Import from AlmaLinux stable repository
This commit is contained in:
parent
17cb95bc03
commit
67fd6028c9
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
||||
SOURCES/libica-4.1.1.tar.gz
|
||||
SOURCES/libica-4.2.3.tar.gz
|
||||
|
||||
@ -1 +1 @@
|
||||
a826ac86ded4ed96804fe19634b02838ab78ac86 SOURCES/libica-4.1.1.tar.gz
|
||||
2fdb8eaa8985f05aea287b9d6547bb5169863ae4 SOURCES/libica-4.2.3.tar.gz
|
||||
|
||||
@ -1,35 +0,0 @@
|
||||
From cd5b2b75554875111bf375b555ebd3b185cff1a0 Mon Sep 17 00:00:00 2001
|
||||
From: Joerg Schmidbauer <jschmidb@de.ibm.com>
|
||||
Date: Wed, 1 Feb 2023 10:54:33 +0100
|
||||
Subject: [libica PATCH] bugfix: permission denied on shared memory segments
|
||||
|
||||
A change to the Linux kernel in 4.19 for added security is
|
||||
changing the behavior when opening shared memory segments.
|
||||
The O_CREAT flag must not be used for existing segments.
|
||||
|
||||
Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
|
||||
---
|
||||
src/icastats_shared.c | 7 ++++---
|
||||
1 file changed, 4 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/icastats_shared.c b/src/icastats_shared.c
|
||||
index bbc8d0e..8290239 100644
|
||||
--- a/src/icastats_shared.c
|
||||
+++ b/src/icastats_shared.c
|
||||
@@ -54,9 +54,10 @@ int stats_mmap(int user)
|
||||
sprintf(shm_id, "icastats_%d",
|
||||
user == -1 ? geteuid() : (uid_t)user);
|
||||
|
||||
- stats_shm_handle = shm_open(shm_id,
|
||||
- O_CREAT | O_RDWR,
|
||||
- S_IRUSR | S_IWUSR);
|
||||
+ stats_shm_handle = shm_open(shm_id, O_RDWR, S_IRUSR | S_IWUSR);
|
||||
+
|
||||
+ if (stats_shm_handle == -1)
|
||||
+ stats_shm_handle = shm_open(shm_id, O_CREAT | O_RDWR, S_IRUSR | S_IWUSR);
|
||||
|
||||
if (stats_shm_handle == -1)
|
||||
return rc;
|
||||
--
|
||||
2.39.1
|
||||
|
||||
35
SOURCES/libica-4.2.3-fips.patch
Normal file
35
SOURCES/libica-4.2.3-fips.patch
Normal file
@ -0,0 +1,35 @@
|
||||
From ee365a11a4acc667c7a726fbdc3447ba550309b6 Mon Sep 17 00:00:00 2001
|
||||
From: Joerg Schmidbauer <jschmidb@de.ibm.com>
|
||||
Date: Tue, 10 Oct 2023 14:10:22 +0200
|
||||
Subject: [PATCH] fips: use openssl lib context in compute_file_hmac
|
||||
|
||||
Before calling any openssl EVP function, libica's own openssl lib ctx
|
||||
must be made the current one. This was missing in compute_file_hmac.
|
||||
|
||||
Suggested-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||
Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
|
||||
---
|
||||
src/fips.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/src/fips.c b/src/fips.c
|
||||
index f09dc77..3bbc325 100644
|
||||
--- a/src/fips.c
|
||||
+++ b/src/fips.c
|
||||
@@ -400,6 +400,8 @@ static int compute_file_hmac(const char *path, void **buf, size_t *hmaclen)
|
||||
void *fdata = NULL;
|
||||
struct stat fdata_stat;
|
||||
|
||||
+ BEGIN_OPENSSL_LIBCTX(openssl_libctx, rc);
|
||||
+
|
||||
pkey = get_pkey();
|
||||
if (!pkey)
|
||||
goto end;
|
||||
@@ -438,6 +440,7 @@ static int compute_file_hmac(const char *path, void **buf, size_t *hmaclen)
|
||||
EVP_MD_CTX_destroy(mdctx);
|
||||
|
||||
OPENSSL_cleanse(tmp, sizeof(tmp));
|
||||
+ END_OPENSSL_LIBCTX(rc);
|
||||
|
||||
return rc;
|
||||
}
|
||||
@ -2,8 +2,8 @@
|
||||
|
||||
Summary: Library for accessing ICA hardware crypto on IBM z Systems
|
||||
Name: libica
|
||||
Version: 4.1.1
|
||||
Release: 2%{?dist}
|
||||
Version: 4.2.3
|
||||
Release: 1%{?dist}
|
||||
License: CPL
|
||||
URL: https://github.com/opencryptoki/
|
||||
Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
|
||||
@ -11,9 +11,9 @@ Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{v
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1630582
|
||||
# https://github.com/opencryptoki/libica/pull/24
|
||||
Patch0: %{name}-4.0.0-annotate.patch
|
||||
# fix permissions for shared memory segments
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2167364
|
||||
Patch1: %{name}-4.1.1-shmem.patch
|
||||
# https://issues.redhat.com/browse/RHEL-9918
|
||||
# https//github.com/opencryptoki/libica/commit/ee365a11a4acc667c7a726fbdc3447ba550309b6
|
||||
Patch1: %{name}-4.2.3-fips.patch
|
||||
BuildRequires: gcc
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: openssl
|
||||
@ -110,6 +110,20 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Fri Oct 27 2023 Dan Horák <dhorak@redhat.com> - 4.2.3-1
|
||||
- updated to 4.2.3 (RHEL-11415)
|
||||
- fix selfcheck in FIPS mode (RHEL-9918)
|
||||
- Resolves: RHEL-11415 RHEL-9918
|
||||
|
||||
* Wed Jul 19 2023 Dan Horák <dhorak@redhat.com> - 4.2.2-2
|
||||
- icastats: Fix summary option (#2223698)
|
||||
- Resolves: #2223698
|
||||
|
||||
* Fri May 19 2023 Dan Horák <dhorak@redhat.com> - 4.2.2-1
|
||||
- updated to 4.2.2 (#2160060)
|
||||
- FIPS 140-3 compliance (#2160106)
|
||||
- Resolves: #2160060 #2160106
|
||||
|
||||
* Tue Feb 07 2023 Dan Horák <dhorak@redhat.com> - 4.1.1-2
|
||||
- fix permissions for shared memory segments (#2167364)
|
||||
- Resolves: #2167364
|
||||
|
||||
Loading…
Reference in New Issue
Block a user