rpms/libica
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import libica-4.1.1-2.el9

Browse Source
This commit is contained in:
CentOS Sources 2023-05-09 05:36:50 +00:00 committed by Stepan Oksanichenko
parent 2d0fbad961
commit 17cb95bc03
5 changed files with 55 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/libica-4.0.2.tar.gz SOURCES/libica-4.1.1.tar.gz

2
.libica.metadata
View File

@ -1 +1 @@
a9137e070966cefc5a2078893edc4693ee62088f SOURCES/libica-4.0.2.tar.gz a826ac86ded4ed96804fe19634b02838ab78ac86 SOURCES/libica-4.1.1.tar.gz

35
SOURCES/libica-4.1.1-shmem.patch Normal file
View File

@ -0,0 +1,35 @@
From cd5b2b75554875111bf375b555ebd3b185cff1a0 Mon Sep 17 00:00:00 2001
From: Joerg Schmidbauer <jschmidb@de.ibm.com>
Date: Wed, 1 Feb 2023 10:54:33 +0100
Subject: [libica PATCH] bugfix: permission denied on shared memory segments
A change to the Linux kernel in 4.19 for added security is
changing the behavior when opening shared memory segments.
The O_CREAT flag must not be used for existing segments.
Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
---
src/icastats_shared.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/icastats_shared.c b/src/icastats_shared.c
index bbc8d0e..8290239 100644
--- a/src/icastats_shared.c
+++ b/src/icastats_shared.c
@@ -54,9 +54,10 @@ int stats_mmap(int user)
sprintf(shm_id, "icastats_%d",
user == -1 ? geteuid() : (uid_t)user);
- stats_shm_handle = shm_open(shm_id,
- O_CREAT | O_RDWR,
- S_IRUSR | S_IWUSR);
+ stats_shm_handle = shm_open(shm_id, O_RDWR, S_IRUSR | S_IWUSR);
+
+ if (stats_shm_handle == -1)
+ stats_shm_handle = shm_open(shm_id, O_CREAT | O_RDWR, S_IRUSR | S_IWUSR);
if (stats_shm_handle == -1)
return rc;
--
2.39.1

33
SOURCES/libica-no-fips-config.patch
View File

@ -1,33 +0,0 @@
From 56b6ca219ecd37ba2c7e520ddac83eb801ce76ad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
Date: Mon, 16 May 2022 15:44:06 +0200
Subject: [libica PATCH] FIPS specific openssl config is not required in
RHEL/Fedora
---
src/fips.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/fips.c b/src/fips.c
index 129a1a7..6466133 100644
--- a/src/fips.c
+++ b/src/fips.c
@@ -235,12 +235,15 @@ fips_init(void)
FIPS_mode_set(1);
#else
fips = 0;
+ /* FIPS specific openssl config is not required in RHEL/Fedora */
+#if 0
if (!OSSL_LIB_CTX_load_config(openssl_libctx, LIBICA_FIPS_CONFIG)) {
syslog(LOG_ERR, "Libica failed to load openssl fips config %s\n",
LIBICA_FIPS_CONFIG);
fips |= ICA_FIPS_INTEGRITY;
return;
}
+#endif
openssl_provider = OSSL_PROVIDER_load(openssl_libctx, "fips");
if (openssl_provider == NULL) {
--
2.34.3

23
SPECS/libica.spec
View File

@ -2,8 +2,8 @@
Summary: Library for accessing ICA hardware crypto on IBM z Systems Summary: Library for accessing ICA hardware crypto on IBM z Systems
Name: libica Name: libica
Version: 4.0.2 Version: 4.1.1
Release: 1%{?dist} Release: 2%{?dist}
License: CPL License: CPL
URL: https://github.com/opencryptoki/ URL: https://github.com/opencryptoki/
Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
@ -11,9 +11,9 @@ Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{v
# https://bugzilla.redhat.com/show_bug.cgi?id=1630582 # https://bugzilla.redhat.com/show_bug.cgi?id=1630582
# https://github.com/opencryptoki/libica/pull/24 # https://github.com/opencryptoki/libica/pull/24
Patch0: %{name}-4.0.0-annotate.patch Patch0: %{name}-4.0.0-annotate.patch
# FIPS openssl config is not needed on RHEL/Fedora # fix permissions for shared memory segments
# https://bugzilla.redhat.com/show_bug.cgi?id=2084097 # https://bugzilla.redhat.com/show_bug.cgi?id=2167364
Patch1: %{name}-no-fips-config.patch Patch1: %{name}-4.1.1-shmem.patch
BuildRequires: gcc BuildRequires: gcc
BuildRequires: openssl-devel BuildRequires: openssl-devel
BuildRequires: openssl BuildRequires: openssl
@ -49,6 +49,11 @@ sh ./bootstrap.sh
%build %build
# FIPS openssl config is not needed on RHEL/Fedora
# https://bugzilla.redhat.com/show_bug.cgi?id=2084097
CPPFLAGS=-DNO_FIPS_CONFIG_LOAD
export CPPFLAGS
%configure --disable-static \ %configure --disable-static \
%if %{with_fips} %if %{with_fips}
--enable-fips --enable-fips
@ -105,6 +110,14 @@ fi
%changelog %changelog
* Tue Feb 07 2023 Dan Horák <dhorak@redhat.com> - 4.1.1-2
- fix permissions for shared memory segments (#2167364)
- Resolves: #2167364
* Mon Oct 24 2022 Dan Horák <dhorak@redhat.com> - 4.1.1-1
- updated to 4.1.1 (#2110374)
- Resolves: #2110374
* Thu Jun 30 2022 Dan Horák <dhorak@redhat.com> - 4.0.2-1 * Thu Jun 30 2022 Dan Horák <dhorak@redhat.com> - 4.0.2-1
- updated to 4.0.2 (#2101767) - updated to 4.0.2 (#2101767)
- Resolves: #2101767 - Resolves: #2101767