import libica-3.9.0-1.el8
This commit is contained in:
CentOS Sources
Stepan Oksanichenko
parent
ea8e9b87f5
commit
22dda75e00
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
||||
SOURCES/libica-3.8.0.tar.gz
|
||||
SOURCES/libica-3.9.0.tar.gz
|
||||
|
||||
@ -1 +1 @@
|
||||
84db4d350fe1b142cc84adf8c3cce86777147e60 SOURCES/libica-3.8.0.tar.gz
|
||||
98f9f376a8db6f58deab1e08987653170159fe41 SOURCES/libica-3.9.0.tar.gz
|
||||
|
||||
@ -1,67 +0,0 @@
|
||||
From a70dfe13b7dd2914ad29175ae026284bd5461e0e Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
|
||||
Date: Mon, 24 May 2021 12:21:55 +0000
|
||||
Subject: [PATCH] fix handling of --disable-foo options
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Currently passing eg. --disable-debug actually enables the debug build
|
||||
as one would expect from --enable-debug. The fix is to omit setting the
|
||||
enable_foo variable as the "action-if-given" parameter of AC_ARG_ENABLE,
|
||||
because it handles both the --enable and --disable forms.
|
||||
|
||||
Signed-off-by: Dan Horák <dan@danny.cz>
|
||||
---
|
||||
configure.ac | 10 +++++-----
|
||||
1 file changed, 5 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index ae6370c..9dc4786 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -35,7 +35,7 @@ FLAGS="-Wall -Wextra -mzarch"
|
||||
dnl --- enable_debug
|
||||
AC_ARG_ENABLE(debug,
|
||||
[ --enable-debug turn on debugging flags],
|
||||
- [enable_debug="yes"],[enable_debug="no"])
|
||||
+ [],[enable_debug="no"])
|
||||
AM_CONDITIONAL(DEBUG, test x$enable_debug = xyes)
|
||||
|
||||
if test "x$enable_debug" = xyes; then
|
||||
@@ -46,7 +46,7 @@ fi
|
||||
dnl --- enable_coverage
|
||||
AC_ARG_ENABLE(coverage,
|
||||
[ --enable-coverage turn on coverage testing],
|
||||
- [enable_coverage="yes"],[enable_coverage="no"])
|
||||
+ [],[enable_coverage="no"])
|
||||
AM_CONDITIONAL(COVERAGE, test x$enable_coverage = xyes)
|
||||
|
||||
if test "x$enable_coverage" = xyes; then
|
||||
@@ -57,7 +57,7 @@ fi
|
||||
dnl --- enable_fips
|
||||
AC_ARG_ENABLE(fips,
|
||||
[ --enable-fips built with FIPS mode support],
|
||||
- [enable_fips="yes"],[enable_fips="no"])
|
||||
+ [],[enable_fips="no"])
|
||||
AM_CONDITIONAL(ICA_FIPS, test x$enable_fips = xyes)
|
||||
|
||||
if test "x$enable_fips" = xyes; then
|
||||
@@ -74,7 +74,7 @@ fi
|
||||
dnl --- enable_sanitizer
|
||||
AC_ARG_ENABLE(sanitizer,
|
||||
[ --enable-sanitizer turn on sanitizer (may not work on all systems)],
|
||||
- [enable_sanitizer="yes"],[enable_sanitizer="no"])
|
||||
+ [],[enable_sanitizer="no"])
|
||||
AM_CONDITIONAL(SANITIZER, test x$enable_sanitizer = xyes)
|
||||
|
||||
if test "x$enable_sanitizer" = xyes; then
|
||||
@@ -86,7 +86,7 @@ fi
|
||||
dnl --- enable_internal tests
|
||||
AC_ARG_ENABLE(internal_tests,
|
||||
[ --enable-internal-tests built internal tests],
|
||||
- [enable_internal_tests="yes"],[enable_internal_tests="no"])
|
||||
+ [],[enable_internal_tests="no"])
|
||||
AM_CONDITIONAL(ICA_INTERNAL_TESTS, test x$enable_internal_tests = xyes)
|
||||
|
||||
if test "x$enable_internal_tests" = xyes; then
|
||||
@ -1,84 +0,0 @@
|
||||
From fc5dae7936d7182692d80fce8502abf6f3937046 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
|
||||
Date: Fri, 9 Jul 2021 09:38:19 +0200
|
||||
Subject: [PATCH] buffer must be freed with OPENSSL_free()
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
OPENSSL_hexstr2buf() allocates the output buffer using OPENSSL_malloc()
|
||||
and it means the buffer must be freed with OPENSSL_free(). Usually it's
|
||||
not a problem, but an application can pass its own malloc/free
|
||||
implementation to OpenSSL and the allocation/de-allocation functions must
|
||||
match.
|
||||
|
||||
With ibmca engine installed and configured we have experienced a crash
|
||||
in DNS related tools (host, dig, ...) in RHEL, because they provide
|
||||
their own malloc/free.
|
||||
|
||||
[root@ibm-z-110 ~]# gdb /usr/bin/host
|
||||
GNU gdb (GDB) Red Hat Enterprise Linux 8.2-15.el8
|
||||
(gdb) set args localhost
|
||||
(gdb) run
|
||||
Starting program: /usr/bin/host localhost
|
||||
[Thread debugging using libthread_db enabled]
|
||||
Using host libthread_db library "/lib64/libthread_db.so.1".
|
||||
[New Thread 0x3fffc67f910 (LWP 65794)]
|
||||
[New Thread 0x3fffbe7e910 (LWP 65795)]
|
||||
[New Thread 0x3fffb67d910 (LWP 65796)]
|
||||
free(): invalid pointer
|
||||
|
||||
Thread 1 "host" received signal SIGABRT, Aborted.
|
||||
0x000003fffccbe9e4 in raise () from /lib64/libc.so.6
|
||||
(gdb) where
|
||||
0 0x000003fffccbe9e4 in raise () from /lib64/libc.so.6
|
||||
1 0x000003fffcca3218 in abort () from /lib64/libc.so.6
|
||||
2 0x000003fffcd0279c in __libc_message () from /lib64/libc.so.6
|
||||
3 0x000003fffcd0a348 in malloc_printerr () from /lib64/libc.so.6
|
||||
4 0x000003fffcd0bd2a in _int_free () from /lib64/libc.so.6
|
||||
5 0x000003fffada7d9c in compute_file_hmac (hmaclen=<optimized out>, buf=<optimized out>, path=<optimized out>) at fips.c:291
|
||||
6 FIPSCHECK_verify (path=<optimized out>) at fips.c:333
|
||||
7 fips_lib_integrity_check () at fips.c:417
|
||||
8 0x000003fffadaa070 in fips_powerup_tests () at fips.c:460
|
||||
9 0x000003fffad89ea4 in icainit () at init.c:97
|
||||
10 0x000003fffdf9028e in call_init.part () from /lib/ld64.so.1
|
||||
11 0x000003fffdf9039c in _dl_init () from /lib/ld64.so.1
|
||||
12 0x000003fffcdbfc98 in _dl_catch_exception () from /lib64/libc.so.6
|
||||
13 0x000003fffdf94bc6 in dl_open_worker () from /lib/ld64.so.1
|
||||
14 0x000003fffcdbfc1e in _dl_catch_exception () from /lib64/libc.so.6
|
||||
15 0x000003fffdf94364 in _dl_open () from /lib/ld64.so.1
|
||||
16 0x000003fffd30114e in dlopen_doit () from /lib64/libdl.so.2
|
||||
17 0x000003fffcdbfc1e in _dl_catch_exception () from /lib64/libc.so.6
|
||||
18 0x000003fffcdbfd36 in _dl_catch_error () from /lib64/libc.so.6
|
||||
19 0x000003fffd301910 in _dlerror_run () from /lib64/libdl.so.2
|
||||
20 0x000003fffd3011d8 in dlopen@@GLIBC_2.2 () from /lib64/libdl.so.2
|
||||
21 0x000003fffdf05f70 in ibmca_init () from /usr/lib64/engines-1.1/ibmca.so
|
||||
22 0x000003fffd50dcbe in engine_unlocked_init () from /lib64/libcrypto.so.1.1
|
||||
23 0x000003fffd50de4e in ENGINE_init () from /lib64/libcrypto.so.1.1
|
||||
24 0x000003fffd50bfae in int_engine_init () from /lib64/libcrypto.so.1.1
|
||||
25 0x000003fffd50c406 in int_engine_module_init () from /lib64/libcrypto.so.1.1
|
||||
26 0x000003fffd4d21ec in CONF_modules_load () from /lib64/libcrypto.so.1.1
|
||||
27 0x000003fffd4d2850 in CONF_modules_load_file () from /lib64/libcrypto.so.1.1
|
||||
28 0x000003fffde2b02c in dst.openssl_init () from /lib64/libdns.so.1112
|
||||
29 0x000003fffde32b54 in dst_lib_init2 () from /lib64/libdns.so.1112
|
||||
30 0x000002aa0000f728 in setup_libs ()
|
||||
31 0x000002aa00009bfa in main ()
|
||||
|
||||
Signed-off-by: Dan Horák <dan@danny.cz>
|
||||
---
|
||||
src/fips.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/fips.c b/src/fips.c
|
||||
index c1ebee5..35767e2 100644
|
||||
--- a/src/fips.c
|
||||
+++ b/src/fips.c
|
||||
@@ -288,7 +288,7 @@ static int compute_file_hmac(const char *path, void **buf, size_t *hmaclen)
|
||||
if (pkey != NULL)
|
||||
EVP_PKEY_free(pkey);
|
||||
|
||||
- free(keybuf);
|
||||
+ OPENSSL_free(keybuf);
|
||||
EVP_MD_CTX_destroy(mdctx);
|
||||
if (fp)
|
||||
fclose(fp);
|
||||
@ -14,30 +14,6 @@ Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
|
||||
src/Makefile.am | 8 +++++++-
|
||||
2 files changed, 11 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/Makefile.am b/Makefile.am
|
||||
index c86cdd3..55de3b2 100644
|
||||
--- a/Makefile.am
|
||||
+++ b/Makefile.am
|
||||
@@ -17,11 +17,8 @@ coverage: check
|
||||
cd ${top_builddir}/src && gcov .libs/*.gcda
|
||||
|
||||
if ICA_FIPS
|
||||
-install-data-hook:
|
||||
- $(INSTALL) -m 0444 ${top_builddir}/src/.libs/.libica.so.$(VERSION).hmac $(DESTDIR)$(libdir)
|
||||
- cd $(DESTDIR)$(libdir) && ln -sf .libica.so.$(VERSION).hmac .libica.so.$(MAJOR).hmac
|
||||
- $(INSTALL) -m 0444 ${top_builddir}/src/.libs/.libica-cex.so.$(VERSION).hmac $(DESTDIR)$(libdir)
|
||||
- cd $(DESTDIR)$(libdir) && ln -sf .libica-cex.so.$(VERSION).hmac .libica-cex.so.$(MAJOR).hmac
|
||||
+fipsinstall:
|
||||
+ $(AM_V_GEN)$(MAKE) -C src fipsinstall
|
||||
|
||||
uninstall-hook:
|
||||
rm -f $(DESTDIR)$(libdir)/.libica.so.$(MAJOR).hmac
|
||||
@@ -30,3 +27,5 @@ uninstall-hook:
|
||||
rm -f $(DESTDIR)$(libdir)/.libica-cex.so.$(VERSION).hmac
|
||||
endif
|
||||
|
||||
+.PHONY: fipsinstall
|
||||
+
|
||||
diff --git a/src/Makefile.am b/src/Makefile.am
|
||||
index 4a1ef14..5367d49 100644
|
||||
--- a/src/Makefile.am
|
||||
@ -64,3 +40,25 @@ index 4a1ef14..5367d49 100644
|
||||
--
|
||||
2.29.2.windows.2
|
||||
|
||||
diff -up libica-3.9.0/Makefile.am.orig libica-3.9.0/Makefile.am
|
||||
--- libica-3.9.0/Makefile.am.orig 2022-02-08 09:50:48.320207446 +0100
|
||||
+++ libica-3.9.0/Makefile.am 2022-02-08 09:51:25.945624410 +0100
|
||||
@@ -17,11 +17,8 @@ coverage: check
|
||||
cd ${top_builddir}/src && gcov .libs/*.gcda
|
||||
|
||||
if ICA_FIPS
|
||||
-install-data-hook:
|
||||
- $(INSTALL) -m 0444 ${top_builddir}/src/.libs/.libica.so.$(VERSION).hmac $(DESTDIR)$(libdir)
|
||||
- cd $(DESTDIR)$(libdir) && ln -sf .libica.so.$(VERSION).hmac .libica.so.$(MAJOR).hmac
|
||||
- $(INSTALL) -m 0444 ${top_builddir}/src/.libs/.libica-cex.so.$(VERSION).hmac $(DESTDIR)$(libdir)
|
||||
- cd $(DESTDIR)$(libdir) && ln -sf .libica-cex.so.$(VERSION).hmac .libica-cex.so.$(MAJOR).hmac
|
||||
+fipsinstall:
|
||||
+ $(AM_V_GEN)$(MAKE) -C src fipsinstall
|
||||
if ICA_OPENSSL3
|
||||
test -f $(DESTDIR)$(sysconfdir)/libica || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/libica
|
||||
test -f $(DESTDIR)$(sysconfdir)/libica/openssl3-fips.cnf || $(INSTALL) -m 644 ${top_builddir}/src/openssl3-fips.cnf $(DESTDIR)$(sysconfdir)/libica/openssl3-fips.cnf || true
|
||||
@@ -38,3 +35,4 @@ if ICA_OPENSSL3
|
||||
endif
|
||||
endif
|
||||
|
||||
+.PHONY: fipsinstall
|
||||
@ -2,7 +2,7 @@
|
||||
|
||||
Summary: Library for accessing ICA hardware crypto on IBM z Systems
|
||||
Name: libica
|
||||
Version: 3.8.0
|
||||
Version: 3.9.0
|
||||
Release: 1%{?dist}
|
||||
License: CPL
|
||||
Group: System Environment/Libraries
|
||||
@ -11,12 +11,8 @@ Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{v
|
||||
# annotate assembler source
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1630582
|
||||
Patch0: %{name}-3.8.0-annotate.patch
|
||||
# https://github.com/opencryptoki/libica/commit/a70dfe13b7dd2914ad29175ae026284bd5461e0e
|
||||
Patch1: %{name}-3.8.0-configure.patch
|
||||
# https://github.com/opencryptoki/libica/issues/62
|
||||
Patch2: %{name}-3.8.0-hmac.patch
|
||||
# https://github.com/opencryptoki/libica/pull/67
|
||||
Patch3: %{name}-3.8.0-free.patch
|
||||
Patch1: %{name}-3.9.0-hmac.patch
|
||||
BuildRequires: gcc
|
||||
BuildRequires: openssl
|
||||
BuildRequires: openssl-devel
|
||||
@ -107,6 +103,10 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Tue Feb 08 2022 Dan Horák <dhorak@redhat.com> - 3.9.0-1
|
||||
- updated to 3.9.0 (#1984972)
|
||||
- Resolves: #1984972
|
||||
|
||||
* Thu Jul 08 2021 Dan Horák <dhorak@redhat.com> - 3.8.0-1
|
||||
- updated to 3.8.0 (#1919224)
|
||||
- make software fallback call to openSSL/libcrypto (#1922205)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user