-GCM. [FEATURE] Add SHA-3 support. [PATCH] Reject RSA keys with invalid key-length. [PATCH] Allow zero output length for ica_random_number_generate. [PATCH] icastats: Correct owner of shared segment when root creates it. * Removed the following obsolete patches: libica-3.0.2-01-fix-old-aes-gcm-decrypt-code-path.patch libica-3.0.2-02-fix-aes-ccm-encrypt-code-path.patch libica-3.0.2-03-fix-aes-ctr.patch libica-3.0.2-04-fix-aes-gcm-to-allow-zero-pt-ct-length.patch - libica: AES-GCM/CCM sometimes compute wrong tag values (bsc#1058567) - Added the following patches (bsc#1058567) - libica-3.0.2-01-fix-old-aes-gcm-decrypt-code-path.patch - libica-3.0.2-02-fix-aes-ccm-encrypt-code-path.patch - libica-3.0.2-03-fix-aes-ctr.patch - libica-3.0.2-04-fix-aes-gcm-to-allow-zero-pt-ct-length.patch - baselibs.conf doesn't need any additional provides/conflicts for libica3. - Update baselibs.conf with proper name for library package name, stop providing/obsoleting libica-2_1_0/libica-2_3-0. - Upgraded to version 3.0.2 (Fate#322025). - v3.0.2 - Fix locking callbacks for openSSL APIs. - v3.0.1 - Fixed msa level detection on zEC/BC12 GA1 and predecessors. - v3.0.0 - Added FIPS mode. - Sanitized exported symbols. - Removed deprecated APIs. Marked some APIs as deprecated. - Adapted to OpenSSL v1.1.0. - RSA key generation is thread-safe now. - Removed the following obsolete patches: - fix-initialization-of-s390-hardware-switches-1.patch - fix-initialization-of-s390-hardware-switches-2.patch - fix-msa-level-detection.patch - fix-segfault-during-multithread-keygen.patch - rng-performance.patch - Made the following packaging changes: - Implemented the shared library packaging guidelines. - Consolidated double invocation of %setup into just one. - Dropped redundant %ifarch, the package is already ExclusiveArch. - Updated descriptions. - Added an libica-rpmlintrc file. - Added the following two patches: - fix-segfault-during-multithread-keygen.patch (bsc#991485) - fix-msa-level-detection.patch (bsc#1010927) - Added rng-performance.patch (bsc#990850). - Updated baselibs.conf to obsolete prior versions of the 32bit package. (bsc#983897): provides "libica-<targettype> = <version>" obsoletes "libica-<targettype> < <version>" provides "libica-2_1_0-<targettype> = <version>" obsoletes "libica-2_1_0-<targettype> < <version>" provides "libica-2_3_0-<targettype> = <version>" obsoletes "libica-2_3_0-<targettype> < <version>" - Added fix-initialization-of-s390-hardware-switches-1.patch and fix-initialization-of-s390-hardware-switches-2.patch (bsc#980548) - Upgraded to version 2.6.2 (FATE#319610). - Renamed /etc/init.d/z90crypt to boot.z90crypt to conform to naming standards. - Found the original location of the icaioctl.h file and downloaded it to replace what we had previously. - Removed the unnecessary libica2.la file - Removed unnecessary Requires for glibc-devel - Added Requires libica2 to the -devel package - Converted call to configure to %configure macro - Removed obsolete and unnecessary INSROOT and bindir parameters from the make install command - Add Provides/Obsoletes for libica-2_3_0 so that the package from SLE12 GA is replaced (bsc#953096). - move the .so file to the mainpackage, the openssl-ibmca engine will only load "libica.so" (bsc#952871) - Update to libica v2.4.2 (FATE#318035) - Removed outdated libica-aes_ccm-31-bit-compatibility.patch - Moved init script into libica-SuSE.tar.bz2 archive - sanitize release line in specfile - Moved z90crypt out of useless libica-SuSE.tar.bz2 tarball to root - Removed libica-SuSE.tar.bz2 - z90crypt now starts and stops ap kernel module (bnc#888943) - libica-aes_ccm-31-bit-compatibility.patch: AES_CCM: fixed 64/31 bit compatibility - add obsoletes and provides for older libica versions - update to 2.3.0 (fate#315342) - obsolete/upstreamed patches: libica-2_1_0-fix_temporary_buffer_allocation_in_ica_get_version.patch libica-2_1_0-msa4-extension.patch libica-2_1_0-synchronize_shared_memory_ref_counting.patch - Added COPYING to %files - Fixed build dependency errors by requiring autoconf, automake and libtool - Changed license to CPL-1.0 - Created devel package - Support for MSA4 extension (bnc#794518, fate#314078) - synchronize shared memory reference counting for library statistics (bnc#719659) - fix temporary buffer allocation in ica_get_version() (bnc#719660) - update -> 2.1.0 (fate#311914) - Moved icainfo into /usr/bin (bnc#448643) - obsolete old -XXbit packages (bnc#437293) - fix build on all platforms - Added CPL license to include/z90crypt.h, removed GPL reference (This patch is upstream) - Changed package name to libica-1_3_9 to conform to rpmlint requirements. (bnc#433432) - Removed soname filter for rpmlint - Several RPM fixes to help satisfy rpmlint - Updated to libica 1.3.9 - added baselibs.conf file to build xxbit packages for multilib support - remove inclusion of linux/config.h - z90crypt: handle errors (bug #247799) - Add gcc-c++ to BuildRequires. - fix build for the rest of platforms - Update to libica 1.3.7 (#160036 - LTC22571) - Increasing # of open handles with symmetric crypto support (#165323 - LTC23095) - converted neededforbuild to BuildRequires - include string.h and unistd.h in icalinux.c - Port package from SLES9 SP3 - Update to libica 1.3.6-rc3. - Close all filehandles (#130060 - LTC19221). - downgrade to libica 1.3.6-rc2 (contains AES software fallback, bug #117336) - Update to libica 1.3.6 (#117336) - fix implicit declaration - Changing the default value from 0 to -1 in rcz90crypt (#114371) - Finally fix 'reload' messages (#81824 - LTC15733). - Fix sigill patch. - Remove printf output from sigill patch (#81829 - LTC15731). - Use correct default value for z90crypt (#81825 - LTC15732). - Fix messages for 'reload' (#81824 - LTC15733). - Fixed SIGILL on z900 (#46422). - Fixed range for 'domain' parameter in sysconfig.z90crypt (#42005). - Fix module loading error (#42006). - Add sysconfig variable to set the 'domain' parameter (#42005). - update -> 1.3.5-3 (bug #42122) - Update README.SuSE and correct name as well - Use modprobe instead of insmod and fix module load error(#40526) - Fix error checking for no hardware found case and hw error on load - Update Readme again for the correct name (SUSE LINUX Server). - Moved README.SuSE to README.SUSE. - Update Readme to refer to the correct name (SUSE Linux Server). - Update to 1.3.5-2 (#38511, #39693). - Update Readme to refer to SUSE Linux Server instead of SuSE Linux Enterprise Server. - Update to 1.3.5 - export CFLAGS & CPPFLAGS for configure - Exclude S/390-specific files for other archs (#37183) - add "-I./include" to CFLAGS and use RPM_OPT_FLAGS - fix build - build as user - update to 1.3.4 - update to 1.3.2 - update to 1.3.1: now supports DES, TDES and SHA, as well as RSA. - throw libica.patch away, since autoversion and Makefile.am have similar changes now, and the renaming from _LINUX_S390_ to __s390__ is not really necessary - use %defattr - checked that icaioctl.h is still current - dump the bin-only z90crypt-2.4.7-s390-2.tar.gz which has gone open source meanwhile and comes with the kernel sources - added documentation how to set up crypto hardware support, esp. S/390 and zSeries. (#16011, #22056) - upgraded to version 1.2 as requested by IBM to make openCryptoki 1.5 actually work. (#20737) - Correct PreReq - fixed src/Makefile.am and ugly ./autoversion to honor %_lib and to build on non-s390 - updated to current libica - hacked in icaioctl.h for build, 'til we have the module in the kernel. - add %run_ldconfig - fix for current automake/autoconf - removed old fillup-template and START_ variable - modified etc/init.d/z90crypt-script to report result at start. - Added openssl to #neededforbuild, which is needed in addition to openssl-devel - initial version OBS-URL: https://build.opensuse.org/request/show/1088514 OBS-URL: https://build.opensuse.org/package/show/security:tls/libica?expand=0&rev=9 |
||
Nikolay Gueorguiev
|
d1c80be180 |
Accepting request 1088511 from home:ngueorguiev:branches:security:tls
- Upgrade to version 4.2.2 (jsc#PED-3277) - [UPDATE] syslog msgs only in error cases - [UPDATE] don't count statistics in fips power-on self tests - [PATCH] various fixes and some new tests - Removed patches * libica-FIPS-make-it-possible-to-specify-fipshmac-binary.patch * libica-sles15sp5-FIPS-hmac-key.patch - Remove file /etc/libica/openssl3-fips.cnf - we don't support FIPS yet - Prefix /etc/libica with %dir to ensure we don't package unversioned files in libica4, as otherwise we violate SLPP. - Add /etc/libica directory into %files section. - Upgrade to version 4.2.1 (jsc#PED-2872) - [PATCH] fix regression opening shared memory - Upgrade to version 4.2.0 (jsc#PED-581, bsc#1202365). - [FEATURE] Display build info via icainfo -v - [FEATURE] New API function ica_get_build_version() - [FEATURE] Display fips indication via icainfo -f - [FEATURE] New API function ica_get_fips_indicator() - [FEATURE] New API function ica_aes_gcm_initialize_fips() - [FEATURE] New API function ica_aes_gcm_kma_get_iv() - [FEATURE] New API function ica_get_msa_level() - [PATCH] icainfo: check for malloc error when getting functionlist - Upgrade to version 4.1.1 (jsc#PED-581, bsc#1202365). v4.1.1 - [PATCH] Fix aes-xts multi-part operations [PATCH] Fix make dist v4.1.0 - [FEATURE] FIPS: make libica FIPS 140-3 compliant [FEATURE] New API function ica_ecdsa_sign_ex() [FEATURE] New icainfo output option -r - [PATCH] Various bug fixes - Removed the following obsolete files: baselibs.conf icaioctl.h - Upgraded to version 4.0.3 (jsc#PED-581, jsc#PED-621, jsc#PED-629) v4.0.3 - [PATCH] Reduce the number of open file descriptors - [PATCH] Various bug fixes v4.0.2 - [PATCH] Various bug fixes v4.0.1 - [PATCH] Various bug fixes - [PATCH] Compute HMAC from installed library v4.0.0 - [UPDATE] NO_SW_FALLBACKS is now the default for libica.so [UPDATE] Removed deprecated API functions including tests [UPDATE] Introduced 'const' for some API function parameters [FEATURE] icastats: new parm -k to display detailed counters - Replaced libica-sles15sp2-FIPS-hmac-key.patch with an updated version named libica-sles15sp5-FIPS-hmac-key.patch. - Updated the libica-rpmlintrc file to suppress warnings about the libica-cex hmac files being hidden. - Updated the spec file to properly both obsolete and provide two older versions of the package. - Upgrade to version 3.9.0 (jsc#SLE-18454, jsc#SLE-18564) - [FEATURE] Add support for OpenSSL 3.0 - [FEATURE] icainfo: new parm -c to display available EC curves - Replaced the obsolete PreReq: %fillup_prereq with Requires(post): %fillup_prereq in the spec file. - Update to version 3.8.0 (jsc#SLE-18334) - [FEATURE] provide libica-cex module to satisfy special security requirements - [FEATURE] FIPS: enforce the HMAC check - Remove upstreamed patches: - libica-sles15sp2-FIPS-add-SHA3-KATs-to-fips_powerup_tests.patch - libica-sles15sp2-FIPS-skip-SHA3-tests-if-running-on-hardware-without-.patch - libica-sles15sp2-Zeroize-local-variables.patch - Remove patches obsoleted by upstrea developent: * FIPS: Find libica from phdrs. - libica-sles15sp2-FIPS-use-full-library-version-for-hmac-filename.patch * FIPS: enforce the hmac check - libica-sles15sp2-FIPS-fix-inconsistent-error-handling.patch - Fix up tests and hmac generation + libica-FIPS-make-it-possible-to-specify-fipshmac-binary.patch - Remove obsolete attributes from filelists - Upgraded to version 3.7.0 (jsc#SLE-13708) * Version 3.7.0 - [FEATURE] FIPS: Add HMAC based library integrity check - [PATCH] icainfo: bugfix for RSA and EC related info for software column. - [PATCH] FIPS: provide output iv in cbc-cs decrypt as required by FIPS tests - [PATCH] FIPS: Fix DES and TDES key length - [PATCH] icastats: Fix stats counter format * Version 3.6.1 - [PATCH] Fix x25519 and x448 handling of non-canonical values - Removed the following obsolete patches * libica-sles15sp2-x25519-x448-fix-handling-of-non-canonical-values.patch * libica-sles15sp2-Fix-DES-and-TDES-key-length.patch * libica-sles15sp2-FIPS-provide-output-iv-as-required-by-FIPS-tests.patch * libica-sles15sp2-icainfo-bugfix-for-RSA-and-EC-related-info-for-softw.patch * libica-sles15sp2-Build-with-pthread-flag.patch * libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch * libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-addon.patch * libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-rename-variables.patch - Fix lack of SHA3 KATs in "make check" processing (bsc#1175277) * Added libica-sles15sp2-FIPS-add-SHA3-KATs-to-fips_powerup_tests.patch * Added libica-sles15sp2-FIPS-skip-SHA3-tests-if-running-on-hardware-without-.patch - Fix FIPS hmac check (bsc#1175356). * Update FIPS support to upstream - Refresh libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch from upstream. - Add libica-sles15sp2-Build-with-pthread-flag.patch - Add libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-addon.patch - Add libica-sles15sp2-FIPS-HMAC-based-library-integrity-check-rename-variables.patch - Add libica-sles15sp2-FIPS-use-full-library-version-for-hmac-filename.patch * FIPS check should fail when hmac is missing - Add libica-sles15sp2-FIPS-fix-inconsistent-error-handling.patch - Create an hmac for the selftest - Check that selftest fails without a hmac - Hash libica.so.3 rather than libica.so.3.6.0 * Fix hmac key format. It should be hexadecimal, not ASCII - Refresh libica-sles15sp2-FIPS-hmac-key.patch - Fix Some internal variables used to store sensitive information (keys) were not zeroized before returning to the calling application. (bsc#1175357) * Added libica-sles15sp2-Zeroize-local-variables.patch - Updated libica-rpmlintrc to eliminate the warning about the HMAC file being a hidden file. It is supposed to be hidden. - Added the following patches for FIPS certification (bsc#1162533) * libica-sles15sp2-FIPS-introduce-HMAC-based-library-integrity-check.patch * libica-sles15sp2-FIPS-hmac-key.patch - Added a BuildRequires for the fipscheck package. - Made a couple of changes to the spec file based upon recommendations by spec-cleaner. - Added the following patches for FIPS certification. * libica-sles15sp2-Fix-DES-and-TDES-key-length.patch (bsc#1166071) Although a DES key has only 56 effective bits, all 64 bits must be considered, because the parity bits are spread over all 8 bytes of the key. * libica-sles15sp2-FIPS-provide-output-iv-as-required-by-FIPS-tests.patch (bsc#1166210) FIPS tests require the output iv to be the iv resulting from decrypting the last block with a zero iv as input. * libica-sles15sp2-icainfo-bugfix-for-RSA-and-EC-related-info-for-softw.patch (bsc#1166224) The output from icainfo never shows 'yes' for RSA ME, RSA CRT, ECDH, ECDSA sign, ECDSA verify, and ECKGEN, due to the missing ICA_FLAG_SW flag in the icaList. - Added libica-sles15sp2-x25519-x448-fix-handling-of-non-canonical-values.patch (bsc#1156768) - Upgraded to version 3.6.0 (jsc#SLE-7584) * [FEATURE] Add MSA9 CPACF support for Ed25519, Ed448, X25519 and X448 - Upgraded to version 3.5.0 (Fate#327840) - [FEATURE] Add MSA9 CPACF support for ECDSA sign/verify - Reworked how libica-tools loads and unloads kernel modules to avoid spurious error messages (bsc#1134004): * Converted the boot.z90crypt sysV init script to a systemd unit file. * Removed any references to insserv in the spec file. * Updated the z90crypt script itself to properly load and unload the kernel modules as they exist today. * Eliminated the obsolete libica-SuSE.tar.bz2 archive. - Updated the README.SUSE file to reflect the change from sysV init style script to systemd. - Made numerous changes to the spec file, based on the output from the spec-cleaner command. - Run testsuite during build - Upgraded to version 3.4.0 (Fate#325690) * v3.4.0 [FEATURE] Add SHA-512/224 and SHA-512/256 support - Dropped obsolete patch Add-non-executable-gnu-stack-markings-in-the-assembl.patch - Made numerous updates to spec file based on spec-cleanup run. - Upgraded to version 3.3.3 (Fate#325690) * v3.3.3 [PATCH] Various bug fixes * v3.3.2 [PATCH] Skip ECC tests if required HW is not available [PATCH] Update spec file * v3.3.1 [PATCH] Fix configure.ac to honour CFLAGS * v3.3.0 [FEATURE] Add CEX supported elliptic-curve crypto interfaces [FEATURE] Add SIMD supported multiple-precision arithmetic interfaces [FEATURE] Add interface to enable/disable SW fallbacks [FEATURE] Add 'make check' target, test-suite rework * v3.2.1 [FEATURE] Use z14 PRNO-TRNG to seed SHA512-DRBG. [PATCH] Various bug fixes. - Dropped obsolete patch increment-icastats-counter-for-aes-gcm.patch - Removed COPYING from %files, since it is no longer in the tarball. - Added Add-non-executable-gnu-stack-markings-in-the-assembl.patch (bsc#1103493). - Made multiple changes to the spec file based on the output of spec-cleaner - Added "Obsoletes: libica-2_3_0" to the libica-tools package to fix a problem with upgrading from SLES12 SP2 to either SLES12 SP3/SP4, or SLES15. (bsc#1112655) - Added "Obsoletes: libica2" to the libica-tools package to fix a problem with upgrading from SLES12 SP2 to either SLES12 SP3/SP4, or SLES15. (bsc#1046435, bsc#1104638) - Added increment-icastats-counter-for-aes-gcm.patch (bsc#1086756) - Updated boot.z90crypt script to fix a problem with the modprobe command not being found. (bsc#1040229). - Added "Recommends: libica-tools" (bsc#1046435). - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) - Added "--enable-fips" to the %configure parms (Fate#324115) - Upgraded to version 3.2 (Fate#321517) * v3.2.0 [FEATURE] New AES-GCM interface. [UPDATE] Add symbol versioning. * v3.1.1 [PATCH] Various bug fixes related to old and new AES-GCM implementations. [UPDATE] Add SHA3 test cases. Improved and extended test suite. * v3.1.0 [FEATURE] Add KMA support for AES-GCM. [FEATURE] Add SHA-3 support. [PATCH] Reject RSA keys with invalid key-length. [PATCH] Allow zero output length for ica_random_number_generate. [PATCH] icastats: Correct owner of shared segment when root creates it. * Removed the following obsolete patches: libica-3.0.2-01-fix-old-aes-gcm-decrypt-code-path.patch libica-3.0.2-02-fix-aes-ccm-encrypt-code-path.patch libica-3.0.2-03-fix-aes-ctr.patch libica-3.0.2-04-fix-aes-gcm-to-allow-zero-pt-ct-length.patch - libica: AES-GCM/CCM sometimes compute wrong tag values (bsc#1058567) - Added the following patches (bsc#1058567) - libica-3.0.2-01-fix-old-aes-gcm-decrypt-code-path.patch - libica-3.0.2-02-fix-aes-ccm-encrypt-code-path.patch - libica-3.0.2-03-fix-aes-ctr.patch - libica-3.0.2-04-fix-aes-gcm-to-allow-zero-pt-ct-length.patch - baselibs.conf doesn't need any additional provides/conflicts for libica3. - Update baselibs.conf with proper name for library package name, stop providing/obsoleting libica-2_1_0/libica-2_3-0. - Upgraded to version 3.0.2 (Fate#322025). - v3.0.2 - Fix locking callbacks for openSSL APIs. - v3.0.1 - Fixed msa level detection on zEC/BC12 GA1 and predecessors. - v3.0.0 - Added FIPS mode. - Sanitized exported symbols. - Removed deprecated APIs. Marked some APIs as deprecated. - Adapted to OpenSSL v1.1.0. - RSA key generation is thread-safe now. - Removed the following obsolete patches: - fix-initialization-of-s390-hardware-switches-1.patch - fix-initialization-of-s390-hardware-switches-2.patch - fix-msa-level-detection.patch - fix-segfault-during-multithread-keygen.patch - rng-performance.patch - Made the following packaging changes: - Implemented the shared library packaging guidelines. - Consolidated double invocation of %setup into just one. - Dropped redundant %ifarch, the package is already ExclusiveArch. - Updated descriptions. - Added an libica-rpmlintrc file. - Added the following two patches: - fix-segfault-during-multithread-keygen.patch (bsc#991485) - fix-msa-level-detection.patch (bsc#1010927) - Added rng-performance.patch (bsc#990850). - Updated baselibs.conf to obsolete prior versions of the 32bit package. (bsc#983897): provides "libica-<targettype> = <version>" obsoletes "libica-<targettype> < <version>" provides "libica-2_1_0-<targettype> = <version>" obsoletes "libica-2_1_0-<targettype> < <version>" provides "libica-2_3_0-<targettype> = <version>" obsoletes "libica-2_3_0-<targettype> < <version>" - Added fix-initialization-of-s390-hardware-switches-1.patch and fix-initialization-of-s390-hardware-switches-2.patch (bsc#980548) - Upgraded to version 2.6.2 (FATE#319610). - Renamed /etc/init.d/z90crypt to boot.z90crypt to conform to naming standards. - Found the original location of the icaioctl.h file and downloaded it to replace what we had previously. - Removed the unnecessary libica2.la file - Removed unnecessary Requires for glibc-devel - Added Requires libica2 to the -devel package - Converted call to configure to %configure macro - Removed obsolete and unnecessary INSROOT and bindir parameters from the make install command - Add Provides/Obsoletes for libica-2_3_0 so that the package from SLE12 GA is replaced (bsc#953096). - move the .so file to the mainpackage, the openssl-ibmca engine will only load "libica.so" (bsc#952871) - Update to libica v2.4.2 (FATE#318035) - Removed outdated libica-aes_ccm-31-bit-compatibility.patch - Moved init script into libica-SuSE.tar.bz2 archive - sanitize release line in specfile - Moved z90crypt out of useless libica-SuSE.tar.bz2 tarball to root - Removed libica-SuSE.tar.bz2 - z90crypt now starts and stops ap kernel module (bnc#888943) - libica-aes_ccm-31-bit-compatibility.patch: AES_CCM: fixed 64/31 bit compatibility - add obsoletes and provides for older libica versions - update to 2.3.0 (fate#315342) - obsolete/upstreamed patches: libica-2_1_0-fix_temporary_buffer_allocation_in_ica_get_version.patch libica-2_1_0-msa4-extension.patch libica-2_1_0-synchronize_shared_memory_ref_counting.patch - Added COPYING to %files - Fixed build dependency errors by requiring autoconf, automake and libtool - Changed license to CPL-1.0 - Created devel package - Support for MSA4 extension (bnc#794518, fate#314078) - synchronize shared memory reference counting for library statistics (bnc#719659) - fix temporary buffer allocation in ica_get_version() (bnc#719660) - update -> 2.1.0 (fate#311914) - Moved icainfo into /usr/bin (bnc#448643) - obsolete old -XXbit packages (bnc#437293) - fix build on all platforms - Added CPL license to include/z90crypt.h, removed GPL reference (This patch is upstream) - Changed package name to libica-1_3_9 to conform to rpmlint requirements. (bnc#433432) - Removed soname filter for rpmlint - Several RPM fixes to help satisfy rpmlint - Updated to libica 1.3.9 - added baselibs.conf file to build xxbit packages for multilib support - remove inclusion of linux/config.h - z90crypt: handle errors (bug #247799) - Add gcc-c++ to BuildRequires. - fix build for the rest of platforms - Update to libica 1.3.7 (#160036 - LTC22571) - Increasing # of open handles with symmetric crypto support (#165323 - LTC23095) - converted neededforbuild to BuildRequires - include string.h and unistd.h in icalinux.c - Port package from SLES9 SP3 - Update to libica 1.3.6-rc3. - Close all filehandles (#130060 - LTC19221). - downgrade to libica 1.3.6-rc2 (contains AES software fallback, bug #117336) - Update to libica 1.3.6 (#117336) - fix implicit declaration - Changing the default value from 0 to -1 in rcz90crypt (#114371) - Finally fix 'reload' messages (#81824 - LTC15733). - Fix sigill patch. - Remove printf output from sigill patch (#81829 - LTC15731). - Use correct default value for z90crypt (#81825 - LTC15732). - Fix messages for 'reload' (#81824 - LTC15733). - Fixed SIGILL on z900 (#46422). - Fixed range for 'domain' parameter in sysconfig.z90crypt (#42005). - Fix module loading error (#42006). - Add sysconfig variable to set the 'domain' parameter (#42005). - update -> 1.3.5-3 (bug #42122) - Update README.SuSE and correct name as well - Use modprobe instead of insmod and fix module load error(#40526) - Fix error checking for no hardware found case and hw error on load - Update Readme again for the correct name (SUSE LINUX Server). - Moved README.SuSE to README.SUSE. - Update Readme to refer to the correct name (SUSE Linux Server). - Update to 1.3.5-2 (#38511, #39693). - Update Readme to refer to SUSE Linux Server instead of SuSE Linux Enterprise Server. - Update to 1.3.5 - export CFLAGS & CPPFLAGS for configure - Exclude S/390-specific files for other archs (#37183) - add "-I./include" to CFLAGS and use RPM_OPT_FLAGS - fix build - build as user - update to 1.3.4 - update to 1.3.2 - update to 1.3.1: now supports DES, TDES and SHA, as well as RSA. - throw libica.patch away, since autoversion and Makefile.am have similar changes now, and the renaming from _LINUX_S390_ to __s390__ is not really necessary - use %defattr - checked that icaioctl.h is still current - dump the bin-only z90crypt-2.4.7-s390-2.tar.gz which has gone open source meanwhile and comes with the kernel sources - added documentation how to set up crypto hardware support, esp. S/390 and zSeries. (#16011, #22056) - upgraded to version 1.2 as requested by IBM to make openCryptoki 1.5 actually work. (#20737) - Correct PreReq - fixed src/Makefile.am and ugly ./autoversion to honor %_lib and to build on non-s390 - updated to current libica - hacked in icaioctl.h for build, 'til we have the module in the kernel. - add %run_ldconfig - fix for current automake/autoconf - removed old fillup-template and START_ variable - modified etc/init.d/z90crypt-script to report result at start. - Added openssl to #neededforbuild, which is needed in addition to openssl-devel - initial version OBS-URL: https://build.opensuse.org/request/show/1088511 OBS-URL: https://build.opensuse.org/package/show/security:tls/libica?expand=0&rev=8 |
||
Nikolay Gueorguiev
|
8f54dd4884 |
Accepting request 1088509 from home:ngueorguiev:branches:security:tls
- Upgrade to version 4.2.2 (jsc#PED-3277) - [UPDATE] syslog msgs only in error cases - [UPDATE] don't count statistics in fips power-on self tests - [PATCH] various fixes and some new tests OBS-URL: https://build.opensuse.org/request/show/1088509 OBS-URL: https://build.opensuse.org/package/show/security:tls/libica?expand=0&rev=7 |
||
Dominique Leuenberger
|
3753113a93 |
Accepting request 1084581 from security:tls
OBS-URL: https://build.opensuse.org/request/show/1084581 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libica?expand=0&rev=29 |
||
Nikolay Gueorguiev
|
28dea1df41 |
Accepting request 1084580 from home:ohollmann:branches:security:tls
- Remove file /etc/libica/openssl3-fips.cnf - we don't support FIPS yet OBS-URL: https://build.opensuse.org/request/show/1084580 OBS-URL: https://build.opensuse.org/package/show/security:tls/libica?expand=0&rev=5 |
||
Dominique Leuenberger
|
7c47619fb7 |
Accepting request 1083312 from security:tls
OBS-URL: https://build.opensuse.org/request/show/1083312 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libica?expand=0&rev=28 |
||
Martin Pluskal
|
6942a62dec |
Accepting request 1083306 from home:dimstar:Factory
- Prefix /etc/libica with %dir to ensure we don't package unversioned files in libica4, as otherwise we violate SLPP. OBS-URL: https://build.opensuse.org/request/show/1083306 OBS-URL: https://build.opensuse.org/package/show/security:tls/libica?expand=0&rev=3 |
||
Nikolay Gueorguiev
|
282bb6840e |
Accepting request 1083286 from home:ohollmann:branches:security:tls
- Add /etc/libica directory into %files section. OBS-URL: https://build.opensuse.org/request/show/1083286 OBS-URL: https://build.opensuse.org/package/show/security:tls/libica?expand=0&rev=2 |
||
Otto Hollmann
|
c46ed2cfab | OBS-URL: https://build.opensuse.org/package/show/security:tls/libica?expand=0&rev=1 | ||
Dominique Leuenberger
|
8d94bc3fc9 |
Accepting request 1066752 from devel:openSUSE:Factory
OBS-URL: https://build.opensuse.org/request/show/1066752 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libica?expand=0&rev=27 |
||
Nikolay Gueorguiev
|
b00258baac |
Accepting request 1066751 from home:ngueorguiev:branches:devel:openSUSE:Factory
Update to libica ver. 4.2.1 (jsc#PED-2872) OBS-URL: https://build.opensuse.org/request/show/1066751 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=86 |
||
Dominique Leuenberger
|
4cae5bd51b |
Accepting request 1059994 from devel:openSUSE:Factory
- Upgrade to version 4.2.0 (jsc#PED-581, bsc#1202365). - [FEATURE] Display build info via icainfo -v - [FEATURE] New API function ica_get_build_version() - [FEATURE] Display fips indication via icainfo -f - [FEATURE] New API function ica_get_fips_indicator() - [FEATURE] New API function ica_aes_gcm_initialize_fips() - [FEATURE] New API function ica_aes_gcm_kma_get_iv() - [FEATURE] New API function ica_get_msa_level() - [PATCH] icainfo: check for malloc error when getting functionlist OBS-URL: https://build.opensuse.org/request/show/1059994 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libica?expand=0&rev=26 |
||
Mark Post
|
848af2cce4 | OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=84 | ||
Mark Post
|
c2dd9c26f1 |
Accepting request 1058740 from home:msmeissn:branches:devel:openSUSE:Factory
- Upgrade to version 4.2.0 (jsc#PED-581, bsc#1202365). - [FEATURE] Display build info via icainfo -v - [FEATURE] New API function ica_get_build_version() - [FEATURE] Display fips indication via icainfo -f - [FEATURE] New API function ica_get_fips_indicator() - [FEATURE] New API function ica_aes_gcm_initialize_fips() - [FEATURE] New API function ica_aes_gcm_kma_get_iv() - [FEATURE] New API function ica_get_msa_level() - [PATCH] icainfo: check for malloc error when getting functionlist OBS-URL: https://build.opensuse.org/request/show/1058740 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=83 |
||
Dominique Leuenberger
|
97fc0d45ba |
Accepting request 1010295 from devel:openSUSE:Factory
- Upgrade to version 4.1.1 (jsc#PED-581, bsc#1202365). v4.1.1 - [PATCH] Fix aes-xts multi-part operations [PATCH] Fix make dist v4.1.0 - [FEATURE] FIPS: make libica FIPS 140-3 compliant [FEATURE] New API function ica_ecdsa_sign_ex() [FEATURE] New icainfo output option -r - [PATCH] Various bug fixes - Removed the following obsolete files: baselibs.conf icaioctl.h OBS-URL: https://build.opensuse.org/request/show/1010295 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libica?expand=0&rev=25 |
||
Mark Post
|
1ca5af5a9a | OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=81 | ||
Mark Post
|
4e07d6323f | OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=80 | ||
Mark Post
|
0a7811427a | OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=78 | ||
Mark Post
|
1b2b69b8aa | OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=77 | ||
Mark Post
|
9ec2c60729 | OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=76 | ||
Mark Post
|
c200870eac | OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=75 | ||
Mark Post
|
2808cf7b88 | OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=74 | ||
Mark Post
|
eb885c7177 | OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=73 | ||
Mark Post
|
5cdffa907b | OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=72 | ||
Mark Post
|
a6fc88507b |
Accepting request 1009943 from home:markkp:branches:devel:openSUSE:Factory
- Upgrade to version 4.1.1 (jsc#PED-581, bsc#1202365). v4.1.1 - [PATCH] Fix aes-xts multi-part operations [PATCH] Fix make dist v4.1.0 - [FEATURE] FIPS: make libica FIPS 140-3 compliant [FEATURE] New API function ica_ecdsa_sign_ex() [FEATURE] New icainfo output option -r - [PATCH] Various bug fixes - Removed the following obsolete files: baselibs.conf icaioctl.h OBS-URL: https://build.opensuse.org/request/show/1009943 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=71 |
||
Dominique Leuenberger
|
b04da4e52e |
Accepting request 1003633 from devel:openSUSE:Factory
Updated package for jsc#PED-581, jsc#PED-621, jsc#PED-629 OBS-URL: https://build.opensuse.org/request/show/1003633 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libica?expand=0&rev=24 |
||
Mark Post
|
462d552a0a |
Accepting request 1003632 from home:markkp:branches:devel:openSUSE:Factory
Updated package for jsc#PED-581, jsc#PED-621, jsc#PED-629 OBS-URL: https://build.opensuse.org/request/show/1003632 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=69 |
||
Mark Post
|
6d110f7032 |
Accepting request 1003630 from home:markkp:branches:devel:openSUSE:Factory
Updated package for jsc#PED-581, jsc#PED-621, jsc#PED-629 OBS-URL: https://build.opensuse.org/request/show/1003630 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=68 |
||
Mark Post
|
42eb8cd899 |
Accepting request 1003628 from home:markkp:branches:devel:openSUSE:Factory
Updated package for jsc#PED-581, jsc#PED-621, and jsc#PED-629 OBS-URL: https://build.opensuse.org/request/show/1003628 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=67 |
||
Mark Post
|
7994780419 | OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=66 | ||
Mark Post
|
8b1c8f3d36 | OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=65 | ||
Dominique Leuenberger
|
fe5938cdc1 |
Accepting request 926840 from devel:openSUSE:Factory
OBS-URL: https://build.opensuse.org/request/show/926840 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libica?expand=0&rev=23 |
||
Mark Post
|
1688a137e6 |
Accepting request 926839 from home:markkp:branches:devel:openSUSE:Factory
- Upgrade to version 3.9.0 (jsc#SLE-18454, jsc#SLE-18564) - [FEATURE] Add support for OpenSSL 3.0 - [FEATURE] icainfo: new parm -c to display available EC curves - Replaced the obsolete PreReq: %fillup_prereq with Requires(post): %fillup_prereq in the spec file. OBS-URL: https://build.opensuse.org/request/show/926839 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=61 |
||
Dominique Leuenberger
|
6875eb5be8 |
Accepting request 903102 from devel:openSUSE:Factory
- Update to version 3.8.0 (jsc#SLE-18334) - [FEATURE] provide libica-cex module to satisfy special security requirements - [FEATURE] FIPS: enforce the HMAC check - Remove upstreamed patches: - libica-sles15sp2-FIPS-add-SHA3-KATs-to-fips_powerup_tests.patch - libica-sles15sp2-FIPS-skip-SHA3-tests-if-running-on-hardware-without-.patch - libica-sles15sp2-Zeroize-local-variables.patch - Remove patches obsoleted by upstrea developent: * FIPS: Find libica from phdrs. - libica-sles15sp2-FIPS-use-full-library-version-for-hmac-filename.patch * FIPS: enforce the hmac check - libica-sles15sp2-FIPS-fix-inconsistent-error-handling.patch - Fix up tests and hmac generation + libica-FIPS-make-it-possible-to-specify-fipshmac-binary.patch - Remove obsolete attributes from filelists OBS-URL: https://build.opensuse.org/request/show/903102 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libica?expand=0&rev=22 |
||
Mark Post
|
479816679c | OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=60 | ||
Mark Post
|
6d7a36bc5c | OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=59 | ||
Mark Post
|
70e82f26c0 |
Accepting request 902188 from home:michals
- Update to version 3.8.0 (jsc#SLE-18334) - [FEATURE] provide libica-cex module to satisfy special security requirements - [FEATURE] FIPS: enforce the HMAC check - Remove upstreamed patches: - libica-sles15sp2-FIPS-add-SHA3-KATs-to-fips_powerup_tests.patch - libica-sles15sp2-FIPS-skip-SHA3-tests-if-running-on-hardware-without-.patch - libica-sles15sp2-Zeroize-local-variables.patch - Remove patches obsoleted by upstrea developent: * FIPS: Find libica from phdrs. - libica-sles15sp2-FIPS-use-full-library-version-for-hmac-filename.patch * FIPS: enforce the hmac check - libica-sles15sp2-FIPS-fix-inconsistent-error-handling.patch - Fix up tests and hmac generation + libica-FIPS-make-it-possible-to-specify-fipshmac-binary.patch - Remove obsolete attributes from filelists OBS-URL: https://build.opensuse.org/request/show/902188 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=58 |
||
Dominique Leuenberger
|
69daba3091 |
Accepting request 836417 from devel:openSUSE:Factory
- Upgraded to version 3.7.0 (jsc#SLE-13708) Changed Jira reference to the Epic and not the Team task. OBS-URL: https://build.opensuse.org/request/show/836417 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libica?expand=0&rev=21 |
||
Mark Post
|
bcc02ff1dc | OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=56 | ||
Mark Post
|
ad38d78d79 |
- Upgraded to version 3.7.0 (jsc#SLE-13708)
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/libica?expand=0&rev=55 |