- updated to 3.4.0

.gitignore

@@ -14,3 +14,4 @@ libica-2.0.3.tar.gz
 /libica-3.2.0.tgz
 /libica-3.3.2.tar.gz
 /libica-3.3.3.tar.gz
+/libica-3.4.0.tar.gz

libica-3.3.3-annotate.patch

@@ -1,12 +0,0 @@
-diff -up libica-3.3.3/src/Makefile.am.annotate libica-3.3.3/src/Makefile.am
---- libica-3.3.3/src/Makefile.am.annotate	2018-09-20 08:25:50.892538076 -0400
-+++ libica-3.3.3/src/Makefile.am	2018-09-20 08:26:14.162538076 -0400
-@@ -8,7 +8,7 @@ lib_LTLIBRARIES = libica.la
- 
- libica_la_CFLAGS = ${AM_CFLAGS} -I${srcdir}/include -I${srcdir}/../include \
- 		   -fvisibility=hidden
--libica_la_CCASFLAGS = ${AM_CFLAGS}
-+libica_la_CCASFLAGS = ${AM_CFLAGS} -Wa,--generate-missing-build-notes=yes
- libica_la_LIBADD = @LIBS@ -lrt -lcrypto
- libica_la_LDFLAGS = -Wl,--version-script=${srcdir}/../libica.map \
- 		    -version-number ${VERSION}

libica-3.3.3-noexecstack.patch

@@ -1,23 +0,0 @@
-From 524659f8e042aed45015e1aca930a3cfe5ffa628 Mon Sep 17 00:00:00 2001
-From: Patrick Steuer <patrick.steuer@de.ibm.com>
-Date: Tue, 12 Jun 2018 14:36:45 +0200
-Subject: [PATCH] Add non-executable gnu stack markings in the assembly.
-
-Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
----
- src/mp.pl | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/mp.pl b/src/mp.pl
-index 3c73736..e249f61 100755
---- a/src/mp.pl
-+++ b/src/mp.pl
-@@ -505,4 +505,8 @@
- LONG	(0x10000102,0x03040506,0x10071819,0x1a1b1c1d);
- LONG	(0x00000000,0x00000018,0x00191a1b,0x1c1d1e1f);
- 
-+VERBATIM("#if defined(__linux__) && defined(__ELF__)\n");
-+SECTION	(".note.GNU-stack,\"\",%progbits");
-+VERBATIM("#endif\n");
-+
- PERLASM_END();

libica-3.4.0-annotate.patch

@@ -0,0 +1,76 @@
+From c69c32061cb864e8934041bb48f3c241a78cb05f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
+Date: Tue, 25 Sep 2018 13:44:32 +0200
+Subject: [PATCH] add build note to assembler sources
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+When distros use the annobin compiler plugin [1], they have complete overview
+what compiler flags were used for compilation and they are able to perform
+security checks on the produced binaries. Compiling assembler source can't
+provide this kind of information by default, so we need the explicit
+-Wa,--generate-missing-build-notes=yes option during build. When the option is
+missing, then the annocheck tool reports "GAPS" in the resulting binary.
+
+binutils >= 2.31 or older with backport is needed
+
+[1] https://fedoraproject.org/wiki/Changes/Annobin
+
+Signed-off-by: Dan Horák <dan@danny.cz>
+---
+ configure.ac    | 4 ++++
+ libica.spec     | 2 +-
+ src/Makefile.am | 2 +-
+ 3 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 48f8242..18df2b0 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -80,12 +80,16 @@ if test "x$enable_coverage" = xno && test "x$enable_debug" = xno && test "x$enab
+ 	FLAGS="$FLAGS -O3 -D_FORTIFY_SOURCE=2"
+ fi
+ 
++# check if assembler can generate missing build notes, binutils >= 2.31 or older with backport is needed
++AX_CHECK_COMPILE_FLAG([-Wa,--generate-missing-build-notes=yes], [ICA_ASFLAGS="-Wa,--generate-missing-build-notes=yes"])
++
+ # restore cmdline flags (ignore PROG_AS/PROG_CC defaults)
+ CFLAGS="$cmdline_CFLAGS"
+ CCASFLAGS="$cmdline_CFLAGS"
+ 
+ AC_SUBST([FLAGS], $FLAGS)
+ AC_SUBST([LIBS], $LIBS)
++AC_SUBST([ICA_ASFLAGS], $ICA_ASFLAGS)
+ AC_CONFIG_FILES([Makefile doc/Makefile include/Makefile src/Makefile test/Makefile])
+ AC_OUTPUT
+ 
+diff --git a/libica.spec b/libica.spec
+index 022f6c2..66d82cf 100644
+--- a/libica.spec
++++ b/libica.spec
+@@ -9,7 +9,7 @@ URL:           https://github.com/opencryptoki/libica
+ Source0:       %{name}-%{version}.tar.gz
+ BuildRoot:     %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+ 
+-BuildRequires: autoconf automake libtool openssl-devel
++BuildRequires: autoconf automake libtool openssl-devel autoconf-archive
+ 
+ %description
+ Interface library on Linux for IBM System z to utilize CPACF
+diff --git a/src/Makefile.am b/src/Makefile.am
+index c7cecf6..a21ba00 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -8,7 +8,7 @@ lib_LTLIBRARIES = libica.la
+ 
+ libica_la_CFLAGS = ${AM_CFLAGS} -I${srcdir}/include -I${srcdir}/../include \
+ 		   -fvisibility=hidden
+-libica_la_CCASFLAGS = ${AM_CFLAGS}
++libica_la_CCASFLAGS = ${AM_CFLAGS} ${ICA_ASFLAGS}
+ libica_la_LIBADD = @LIBS@ -lrt -lcrypto
+ libica_la_LDFLAGS = -Wl,--version-script=${srcdir}/../libica.map \
+ 		    -version-number ${VERSION}
+-- 
+2.14.5
+

libica.spec

@@ -1,21 +1,21 @@
 Summary: Library for accessing ICA hardware crypto on IBM z Systems
 Name: libica
-Version: 3.3.3
-Release: 4%{?dist}
+Version: 3.4.0
+Release: 1%{?dist}
 License: CPL
 Group: System Environment/Libraries
 URL: https://github.com/opencryptoki/
 Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
-# https://github.com/opencryptoki/libica/commit/524659f8e042aed45015e1aca930a3cfe5ffa628
-Patch0: %{name}-3.3.3-noexecstack.patch
 # annotate assembler source
 # https://bugzilla.redhat.com/show_bug.cgi?id=1630582
-Patch1: %{name}-3.3.3-annotate.patch
+# https://github.com/opencryptoki/libica/pull/24
+Patch0: %{name}-3.4.0-annotate.patch
 BuildRequires: gcc
 BuildRequires: openssl-devel
 BuildRequires: autoconf
 BuildRequires: automake
 BuildRequires: libtool
+BuildRequires: autoconf-archive
 ExclusiveArch: s390 s390x
 
 %description
@@ -79,6 +79,9 @@ fi
 
 
 %changelog
+* Fri Nov 16 2018 Dan Horák <dan[at]danny.cz> - 3.4.0-1
+- updated to 3.4.0
+
 * Fri Sep 21 2018 Dan Horák <dan[at]danny.cz> - 3.3.3-4
 - annotate assembler file (#1630582)
 

sources

@@ -1 +1 @@
-SHA512 (libica-3.3.3.tar.gz) = 15f519545106d5c75a54b32a543c5108687a1460e5893613c1c1bd188c59d5e1ba262efdc7ef15e23ec8dc6cc0fe6902a30f4aec907cf5a71445bbb494969f39
+SHA512 (libica-3.4.0.tar.gz) = d3f6198e1a0ac1300fd728db7e47a38f4b250c9d6b0cf9cc0f30c3c557aa898a927a9d3ec38d7f78239297bfe37ea58218990f88cc4f02569ea1b04bc052af31