diff --git a/fortify-source-3.patch b/fortify-source-3.patch deleted file mode 100644 index 0ce1b8d..0000000 --- a/fortify-source-3.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- configure.ac.orig 2026-01-24 22:55:47.111990648 +0100 -+++ configure.ac 2026-01-24 22:56:12.351441492 +0100 -@@ -537,7 +537,7 @@ then - fi - - # Compiler security flags --AC_SUBST([cflags_common], ["-Wall -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -fno-delete-null-pointer-checks -fwrapv -fstack-protector-strong"]) -+AC_SUBST([cflags_common], ["-Wall -Wformat -Wformat-security -D_FORTIFY_SOURCE=3 -fno-delete-null-pointer-checks -fwrapv -fstack-protector-strong"]) - - # Disable insecure algorithms by default - if test "x$enable_qat_insecure_algorithms" = "xyes" diff --git a/qatengine.spec b/qatengine.spec index f2a0a8a..dfaf467 100644 --- a/qatengine.spec +++ b/qatengine.spec @@ -13,7 +13,7 @@ %endif Name: qatengine -Version: 2.0.0 +Version: 2.1.0 Release: 1%{?dist} Summary: Intel QuickAssist Technology (QAT) OpenSSL Engine @@ -38,8 +38,6 @@ BuildRequires: intel-ipsec-mb-devel >= 2.0 %endif BuildRequires: openssl -Patch1: fortify-source-3.patch - %description This package provides the Intel QuickAssist Technology OpenSSL Engine (an OpenSSL Plug-In Engine) which provides cryptographic acceleration @@ -49,6 +47,13 @@ enabled Intel platforms. %prep %autosetup -n QAT_Engine-%{version} +# RedHat's annocheck security hardening verification returns a warning: +# Hardened: ./usr/lib64/ossl-modules/qatprovider.so: FAIL: optimization +# test because level too low (based upon annobin data) (lto:value_barrier) +# This is a false positive, value_barrier() function in qat_constant_time.h +# is intentionally built with "#pragma GCC optimize ("O0")" to enable +# constant-time side-channel protection. Waive this annocheck warning. + %build autoreconf -ivf %configure %{?with_sw:--enable-qat_sw} %{?with_provider:--enable-qat_provider} @@ -80,6 +85,10 @@ openssl engine -v %{name} %endif %changelog +* Tue Jun 30 2026 Vladislav Dronov - 2.1.0-1 +- Update to qatengine v2.1.0 @ c7b07156 (RHEL-188511) +- Add annocheck warning explanation + * Fri Jan 23 2026 Vladislav Dronov - 2.0.0-1 - Update to qatengine v2.0.0 @ 4498412a (RHEL-143913) diff --git a/sources b/sources index 54187a1..cd9a18d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (qatengine-2.0.0.tar.gz) = c0c72e8b6f985b753a827faeb80bccc88f2962542ff7c256e463ff6fb8b99027329be67319c2e09555c0b050d2e99370a33562c66c591d82ccf319e5babfb890 +SHA512 (qatengine-2.1.0.tar.gz) = c7634153fdc2e89f4bbeea8ef614d72bea0681cddb9dd1afafa902eeb0fad9eb6e50f56dcef56c963c980bacef93ac650f7134cea5a212c6bf0774512ec039fe