From c1e01233458109802f4d50e18118441d59f72cc3 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 29 Mar 2022 15:42:14 -0400 Subject: [PATCH] import libica-3.9.0-1.el8 --- .gitignore | 2 +- .libica.metadata | 2 +- SOURCES/libica-3.8.0-configure.patch | 67 --------------- SOURCES/libica-3.8.0-free.patch | 84 ------------------- ...8.0-hmac.patch => libica-3.9.0-hmac.patch} | 46 +++++----- SPECS/libica.spec | 12 +-- 6 files changed, 30 insertions(+), 183 deletions(-) delete mode 100644 SOURCES/libica-3.8.0-configure.patch delete mode 100644 SOURCES/libica-3.8.0-free.patch rename SOURCES/{libica-3.8.0-hmac.patch => libica-3.9.0-hmac.patch} (81%) diff --git a/.gitignore b/.gitignore index 676babc..475cbd7 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/libica-3.8.0.tar.gz +SOURCES/libica-3.9.0.tar.gz diff --git a/.libica.metadata b/.libica.metadata index 0df4829..e816bdf 100644 --- a/.libica.metadata +++ b/.libica.metadata @@ -1 +1 @@ -84db4d350fe1b142cc84adf8c3cce86777147e60 SOURCES/libica-3.8.0.tar.gz +98f9f376a8db6f58deab1e08987653170159fe41 SOURCES/libica-3.9.0.tar.gz diff --git a/SOURCES/libica-3.8.0-configure.patch b/SOURCES/libica-3.8.0-configure.patch deleted file mode 100644 index d157510..0000000 --- a/SOURCES/libica-3.8.0-configure.patch +++ /dev/null @@ -1,67 +0,0 @@ -From a70dfe13b7dd2914ad29175ae026284bd5461e0e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Dan=20Hor=C3=A1k?= -Date: Mon, 24 May 2021 12:21:55 +0000 -Subject: [PATCH] fix handling of --disable-foo options -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Currently passing eg. --disable-debug actually enables the debug build -as one would expect from --enable-debug. The fix is to omit setting the -enable_foo variable as the "action-if-given" parameter of AC_ARG_ENABLE, -because it handles both the --enable and --disable forms. - -Signed-off-by: Dan Horák ---- - configure.ac | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/configure.ac b/configure.ac -index ae6370c..9dc4786 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -35,7 +35,7 @@ FLAGS="-Wall -Wextra -mzarch" - dnl --- enable_debug - AC_ARG_ENABLE(debug, - [ --enable-debug turn on debugging flags], -- [enable_debug="yes"],[enable_debug="no"]) -+ [],[enable_debug="no"]) - AM_CONDITIONAL(DEBUG, test x$enable_debug = xyes) - - if test "x$enable_debug" = xyes; then -@@ -46,7 +46,7 @@ fi - dnl --- enable_coverage - AC_ARG_ENABLE(coverage, - [ --enable-coverage turn on coverage testing], -- [enable_coverage="yes"],[enable_coverage="no"]) -+ [],[enable_coverage="no"]) - AM_CONDITIONAL(COVERAGE, test x$enable_coverage = xyes) - - if test "x$enable_coverage" = xyes; then -@@ -57,7 +57,7 @@ fi - dnl --- enable_fips - AC_ARG_ENABLE(fips, - [ --enable-fips built with FIPS mode support], -- [enable_fips="yes"],[enable_fips="no"]) -+ [],[enable_fips="no"]) - AM_CONDITIONAL(ICA_FIPS, test x$enable_fips = xyes) - - if test "x$enable_fips" = xyes; then -@@ -74,7 +74,7 @@ fi - dnl --- enable_sanitizer - AC_ARG_ENABLE(sanitizer, - [ --enable-sanitizer turn on sanitizer (may not work on all systems)], -- [enable_sanitizer="yes"],[enable_sanitizer="no"]) -+ [],[enable_sanitizer="no"]) - AM_CONDITIONAL(SANITIZER, test x$enable_sanitizer = xyes) - - if test "x$enable_sanitizer" = xyes; then -@@ -86,7 +86,7 @@ fi - dnl --- enable_internal tests - AC_ARG_ENABLE(internal_tests, - [ --enable-internal-tests built internal tests], -- [enable_internal_tests="yes"],[enable_internal_tests="no"]) -+ [],[enable_internal_tests="no"]) - AM_CONDITIONAL(ICA_INTERNAL_TESTS, test x$enable_internal_tests = xyes) - - if test "x$enable_internal_tests" = xyes; then diff --git a/SOURCES/libica-3.8.0-free.patch b/SOURCES/libica-3.8.0-free.patch deleted file mode 100644 index a3d67ea..0000000 --- a/SOURCES/libica-3.8.0-free.patch +++ /dev/null @@ -1,84 +0,0 @@ -From fc5dae7936d7182692d80fce8502abf6f3937046 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Dan=20Hor=C3=A1k?= -Date: Fri, 9 Jul 2021 09:38:19 +0200 -Subject: [PATCH] buffer must be freed with OPENSSL_free() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -OPENSSL_hexstr2buf() allocates the output buffer using OPENSSL_malloc() -and it means the buffer must be freed with OPENSSL_free(). Usually it's -not a problem, but an application can pass its own malloc/free -implementation to OpenSSL and the allocation/de-allocation functions must -match. - -With ibmca engine installed and configured we have experienced a crash -in DNS related tools (host, dig, ...) in RHEL, because they provide -their own malloc/free. - -[root@ibm-z-110 ~]# gdb /usr/bin/host -GNU gdb (GDB) Red Hat Enterprise Linux 8.2-15.el8 -(gdb) set args localhost -(gdb) run -Starting program: /usr/bin/host localhost -[Thread debugging using libthread_db enabled] -Using host libthread_db library "/lib64/libthread_db.so.1". -[New Thread 0x3fffc67f910 (LWP 65794)] -[New Thread 0x3fffbe7e910 (LWP 65795)] -[New Thread 0x3fffb67d910 (LWP 65796)] -free(): invalid pointer - -Thread 1 "host" received signal SIGABRT, Aborted. -0x000003fffccbe9e4 in raise () from /lib64/libc.so.6 -(gdb) where -0 0x000003fffccbe9e4 in raise () from /lib64/libc.so.6 -1 0x000003fffcca3218 in abort () from /lib64/libc.so.6 -2 0x000003fffcd0279c in __libc_message () from /lib64/libc.so.6 -3 0x000003fffcd0a348 in malloc_printerr () from /lib64/libc.so.6 -4 0x000003fffcd0bd2a in _int_free () from /lib64/libc.so.6 -5 0x000003fffada7d9c in compute_file_hmac (hmaclen=, buf=, path=) at fips.c:291 -6 FIPSCHECK_verify (path=) at fips.c:333 -7 fips_lib_integrity_check () at fips.c:417 -8 0x000003fffadaa070 in fips_powerup_tests () at fips.c:460 -9 0x000003fffad89ea4 in icainit () at init.c:97 -10 0x000003fffdf9028e in call_init.part () from /lib/ld64.so.1 -11 0x000003fffdf9039c in _dl_init () from /lib/ld64.so.1 -12 0x000003fffcdbfc98 in _dl_catch_exception () from /lib64/libc.so.6 -13 0x000003fffdf94bc6 in dl_open_worker () from /lib/ld64.so.1 -14 0x000003fffcdbfc1e in _dl_catch_exception () from /lib64/libc.so.6 -15 0x000003fffdf94364 in _dl_open () from /lib/ld64.so.1 -16 0x000003fffd30114e in dlopen_doit () from /lib64/libdl.so.2 -17 0x000003fffcdbfc1e in _dl_catch_exception () from /lib64/libc.so.6 -18 0x000003fffcdbfd36 in _dl_catch_error () from /lib64/libc.so.6 -19 0x000003fffd301910 in _dlerror_run () from /lib64/libdl.so.2 -20 0x000003fffd3011d8 in dlopen@@GLIBC_2.2 () from /lib64/libdl.so.2 -21 0x000003fffdf05f70 in ibmca_init () from /usr/lib64/engines-1.1/ibmca.so -22 0x000003fffd50dcbe in engine_unlocked_init () from /lib64/libcrypto.so.1.1 -23 0x000003fffd50de4e in ENGINE_init () from /lib64/libcrypto.so.1.1 -24 0x000003fffd50bfae in int_engine_init () from /lib64/libcrypto.so.1.1 -25 0x000003fffd50c406 in int_engine_module_init () from /lib64/libcrypto.so.1.1 -26 0x000003fffd4d21ec in CONF_modules_load () from /lib64/libcrypto.so.1.1 -27 0x000003fffd4d2850 in CONF_modules_load_file () from /lib64/libcrypto.so.1.1 -28 0x000003fffde2b02c in dst.openssl_init () from /lib64/libdns.so.1112 -29 0x000003fffde32b54 in dst_lib_init2 () from /lib64/libdns.so.1112 -30 0x000002aa0000f728 in setup_libs () -31 0x000002aa00009bfa in main () - -Signed-off-by: Dan Horák ---- - src/fips.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/fips.c b/src/fips.c -index c1ebee5..35767e2 100644 ---- a/src/fips.c -+++ b/src/fips.c -@@ -288,7 +288,7 @@ static int compute_file_hmac(const char *path, void **buf, size_t *hmaclen) - if (pkey != NULL) - EVP_PKEY_free(pkey); - -- free(keybuf); -+ OPENSSL_free(keybuf); - EVP_MD_CTX_destroy(mdctx); - if (fp) - fclose(fp); diff --git a/SOURCES/libica-3.8.0-hmac.patch b/SOURCES/libica-3.9.0-hmac.patch similarity index 81% rename from SOURCES/libica-3.8.0-hmac.patch rename to SOURCES/libica-3.9.0-hmac.patch index eaaf279..333181a 100644 --- a/SOURCES/libica-3.8.0-hmac.patch +++ b/SOURCES/libica-3.9.0-hmac.patch @@ -14,30 +14,6 @@ Signed-off-by: Joerg Schmidbauer src/Makefile.am | 8 +++++++- 2 files changed, 11 insertions(+), 6 deletions(-) -diff --git a/Makefile.am b/Makefile.am -index c86cdd3..55de3b2 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -17,11 +17,8 @@ coverage: check - cd ${top_builddir}/src && gcov .libs/*.gcda - - if ICA_FIPS --install-data-hook: -- $(INSTALL) -m 0444 ${top_builddir}/src/.libs/.libica.so.$(VERSION).hmac $(DESTDIR)$(libdir) -- cd $(DESTDIR)$(libdir) && ln -sf .libica.so.$(VERSION).hmac .libica.so.$(MAJOR).hmac -- $(INSTALL) -m 0444 ${top_builddir}/src/.libs/.libica-cex.so.$(VERSION).hmac $(DESTDIR)$(libdir) -- cd $(DESTDIR)$(libdir) && ln -sf .libica-cex.so.$(VERSION).hmac .libica-cex.so.$(MAJOR).hmac -+fipsinstall: -+ $(AM_V_GEN)$(MAKE) -C src fipsinstall - - uninstall-hook: - rm -f $(DESTDIR)$(libdir)/.libica.so.$(MAJOR).hmac -@@ -30,3 +27,5 @@ uninstall-hook: - rm -f $(DESTDIR)$(libdir)/.libica-cex.so.$(VERSION).hmac - endif - -+.PHONY: fipsinstall -+ diff --git a/src/Makefile.am b/src/Makefile.am index 4a1ef14..5367d49 100644 --- a/src/Makefile.am @@ -64,3 +40,25 @@ index 4a1ef14..5367d49 100644 -- 2.29.2.windows.2 +diff -up libica-3.9.0/Makefile.am.orig libica-3.9.0/Makefile.am +--- libica-3.9.0/Makefile.am.orig 2022-02-08 09:50:48.320207446 +0100 ++++ libica-3.9.0/Makefile.am 2022-02-08 09:51:25.945624410 +0100 +@@ -17,11 +17,8 @@ coverage: check + cd ${top_builddir}/src && gcov .libs/*.gcda + + if ICA_FIPS +-install-data-hook: +- $(INSTALL) -m 0444 ${top_builddir}/src/.libs/.libica.so.$(VERSION).hmac $(DESTDIR)$(libdir) +- cd $(DESTDIR)$(libdir) && ln -sf .libica.so.$(VERSION).hmac .libica.so.$(MAJOR).hmac +- $(INSTALL) -m 0444 ${top_builddir}/src/.libs/.libica-cex.so.$(VERSION).hmac $(DESTDIR)$(libdir) +- cd $(DESTDIR)$(libdir) && ln -sf .libica-cex.so.$(VERSION).hmac .libica-cex.so.$(MAJOR).hmac ++fipsinstall: ++ $(AM_V_GEN)$(MAKE) -C src fipsinstall + if ICA_OPENSSL3 + test -f $(DESTDIR)$(sysconfdir)/libica || $(MKDIR_P) $(DESTDIR)$(sysconfdir)/libica + test -f $(DESTDIR)$(sysconfdir)/libica/openssl3-fips.cnf || $(INSTALL) -m 644 ${top_builddir}/src/openssl3-fips.cnf $(DESTDIR)$(sysconfdir)/libica/openssl3-fips.cnf || true +@@ -38,3 +35,4 @@ if ICA_OPENSSL3 + endif + endif + ++.PHONY: fipsinstall diff --git a/SPECS/libica.spec b/SPECS/libica.spec index f144c0d..66c9f22 100644 --- a/SPECS/libica.spec +++ b/SPECS/libica.spec @@ -2,7 +2,7 @@ Summary: Library for accessing ICA hardware crypto on IBM z Systems Name: libica -Version: 3.8.0 +Version: 3.9.0 Release: 1%{?dist} License: CPL Group: System Environment/Libraries @@ -11,12 +11,8 @@ Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{v # annotate assembler source # https://bugzilla.redhat.com/show_bug.cgi?id=1630582 Patch0: %{name}-3.8.0-annotate.patch -# https://github.com/opencryptoki/libica/commit/a70dfe13b7dd2914ad29175ae026284bd5461e0e -Patch1: %{name}-3.8.0-configure.patch # https://github.com/opencryptoki/libica/issues/62 -Patch2: %{name}-3.8.0-hmac.patch -# https://github.com/opencryptoki/libica/pull/67 -Patch3: %{name}-3.8.0-free.patch +Patch1: %{name}-3.9.0-hmac.patch BuildRequires: gcc BuildRequires: openssl BuildRequires: openssl-devel @@ -107,6 +103,10 @@ fi %changelog +* Tue Feb 08 2022 Dan Horák - 3.9.0-1 +- updated to 3.9.0 (#1984972) +- Resolves: #1984972 + * Thu Jul 08 2021 Dan Horák - 3.8.0-1 - updated to 3.8.0 (#1919224) - make software fallback call to openSSL/libcrypto (#1922205)