From e753803efaa5de557d489260a5eae070b535e6e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dan=20Hor=C3=A1k?= Date: Fri, 19 May 2023 13:53:38 +0200 Subject: [PATCH] - updated to 4.2.2 (#2160060) - FIPS 140-3 compliance (#2160106) - Resolves: #2160060 #2160106 --- libica-4.1.1-shmem.patch | 35 ----------------------------------- libica.spec | 12 +++++++----- sources | 2 +- 3 files changed, 8 insertions(+), 41 deletions(-) delete mode 100644 libica-4.1.1-shmem.patch diff --git a/libica-4.1.1-shmem.patch b/libica-4.1.1-shmem.patch deleted file mode 100644 index 0343471..0000000 --- a/libica-4.1.1-shmem.patch +++ /dev/null @@ -1,35 +0,0 @@ -From cd5b2b75554875111bf375b555ebd3b185cff1a0 Mon Sep 17 00:00:00 2001 -From: Joerg Schmidbauer -Date: Wed, 1 Feb 2023 10:54:33 +0100 -Subject: [libica PATCH] bugfix: permission denied on shared memory segments - -A change to the Linux kernel in 4.19 for added security is -changing the behavior when opening shared memory segments. -The O_CREAT flag must not be used for existing segments. - -Signed-off-by: Joerg Schmidbauer ---- - src/icastats_shared.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/src/icastats_shared.c b/src/icastats_shared.c -index bbc8d0e..8290239 100644 ---- a/src/icastats_shared.c -+++ b/src/icastats_shared.c -@@ -54,9 +54,10 @@ int stats_mmap(int user) - sprintf(shm_id, "icastats_%d", - user == -1 ? geteuid() : (uid_t)user); - -- stats_shm_handle = shm_open(shm_id, -- O_CREAT | O_RDWR, -- S_IRUSR | S_IWUSR); -+ stats_shm_handle = shm_open(shm_id, O_RDWR, S_IRUSR | S_IWUSR); -+ -+ if (stats_shm_handle == -1) -+ stats_shm_handle = shm_open(shm_id, O_CREAT | O_RDWR, S_IRUSR | S_IWUSR); - - if (stats_shm_handle == -1) - return rc; --- -2.39.1 - diff --git a/libica.spec b/libica.spec index 5aed378..ed7fbf5 100644 --- a/libica.spec +++ b/libica.spec @@ -2,8 +2,8 @@ Summary: Library for accessing ICA hardware crypto on IBM z Systems Name: libica -Version: 4.1.1 -Release: 2%{?dist} +Version: 4.2.2 +Release: 1%{?dist} License: CPL URL: https://github.com/opencryptoki/ Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz @@ -11,9 +11,6 @@ Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{v # https://bugzilla.redhat.com/show_bug.cgi?id=1630582 # https://github.com/opencryptoki/libica/pull/24 Patch0: %{name}-4.0.0-annotate.patch -# fix permissions for shared memory segments -# https://bugzilla.redhat.com/show_bug.cgi?id=2167364 -Patch1: %{name}-4.1.1-shmem.patch BuildRequires: gcc BuildRequires: openssl-devel BuildRequires: openssl @@ -110,6 +107,11 @@ fi %changelog +* Fri May 19 2023 Dan Horák - 4.2.2-1 +- updated to 4.2.2 (#2160060) +- FIPS 140-3 compliance (#2160106) +- Resolves: #2160060 #2160106 + * Tue Feb 07 2023 Dan Horák - 4.1.1-2 - fix permissions for shared memory segments (#2167364) - Resolves: #2167364 diff --git a/sources b/sources index 4e551a9..1b7e52f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (libica-4.1.1.tar.gz) = 49b9bc106e83ec8336339c783a14b8599a93b9b1061efea7354f954e59aeeb18371946a013f7aecdaf1286d77b48644ca4894c8099809753e2f21286acdf3ef5 +SHA512 (libica-4.2.2.tar.gz) = 29dfe7b68017135867ebae162c2e0584711036b35611efe255c372497cfe69234ff8a7e9aa669ac467853423b7d700e690dd7cd340ab7c8d6119ea13729ff079