commit liboqs for openSUSE:Factory

[Source-Sync]

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package liboqs for openSUSE:Factory checked 
in at 2022-07-02 15:34:45
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/liboqs (Old)
 and      /work/SRC/openSUSE:Factory/.liboqs.new.1548 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "liboqs"

Sat Jul  2 15:34:45 2022 rev:4 rq:986343 version:0.7.1

Changes:
--------
--- /work/SRC/openSUSE:Factory/liboqs/liboqs.changes    2022-01-25 
17:37:36.969695452 +0100
+++ /work/SRC/openSUSE:Factory/.liboqs.new.1548/liboqs.changes  2022-07-02 
15:34:51.043045523 +0200
@@ -1,0 +2,8 @@
+Sat Jul  2 07:21:42 UTC 2022 - Christophe Giboudeaux <christo...@krop.fr>
+
+- Add upstream changes:
+  * 0001-Add-support-for-powerpc64.-1160.patch
+  * 0002-Mark-stack-non-executable-when-compiling-with-clang-.patch
+- Spec cleanup
+
+-------------------------------------------------------------------

New:
----
  0001-Add-support-for-powerpc64.-1160.patch
  0002-Mark-stack-non-executable-when-compiling-with-clang-.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ liboqs.spec ++++++
--- /var/tmp/diff_new_pack.aW7mEA/_old  2022-07-02 15:34:51.563046303 +0200
+++ /var/tmp/diff_new_pack.aW7mEA/_new  2022-07-02 15:34:51.567046309 +0200
@@ -1,7 +1,7 @@
 #
-# spec file for package libkcapi
+# spec file for package liboqs
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
@@ -22,13 +22,16 @@
 Summary:        C library for quantum-resistant cryptographic algorithms
 License:        MIT
 Group:          Productivity/Security
-Url:            https://github.com/open-quantum-safe/liboqs/
+URL:            https://github.com/open-quantum-safe/liboqs/
 Source:                
https://github.com/open-quantum-safe/liboqs/archive/refs/tags/%{version}.tar.gz
 Source1:       baselibs.conf
 Patch0:                liboqs-fix-build.patch
+# PATCH-FIX-UPSTREAM
+Patch1:         0001-Add-support-for-powerpc64.-1160.patch
+Patch2:         0002-Mark-stack-non-executable-when-compiling-with-clang-.patch
 BuildRequires: cmake
-BuildRequires: libopenssl-devel
 BuildRequires: doxygen
+BuildRequires:  libopenssl-devel
 
 %description
 liboqs is an open source C library for quantum-resistant cryptographic
@@ -47,7 +50,7 @@
 %package devel
 Summary:        Open source C library for quantum-resistant cryptographic 
algorithms
 Group:          Development/Languages/C and C++
-Requires:      liboqs0 = %version
+Requires:       liboqs0 = %{version}
 
 %description devel
 liboqs is an open source C library for quantum-resistant cryptographic 
@@ -58,36 +61,43 @@
 %autosetup -p1
 
 %build
-mkdir build
-export RPM_OPT_FLAGS="%optflags -std=gnu11"
-cd build
-cmake -DBUILD_SHARED_LIBS=ON -DOQS_DIST_BUILD=ON ..
+export RPM_OPT_FLAGS="%{optflags} -std=gnu11"
+
+# 20220702: The %%cmake macro can't be used because a 'CMakeLists.txt' folder
+# exists
+cmake -S . -B build -DBUILD_SHARED_LIBS:BOOL=ON -DOQS_DIST_BUILD:BOOL=ON
+
+pushd build
 %cmake_build 
+popd
 
 %install
 %cmake_install
+
 # need to find out what cmake option is needed
-mv %buildroot/usr/local/* %buildroot/usr
-if [ "%_lib" != "lib" ]; then
-       mv %buildroot/usr/lib %buildroot/usr/%_lib
+mv %{buildroot}%{_prefix}/local/* %{buildroot}%{_prefix}
+
+if [ "%{_lib}" != "lib" ]; then
+  mv %{buildroot}%{_prefix}/lib %{buildroot}%{_libdir}
 fi
-rmdir %buildroot/usr/local/
+
+rmdir %{buildroot}%{_prefix}/local/
 
 %post -n liboqs0 -p /sbin/ldconfig
 %postun -n liboqs0 -p /sbin/ldconfig
 
 %files -n liboqs0
 %license LICENSE.txt 
-/%{_libdir}/liboqs.so.0*
+%{_libdir}/liboqs.so.0*
 
 %files devel
 %license LICENSE.txt 
 %dir %{_includedir}/oqs
 %{_includedir}/oqs/*
-/%_libdir/liboqs.so
-%dir /%_libdir/cmake/
-%dir /%_libdir/cmake/liboqs/
-/%_libdir/cmake/liboqs/liboqsConfig-noconfig.cmake
-/%_libdir/cmake/liboqs/liboqsConfig.cmake
+%{_libdir}/liboqs.so
+%dir %{_libdir}/cmake/
+%dir %{_libdir}/cmake/liboqs/
+%{_libdir}/cmake/liboqs/liboqsConfig-noconfig.cmake
+%{_libdir}/cmake/liboqs/liboqsConfig.cmake
 
 %changelog

++++++ 0001-Add-support-for-powerpc64.-1160.patch ++++++
>From eb2f38c44ed15e058bc7ab217ba614b32f012090 Mon Sep 17 00:00:00 2001
From: pkubaj <pku...@freebsd.org>
Date: Fri, 24 Dec 2021 00:03:25 +0100
Subject: [PATCH 1/2] Add support for powerpc64. (#1160)

This is 64-bit POWER big-endian. Since s390x (64-bit big-endian) and ppc64le
(64-bit POWER) are already supported, this shouldn't be an issue.
---
 .CMake/alg_support.cmake                   | 4 ++--
 CMakeLists.txt                             | 7 +++++++
 src/kem/sike/CMakeLists.txt                | 3 +++
 src/kem/sike/external/P434/P434_internal.h | 2 +-
 src/kem/sike/external/P503/P503_internal.h | 2 +-
 src/kem/sike/external/P610/P610_internal.h | 2 +-
 src/kem/sike/external/P751/P751_internal.h | 2 +-
 src/kem/sike/external/config.h             | 7 +++++++
 8 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/.CMake/alg_support.cmake b/.CMake/alg_support.cmake
index 0de57e8..bb9ebea 100644
--- a/.CMake/alg_support.cmake
+++ b/.CMake/alg_support.cmake
@@ -27,8 +27,8 @@ if(OQS_DIST_X86_64_BUILD OR OQS_USE_AVX2_INSTRUCTIONS)
 endif()
 endif()
 
-# BIKE is not supported on Windows, 32-bit ARM and S390X (big endian)
-cmake_dependent_option(OQS_ENABLE_KEM_BIKE "Enable BIKE algorithm family" ON 
"NOT WIN32; NOT ARCH_ARM32v7; NOT ARCH_X86; NOT ARCH_S390X" OFF)
+# BIKE is not supported on Windows, 32-bit ARM, S390X (big endian) and PPC64 
(big endian)
+cmake_dependent_option(OQS_ENABLE_KEM_BIKE "Enable BIKE algorithm family" ON 
"NOT WIN32; NOT ARCH_ARM32v7; NOT ARCH_X86; NOT ARCH_S390X; NOT ARCH_PPC64" OFF)
 cmake_dependent_option(OQS_ENABLE_KEM_bike_l1 "" ON "OQS_ENABLE_KEM_BIKE" OFF)
 cmake_dependent_option(OQS_ENABLE_KEM_bike_l3 "" ON "OQS_ENABLE_KEM_BIKE" OFF)
 
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 140cfb8..416da83 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -59,6 +59,13 @@ elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "ppc64le|powerpc64le")
     if(${OQS_DIST_BUILD})
         set(OQS_DIST_PPC64LE_BUILD ON)
     endif()
+elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "(ppc64|powerpc64)")
+    message(WARNING "There is currently no CI for: " ${CMAKE_SYSTEM_PROCESSOR})
+    set(ARCH "ppc64")
+    set(ARCH_PPC64 ON)
+    if(${OQS_DIST_BUILD})
+        set(OQS_DIST_PPC64_BUILD ON)
+    endif()
 elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "s390x")
     set(ARCH "s390x")
     set(ARCH_S390X ON)
diff --git a/src/kem/sike/CMakeLists.txt b/src/kem/sike/CMakeLists.txt
index c260ce1..0f4714b 100644
--- a/src/kem/sike/CMakeLists.txt
+++ b/src/kem/sike/CMakeLists.txt
@@ -8,6 +8,7 @@ if(
    ARCH_ARM32v7 OR
    ARCH_ARM64v8 OR
    ARCH_PPC64LE OR
+   ARCH_PPC64 OR
    ARCH_S390X)
   AND
   # check that one SIDH/SIKE alg is enabled
@@ -137,6 +138,8 @@ if(
                 target_compile_definitions(sike PRIVATE USE_SIKEP751_ASM)
             endif()
         endif()
+    elseif(ARCH_PPC64)
+        target_compile_definitions(sike PRIVATE _GENERIC_ _PPC64_)
     elseif(ARCH_PPC64LE)
         target_compile_definitions(sike PRIVATE _GENERIC_ _PPC64LE_)
     elseif(ARCH_S390X)
diff --git a/src/kem/sike/external/P434/P434_internal.h 
b/src/kem/sike/external/P434/P434_internal.h
index 6c7f66c..168ac9f 100644
--- a/src/kem/sike/external/P434/P434_internal.h
+++ b/src/kem/sike/external/P434/P434_internal.h
@@ -9,7 +9,7 @@
 
 #include "../config.h"
 
-#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == 
TARGET_S390X) || (TARGET == TARGET_PPC64LE)
+#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == 
TARGET_S390X) || (TARGET == TARGET_PPC64) || (TARGET == TARGET_PPC64LE)
 #define NWORDS_FIELD 7    // Number of words of a 434-bit field element
 #define p434_ZERO_WORDS 3 // Number of "0" digits in the least significant 
part of p434 + 1
 #elif (TARGET == TARGET_x86) || (TARGET == TARGET_ARM)
diff --git a/src/kem/sike/external/P503/P503_internal.h 
b/src/kem/sike/external/P503/P503_internal.h
index 3a9bb32..3c72a4b 100644
--- a/src/kem/sike/external/P503/P503_internal.h
+++ b/src/kem/sike/external/P503/P503_internal.h
@@ -9,7 +9,7 @@
 
 #include "../config.h"
 
-#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == 
TARGET_S390X) || (TARGET == TARGET_PPC64LE)
+#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == 
TARGET_S390X) || (TARGET == TARGET_PPC64) || (TARGET == TARGET_PPC64LE)
 #define NWORDS_FIELD 8    // Number of words of a 503-bit field element
 #define p503_ZERO_WORDS 3 // Number of "0" digits in the least significant 
part of p503 + 1
 #elif (TARGET == TARGET_x86) || (TARGET == TARGET_ARM)
diff --git a/src/kem/sike/external/P610/P610_internal.h 
b/src/kem/sike/external/P610/P610_internal.h
index 8a6a08f..7d6f60d 100644
--- a/src/kem/sike/external/P610/P610_internal.h
+++ b/src/kem/sike/external/P610/P610_internal.h
@@ -9,7 +9,7 @@
 
 #include "../config.h"
 
-#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == 
TARGET_S390X) || (TARGET == TARGET_PPC64LE)
+#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == 
TARGET_S390X) || (TARGET == TARGET_PPC64) || (TARGET == TARGET_PPC64LE)
 #define NWORDS_FIELD 10   // Number of words of a 610-bit field element
 #define p610_ZERO_WORDS 4 // Number of "0" digits in the least significant 
part of p610 + 1
 #elif (TARGET == TARGET_x86) || (TARGET == TARGET_ARM)
diff --git a/src/kem/sike/external/P751/P751_internal.h 
b/src/kem/sike/external/P751/P751_internal.h
index 1f9f231..0b17da1 100644
--- a/src/kem/sike/external/P751/P751_internal.h
+++ b/src/kem/sike/external/P751/P751_internal.h
@@ -9,7 +9,7 @@
 
 #include "../config.h"
 
-#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == 
TARGET_S390X) || (TARGET == TARGET_PPC64LE)
+#if (TARGET == TARGET_AMD64) || (TARGET == TARGET_ARM64) || (TARGET == 
TARGET_S390X) || (TARGET == TARGET_PPC64) || (TARGET == TARGET_PPC64LE)
 #define NWORDS_FIELD 12   // Number of words of a 751-bit field element
 #define p751_ZERO_WORDS 5 // Number of "0" digits in the least significant 
part of p751 + 1
 #elif (TARGET == TARGET_x86) || (TARGET == TARGET_ARM)
diff --git a/src/kem/sike/external/config.h b/src/kem/sike/external/config.h
index 1a915d3..46cd312 100644
--- a/src/kem/sike/external/config.h
+++ b/src/kem/sike/external/config.h
@@ -32,6 +32,7 @@
 #define TARGET_ARM 4
 #define TARGET_ARM64 5
 #define TARGET_PPC64LE 6
+#define TARGET_PPC64 7
 
 #if defined(_AMD64_)
 #define TARGET TARGET_AMD64
@@ -63,6 +64,12 @@ typedef uint16_t hdigit_t; // Unsigned 16-bit digit
 #define LOG2RADIX 6
 typedef uint64_t digit_t;  // Unsigned 64-bit digit
 typedef uint32_t hdigit_t; // Unsigned 32-bit digit
+#elif defined(_PPC64_)
+#define TARGET TARGET_PPC64
+#define RADIX           64
+#define LOG2RADIX       6
+typedef uint64_t digit_t;  // Unsigned 64-bit digit
+typedef uint32_t hdigit_t; // Unsigned 32-bit digit
 #elif defined(_PPC64LE_)
 #define TARGET TARGET_PPC64LE
 #define RADIX           64
-- 
2.36.1


++++++ 0002-Mark-stack-non-executable-when-compiling-with-clang-.patch ++++++
>From 9f72562d661a0fd1b5773966fb199a8faea144c1 Mon Sep 17 00:00:00 2001
From: Douglas Stebila <dsteb...@users.noreply.github.com>
Date: Sun, 9 Jan 2022 11:30:10 -0500
Subject: [PATCH 2/2] Mark stack non-executable when compiling with clang or
 gcc (#1161)

* Mark stack non-executable when compiling with clang or gcc

Fixes #1159

* Change noexecstack option on gcc

* Use gcc noexecstack only on non-Darwin

* Check for non-executable stack in shared object builds on Linux
---
 .CMake/compiler_opts.cmake                  |  4 ++++
 tests/{test_namespace.py => test_binary.py} | 16 ++++++++++++++++
 2 files changed, 20 insertions(+)
 rename tests/{test_namespace.py => test_binary.py} (74%)

diff --git a/.CMake/compiler_opts.cmake b/.CMake/compiler_opts.cmake
index 9dd5b32..72c741a 100644
--- a/.CMake/compiler_opts.cmake
+++ b/.CMake/compiler_opts.cmake
@@ -67,6 +67,7 @@ if(CMAKE_C_COMPILER_ID MATCHES "Clang")
     add_compile_options(-Wextra)
     add_compile_options(-Wpedantic)
     add_compile_options(-Wno-unused-command-line-argument)
+    set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -Wa,--noexecstack")
 
     if(NOT ${OQS_BUILD_ONLY_LIB})
         set(THREADS_PREFER_PTHREAD_FLAG ON)
@@ -117,6 +118,9 @@ elseif(CMAKE_C_COMPILER_ID STREQUAL "GNU")
     add_compile_options(-Wformat=2)
     add_compile_options(-Wfloat-equal)
     add_compile_options(-Wwrite-strings)
+    if (NOT CMAKE_SYSTEM_NAME STREQUAL "Darwin")
+        set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -Wa,--noexecstack")
+    endif()
 
     if(NOT ${OQS_BUILD_ONLY_LIB})
         set(THREADS_PREFER_PTHREAD_FLAG ON)
diff --git a/tests/test_namespace.py b/tests/test_binary.py
similarity index 74%
rename from tests/test_namespace.py
rename to tests/test_binary.py
index 9a3fb9e..d212f41 100644
--- a/tests/test_namespace.py
+++ b/tests/test_binary.py
@@ -1,6 +1,7 @@
 # SPDX-License-Identifier: MIT
 
 import helpers
+import os
 import pytest
 import sys
 import glob
@@ -51,6 +52,21 @@ def test_namespace():
 
     assert(len(non_namespaced) == 0)
 
+@helpers.filtered_test
+@pytest.mark.skipif(not(sys.platform.startswith("linux")), reason="Only 
supported on Linux")
+@pytest.mark.skipif(not(os.path.exists(helpers.get_current_build_dir_name()+'/lib/liboqs.so')),
 reason="Only supported on builds with a shared library")
+def test_non_executable_stack():
+    liboqs = helpers.get_current_build_dir_name()+'/lib/liboqs.so'
+    out = helpers.run_subprocess(
+        ['readelf', '--wide', '--segments', liboqs]
+    )
+    lines = out.strip().split("\n")
+    for line in lines:
+        if "GNU_STACK" in line:
+            chunks = line.strip().split()
+            flags = chunks[6]
+            assert(flags == 'RW')
+
 if __name__ == "__main__":
     import sys
     pytest.main(sys.argv)
-- 
2.36.1