From bccc7fc2e8a395ce68bb1af67e19b958350cb66e Mon Sep 17 00:00:00 2001 From: Zoltan Fridrich Date: Fri, 27 Oct 2023 12:44:32 +0200 Subject: [PATCH] Update to new upstream release 1.4.0 Resolves: RHEL-5367 Signed-off-by: Zoltan Fridrich --- 0001-Use-GCCs-__symver__-attribute.patch | 49 ------------------------ 001-tests-kernel-version.patch | 40 +++++++++++++++++++ libkcapi.spec | 32 ++++++++++------ sources | 4 +- 4 files changed, 62 insertions(+), 63 deletions(-) delete mode 100644 0001-Use-GCCs-__symver__-attribute.patch create mode 100644 001-tests-kernel-version.patch diff --git a/0001-Use-GCCs-__symver__-attribute.patch b/0001-Use-GCCs-__symver__-attribute.patch deleted file mode 100644 index d900222..0000000 --- a/0001-Use-GCCs-__symver__-attribute.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 2abf7fecb5162e4b59ba134c813ebee839eb45e9 Mon Sep 17 00:00:00 2001 -From: Simo Sorce -Date: Wed, 14 Jul 2021 10:52:01 -0400 -Subject: [PATCH] Use GCCs __symver__ attribute - -This is needed to allow LTO builds, as the __asm__ directives do not give -enough context to the compiler and the build fails when the -flto flag is -passed in. - -Unfotunately __symver__ is avilbel only startig from GCC 10, so we need -more macro juggling. - -Signed-off-by: Simo Sorce ---- - lib/internal.h | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/lib/internal.h b/lib/internal.h -index 29fdb7b..64dad24 100644 ---- a/lib/internal.h -+++ b/lib/internal.h -@@ -350,6 +350,16 @@ static inline int io_getevents(__attribute__((unused)) aio_context_t ctx, - #if __GNUC__ >= 4 - # define DSO_PUBLIC __attribute__ ((visibility ("default"))) - -+#if __GNUC__ >= 10 -+# define IMPL_SYMVER(name, version) \ -+ __attribute__ ((visibility ("default"))) \ -+ __attribute__((__symver__("kcapi_" #name "@@LIBKCAPI_" version))) -+ -+# define ORIG_SYMVER(name, version) \ -+ __attribute__ ((visibility ("default"))) \ -+ __attribute__((__symver__("kcapi_" #name "@LIBKCAPI_" version))) -+ -+#else - # define IMPL_SYMVER(name, version) \ - __asm__(".global impl_" #name ";"\ - ".symver impl_" #name ",kcapi_" #name "@@LIBKCAPI_" version);\ -@@ -359,6 +369,7 @@ static inline int io_getevents(__attribute__((unused)) aio_context_t ctx, - __asm__(".global orig_" #name ";"\ - ".symver orig_" #name ",kcapi_" #name "@LIBKCAPI_" version);\ - __attribute__ ((visibility ("default"))) -+#endif - - #else - # error "Compiler version too old" --- -2.31.1 - diff --git a/001-tests-kernel-version.patch b/001-tests-kernel-version.patch new file mode 100644 index 0000000..aa21536 --- /dev/null +++ b/001-tests-kernel-version.patch @@ -0,0 +1,40 @@ +From c2af62dcc7a287f3c14f6aaec5724401c1ea470a Mon Sep 17 00:00:00 2001 +From: Ondrej Mosnacek +Date: Mon, 15 Aug 2022 10:19:50 +0200 +Subject: [PATCH] tests: fix overly-optimistic kernel version checks + +The mainline kernel is now at version 6.0 so these >= 5.99 checks are +now incorrectly enabling tests that don't work. Instead of bumping the +imaginary version and face the same problem again in a couple years, +replace the checks with 'false' and a TODO comment. + +Signed-off-by: Ondrej Mosnacek +Signed-off-by: Stephan Mueller +--- + test/test.sh | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/test/test.sh b/test/test.sh +index 1d9be73..a75b802 100755 +--- a/test/test.sh ++++ b/test/test.sh +@@ -1560,7 +1560,8 @@ else + echo_deact "AEAD tests of copied AAD deactivated" + fi + +-if $(check_min_kernelver 5 99); then ++# TODO add version check when supported upstream ++if false; then + asymfunc 4 + asymfunc 4 -s + asymfunc 4 -v +@@ -1583,7 +1584,8 @@ else + echo_deact "All asymmetric tests deactivated" + fi + +-if $(check_min_kernelver 5 99); then ++# TODO add version check when supported upstream ++if false; then + kppfunc 13 + kppfunc 13 X -m + kppfunc 13 -v diff --git a/libkcapi.spec b/libkcapi.spec index 505891c..ac08a10 100644 --- a/libkcapi.spec +++ b/libkcapi.spec @@ -1,7 +1,7 @@ # Shared object version of libkcapi. %global vmajor 1 -%global vminor 3 -%global vpatch 1 +%global vminor 4 +%global vpatch 0 # Do we build the replacements packages? %bcond_with replace_coreutils @@ -26,9 +26,7 @@ %if 0%{?rhel} %bcond_with cppcheck %else -# Temporarily disable cppcheck on Fedora until bz#1923600 is fixed in rawhide -%bcond_with cppcheck -#bcond_without cppcheck +%bcond_without cppcheck %endif # Use `--without test` to build without running the tests @@ -86,8 +84,8 @@ %global hmaccalc_evr 0.9.14-10%{?dist} %endif -%global apps_hmaccalc sha1hmac sha224hmac sha256hmac sha384hmac sha512hmac -%global apps_fipscheck sha1sum sha224sum sha256sum sha384sum sha512sum md5sum fipscheck fipshmac +%global apps_hmaccalc sha1hmac sha224hmac sha256hmac sha384hmac sha512hmac sm3hmac +%global apps_fipscheck sha1sum sha224sum sha256sum sha384sum sha512sum md5sum sm3sum fipscheck fipshmac # On old kernels use mock hashers implemented via openssl %if %{lua:print(rpm.vercmp(posix.uname('%r'), '3.19'));} >= 0 @@ -125,17 +123,17 @@ done \ Name: libkcapi Version: %{vmajor}.%{vminor}.%{vpatch} -Release: 3%{?dist} +Release: 1%{?dist} Summary: User space interface to the Linux Kernel Crypto API -License: BSD or GPLv2 +License: BSD-3-Clause OR GPL-2.0-only URL: https://www.chronox.de/%{name}.html Source0: https://www.chronox.de/%{name}/%{name}-%{version}.tar.xz Source1: https://www.chronox.de/%{name}/%{name}-%{version}.tar.xz.asc Source2: sha512hmac-openssl.sh Source3: fipshmac-openssl.sh -Patch1: 0001-Use-GCCs-__symver__-attribute.patch +Patch1: 001-tests-kernel-version.patch BuildRequires: bash BuildRequires: coreutils @@ -156,7 +154,7 @@ BuildRequires: docbook-utils-pdf BuildRequires: clang %endif %if %{with cppcheck} -BuildRequires: cppcheck +BuildRequires: cppcheck >= 2.4 %endif # For ownership of %%{_sysctldir}. @@ -378,7 +376,8 @@ EOF %if !%{with replace_coreutils} %{__rm} -f \ %{buildroot}%{_bindir}/md5sum \ - %{buildroot}%{_bindir}/sha*sum + %{buildroot}%{_bindir}/sha*sum \ + %{buildroot}%{_bindir}/sm*sum %endif %if !%{with replace_fipscheck} @@ -387,6 +386,7 @@ EOF %if !%{with replace_hmaccalc} %{__rm} -f %{buildroot}%{_bindir}/sha*hmac +%{__rm} -f %{buildroot}%{_bindir}/sm*hmac %endif # We don't ship autocrap dumplings. @@ -479,8 +479,10 @@ popd %files checksum %{_bindir}/md5sum %{_bindir}/sha*sum +%{_bindir}/sm*sum %{_libdir}/fipscheck/md5sum.hmac %{_libdir}/fipscheck/sha*sum.hmac +%{_libdir}/fipscheck/sm*sum.hmac %endif %if %{with replace_fipscheck} @@ -492,7 +494,9 @@ popd %if %{with replace_hmaccalc} %files hmaccalc %{_bindir}/sha*hmac +%{_bindir}/sm*hmac %{_libdir}/hmaccalc/sha*hmac.hmac +%{_libdir}/hmaccalc/sm*hmac.hmac %endif @@ -512,6 +516,10 @@ popd %changelog +* Wed Nov 01 2023 Zoltan Fridrich - 1.4.0-1 +- Update to new upstream release 1.4.0 + Resolves: RHEL-5367 + * Mon Aug 09 2021 Mohan Boddu - 1.3.1-3 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 diff --git a/sources b/sources index 02e03e8..7e8a98f 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (libkcapi-1.3.1.tar.xz) = 2240e5410e1df4b54f42182bf294ac13d82fd78d60466cafef7644bf7c9144c064ba1fd78d110d66bc41fd220ad2f211081eb64a0da5c8740716a3146d72ba30 -SHA512 (libkcapi-1.3.1.tar.xz.asc) = fb5f85401921e884e7eb7b989baed2c98371a90b61056c929bf8348e7864fc001b67d7e5bf5f799d61befbefa6ab60b296c1d781fc30069936edc3eb40134954 +SHA512 (libkcapi-1.4.0.tar.xz) = fa3df1fe22eba32585de5df044f907d3ad189c33f5704fe29b0fdeda92e772ef077055b80e17bc1646a8cdedaf4f195aadf0b133f493597f0f7657b04ea93a99 +SHA512 (libkcapi-1.4.0.tar.xz.asc) = a41303cba88b214c82537bb5de2584a72a239670318753ba6873a2c3ebe3b56ffd381fdf7ae266aa21857e850bebdfbfdec487c98655ddbc2b9a0ba0d4f383ca