Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package s390-tools for openSUSE:Factory
checked in at 2022-06-02 21:54:55
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/s390-tools (Old)
and /work/SRC/openSUSE:Factory/.s390-tools.new.1548 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "s390-tools"
Thu Jun 2 21:54:55 2022 rev:47 rq:980530 version:2.19.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/s390-tools/s390-tools.changes 2022-05-03
21:19:50.765064360 +0200
+++ /work/SRC/openSUSE:Factory/.s390-tools.new.1548/s390-tools.changes
2022-06-02 21:55:11.324443395 +0200
@@ -1,0 +2,29 @@
+Thu May 26 17:03:32 UTC 2022 - Mark Post <mp...@suse.com>
+
+- Modifed the spec file to install all binaires in /usr/sbin instead of /sbin
+ to align with the "usrmerge" initiative in openSUSE. (bsc#1195914) Also
+ modified the following files that SUSE provides that need to reflect this
+ change:
+ * 59-graf.rules
+ * dasd_configure
+ * dasd_reload
+ * detach_disks.sh
+ * iucv_configure
+ * killcdl
+ * mkdump.pl
+ * README.SUSE
+ * s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch
+ * virtsetup.sh
+ * vmlogrdr.service
+- Added
s390-tools-sles15sp4-libseckey-Adapt-keymgmt_match-implementation-to-Open.patch
+ for bsc#1199649. zkey: KMIP plugin fails to connection to KMIP server
+ When a zkey key repository is bound to the KMIP plugin, and the
+ connection to the KMIP server is to be configired using command
+ 'zkey kms configure --kmip-server <server>', it fails to connect
+ to the specified KMIP server.
+- Added
s390-tools-sles15sp4-genprotimg-boot-disable-Warray-bounds-for-now.patch
+ to fix a build failure with gcc12. With gcc12, a "false positive"
+ of "array subscript 0 is outside array bounds" is seen in
+ genprotimg/boot/stage3a.c (bsc#1200131).
+
+-------------------------------------------------------------------
New:
----
s390-tools-sles15sp4-genprotimg-boot-disable-Warray-bounds-for-now.patch
s390-tools-sles15sp4-libseckey-Adapt-keymgmt_match-implementation-to-Open.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ s390-tools.spec ++++++
--- /var/tmp/diff_new_pack.JGQUWz/_old 2022-06-02 21:55:12.988445513 +0200
+++ /var/tmp/diff_new_pack.JGQUWz/_new 2022-06-02 21:55:12.992445518 +0200
@@ -101,6 +101,8 @@
Patch006:
s390-tools-sles15sp4-02-genprotimg-check_hostkeydoc-relax-default-issuer-che.patch
Patch007:
s390-tools-sles15sp4-libseckey-Fix-re-enciphering-of-EP11-secure-key.patch
Patch008:
s390-tools-sles15sp4-zdump-fix-segfault-due-to-double-free.patch
+Patch009:
s390-tools-sles15sp4-libseckey-Adapt-keymgmt_match-implementation-to-Open.patch
+Patch010:
s390-tools-sles15sp4-genprotimg-boot-disable-Warray-bounds-for-now.patch
# SUSE patches
Patch900: s390-tools-sles12-zipl_boot_msg.patch
@@ -310,14 +312,7 @@
install -m 755 read_values %{buildroot}/%{_bindir}/
install -m644 -t %{buildroot}/%{_mandir}/man8 %{SOURCE87}
-
-# The "usrmerge" has happened in openSUSE:Factory, but not yet in SLES.
-# Make sure we look for the zfcpdump kernel image in the right place.
-%if 0%{?usrmerged}
install -D -m600 %{_prefix}/lib/modules/*-zfcpdump/image
%{buildroot}%{_prefix}/lib/s390-tools/zfcpdump/zfcpdump-image
-%else
-install -D -m600 /boot/image-*-zfcpdump
%{buildroot}%{_prefix}/lib/s390-tools/zfcpdump/zfcpdump-image
-%endif
install -D -m644 etc/cpuplugd.conf %{buildroot}%{_sysconfdir}/cpuplugd.conf
install -D -m644 etc/udev/rules.d/40-z90crypt.rules
%{buildroot}%{_prefix}/lib/udev/rules.d/40-z90crypt.rules
@@ -347,11 +342,11 @@
install -D -m644 %{SOURCE6} %{buildroot}%{_fillupdir}/sysconfig.xpram
install -D -m755 %{SOURCE7} %{buildroot}%{_prefix}/lib/systemd/scripts/appldata
install -D -m644 %{SOURCE8} %{buildroot}%{_fillupdir}/sysconfig.appldata
-install -D -m755 %{SOURCE10} sbin/dasdro
-install -D -m755 %{SOURCE11} sbin/dasd_reload
-install -D -m755 %{SOURCE12} sbin/mkdump
+install -D -m755 %{SOURCE10} %{buildroot}%{_sbindir}/dasdro
+install -D -m755 %{SOURCE11} %{buildroot}%{_sbindir}/dasd_reload
+install -D -m755 %{SOURCE12} %{buildroot}%{_sbindir}/mkdump
install -D -m644 %{SOURCE13} %{buildroot}%{_fillupdir}/sysconfig.osasnmpd
-install -D -m755 %{SOURCE14} sbin/zfcp_san_disc
+install -D -m755 %{SOURCE14} %{buildroot}%{_sbindir}/zfcp_san_disc
install -D -m644 %{SOURCE15} %{buildroot}/%{_mandir}/man8
install -D -m644 %{SOURCE19}
%{buildroot}%{_prefix}/lib/udev/rules.d/52-xpram.rules
install -D -m644 %{SOURCE20}
%{buildroot}%{_prefix}/lib/udev/rules.d/52-hw_random.rules
@@ -359,8 +354,8 @@
install -D -m644 %{SOURCE28}
%{buildroot}%{_prefix}/lib/udev/rules.d/59-prng.rules
install -D -m644 %{SOURCE29}
%{buildroot}%{_prefix}/lib/udev/rules.d/59-zfcp-compat.rules
install -D -m644 %{SOURCE30} %{buildroot}%{_modprobedir}/90-s390-tools.conf
-install -D -m755 %{SOURCE32} %{buildroot}/sbin/killcdl
-install -D -m755 %{SOURCE33} %{buildroot}/sbin/lgr_check
+install -D -m755 %{SOURCE32} %{buildroot}%{_sbindir}/killcdl
+install -D -m755 %{SOURCE33} %{buildroot}%{_sbindir}/lgr_check
install -D -m644 %{SOURCE34} %{buildroot}%{_fillupdir}/sysconfig.virtsetup
if [ ! -d %{_sbindir} ]; then
@@ -388,8 +383,12 @@
install -m644 -t %{buildroot}/%{_mandir}/man8 %{SOURCE25}
+# Move all the binaries installed via the IBM-provided Makefile from /sbin to
+# /usr/sbin/ to align with the openSUSE "usrmerge" project
+mv -vi %{buildroot}/sbin/* %{buildroot}%{_sbindir}/
+
### Obsolete scripts and man pages to be removed once changes in other tools
are made
-install -m755 -t sbin/ %{SOURCE88} %{SOURCE89} %{SOURCE90} %{SOURCE91}
%{SOURCE92} %{SOURCE93}
+install -m755 -t %{buildroot}/%{_sbindir}/ %{SOURCE88} %{SOURCE89} %{SOURCE90}
%{SOURCE91} %{SOURCE92} %{SOURCE93}
install -m644 -t %{buildroot}/%{_mandir}/man8 %{SOURCE94} %{SOURCE95}
%{SOURCE96} %{SOURCE97} %{SOURCE98} %{SOURCE99}
###
++++++ 59-graf.rules ++++++
--- /var/tmp/diff_new_pack.JGQUWz/_old 2022-06-02 21:55:13.052445595 +0200
+++ /var/tmp/diff_new_pack.JGQUWz/_new 2022-06-02 21:55:13.056445599 +0200
@@ -7,8 +7,8 @@
DRIVER!="3270", GOTO="graf_end"
# Configure 3270 device
-ACTION=="add", SUBSYSTEM=="ccw", PROGRAM="/sbin/chccwdev -e $kernel"
-ACTION=="remove", SUBSYSTEM=="ccw", PROGRAM="/sbin/chccwdev -d $kernel"
+ACTION=="add", SUBSYSTEM=="ccw", PROGRAM="/usr/sbin/chccwdev -e $kernel"
+ACTION=="remove", SUBSYSTEM=="ccw", PROGRAM="/usr/sbin/chccwdev -d $kernel"
LABEL="graf_end"
++++++ README.SUSE ++++++
--- /var/tmp/diff_new_pack.JGQUWz/_old 2022-06-02 21:55:13.116445675 +0200
+++ /var/tmp/diff_new_pack.JGQUWz/_new 2022-06-02 21:55:13.116445675 +0200
@@ -21,7 +21,7 @@
1 for on and 0 for off
* ctc_configure
- Usage: /sbin/ctc_configure <read channel> <write channel> <online>
[<protocol>]
+ Usage: /usr/sbin/ctc_configure <read channel> <write channel>
<online> [<protocol>]
To configure CTC connections
Valid Parameters for the protocal are 0, 1 and 3
For a detailed explanation please look in the Device Driver book
@@ -33,11 +33,11 @@
LPAR just set it to 0
* iucv_configure
- Usage: /sbin/iucv_configure <router> <online>
+ Usage: /usr/sbin/iucv_configure <router> <online>
To set an IUCV IP-network online/offline
* qeth_configure
- Usage: /sbin/qeth_configure [options] <read chan> <write chan>
<control chan> <online>
+ Usage: /usr/sbin/qeth_configure [options] <read chan> <write chan>
<control chan> <online>
Set qeth, hipersocket adapter online/offline.
options could be one of the following:
@@ -48,11 +48,11 @@
* zfcp_disk_configure
- Usage: /sbin/zfcp_disk_configure <ccwid> <wwpn> <lun> <online>
+ Usage: /usr/sbin/zfcp_disk_configure <ccwid> <wwpn> <lun> <online>
set a disk online/offline. This require that the repective
Adapter is online. See command below.
* zfcp_host_configure
- Usage: /sbin/zfcp_host_configure <ccwid> <online>
+ Usage: /usr/sbin/zfcp_host_configure <ccwid> <online>
Set a zfcp Adapter online/offline
++++++ dasd_configure ++++++
--- /var/tmp/diff_new_pack.JGQUWz/_old 2022-06-02 21:55:13.200445783 +0200
+++ /var/tmp/diff_new_pack.JGQUWz/_new 2022-06-02 21:55:13.204445788 +0200
@@ -142,7 +142,7 @@
elif [ ${ON_OFF} == 1 ]; then
exitcode=0
# Extract the full busid so that we can reference the proper entries in
/sys
- BUSID=$(/sbin/lszdev dasd ${CCW_CHAN_ID} | /usr/bin/sed -e 1d |
/usr/bin/tr -s " " | /usr/bin/cut -f2 -d" " )
+ BUSID=$(/usr/sbin/lszdev dasd ${CCW_CHAN_ID} | /usr/bin/sed -e 1d |
/usr/bin/tr -s " " | /usr/bin/cut -f2 -d" " )
# Make sure the DASD volume came online
for ((counter=0; counter<30; counter++)); do
sleep 0.1
++++++ dasd_reload ++++++
--- /var/tmp/diff_new_pack.JGQUWz/_old 2022-06-02 21:55:13.232445823 +0200
+++ /var/tmp/diff_new_pack.JGQUWz/_new 2022-06-02 21:55:13.236445829 +0200
@@ -25,7 +25,7 @@
exit 1
fi
-if [ ! -x /sbin/rmmod -o ! -x /sbin/modprobe ]; then
+if [ ! -x /usr/sbin/rmmod -o ! -x /usr/sbin/modprobe ]; then
echo "Missing module programs"
exit 2
fi
@@ -95,7 +95,7 @@
if grep -q "${module}" /proc/modules; then
module_list="${module} ${module_list}"
: Unloading ${module}
- /sbin/rmmod ${module}
+ /usr/sbin/rmmod ${module}
fi
done
@@ -133,7 +133,7 @@
fi
echo Activating ${dasd}
mv -i "${file}" /etc/udev/rules.d/
- /sbin/chzdev dasd --apply --configured -q --no-root-update ${dasd}
+ /usr/sbin/chzdev dasd --apply --configured -q --no-root-update
${dasd}
lsdasd
break
done
@@ -147,7 +147,7 @@
[ -f "${file}" ] || continue
echo Activating ${dasd}
mv -i "${file}" /etc/udev/rules.d/
- /sbin/chzdev dasd --apply --configured -q --no-root-update ${dasd}
+ /usr/sbin/chzdev dasd --apply --configured -q --no-root-update
${dasd}
break
done
done
++++++ detach_disks.sh ++++++
--- /var/tmp/diff_new_pack.JGQUWz/_old 2022-06-02 21:55:13.268445869 +0200
+++ /var/tmp/diff_new_pack.JGQUWz/_new 2022-06-02 21:55:13.268445869 +0200
@@ -76,7 +76,7 @@
# First, get a list of all the DASD devices we have for this guest, in decimal.
# (Trying to handle things in hex gets complicated.)
-/sbin/vmcp -b1048576 q v dasd | cut -f2 -d" " |\
+/usr/sbin/vmcp -b1048576 q v dasd | cut -f2 -d" " |\
while read HEXNO
do let DECNO=0x${HEXNO}
echo ${DECNO}
@@ -139,7 +139,7 @@
# Get a list of all the virtual NICs since they require an
# extra keyword to detach. Contrary to what we've done before
# these will be hex values
- /sbin/vmcp -b1048576 q nic | grep Adapter | cut -f2 -d" " | cut -f1 -d.
> ${NICFILE}
+ /usr/sbin/vmcp -b1048576 q nic | grep Adapter | cut -f2 -d" " | cut -f1
-d. > ${NICFILE}
# Now we sort the device numbers and detach them.
sort -un ${DETFILE} | \
++++++ iucv_configure ++++++
--- /var/tmp/diff_new_pack.JGQUWz/_old 2022-06-02 21:55:13.304445915 +0200
+++ /var/tmp/diff_new_pack.JGQUWz/_new 2022-06-02 21:55:13.304445915 +0200
@@ -125,7 +125,7 @@
if [ "$iucvdev" ] ; then
cat > /etc/udev/rules.d/51-iucv-$PEER_USERID.rules <<EOF
-ACTION=="add", SUBSYSTEM=="subsystem", KERNEL=="iucv", RUN+="/sbin/modprobe
netiucv"
+ACTION=="add", SUBSYSTEM=="subsystem", KERNEL=="iucv",
RUN+="/usr/sbin/modprobe netiucv"
ACTION=="add", SUBSYSTEM=="drivers", KERNEL=="netiucv",
ATTR{connection}="$PEER_USERID"
EOF
fi
++++++ killcdl ++++++
--- /var/tmp/diff_new_pack.JGQUWz/_old 2022-06-02 21:55:13.332445951 +0200
+++ /var/tmp/diff_new_pack.JGQUWz/_new 2022-06-02 21:55:13.336445956 +0200
@@ -15,7 +15,7 @@
echo " busid The full specification of the volume, e.g., 0.0.3184."
}
-ARCH="$(/bin/uname -m)"
+ARCH="$(/usr/bin/uname -m)"
if [ "${ARCH}" != "s390x" ] && [ "${ARCH}" != "s390" ]; then
echo "This script is only useful on IBM mainframes."
exit 1
@@ -107,7 +107,7 @@
if [ ! -h /sys/bus/ccw/devices/${BUSID} ]; then
echo "Busid ${BUSID} was not found."
- /sbin/cio_ignore -i ${BUSID} > /dev/null
+ /usr/sbin/cio_ignore -i ${BUSID} > /dev/null
if [ $? -eq 0 ]; then
echo "That device is in the cio_ignore list."
echo "Please remove it with \"cio_ignore -r ${BUSID}\" before trying
again."
@@ -134,16 +134,16 @@
# We have to bring the device online before the kernel will fill in
# the value for discipline.
if [ ${ORIG_ONLINE_STATUS} -eq 0 ]; then
- /sbin/chccwdev -e ${BUSID}
- /sbin/udevadm settle
+ /usr/sbin/chccwdev -e ${BUSID}
+ /usr/sbin/udevadm settle
fi
read STATUS < /sys/bus/ccw/devices/${BUSID}/status
if [ "${STATUS}" == "unformatted" ]; then
echo "DASD device ${BUSID} is already in an unformatted state."
if [ ${ORIG_ONLINE_STATUS} -eq 0 ]; then
- /sbin/chccwdev -d -s ${BUSID}
- /sbin/udevadm settle
+ /usr/sbin/chccwdev -d -s ${BUSID}
+ /usr/sbin/udevadm settle
fi
exit 0
fi
@@ -168,7 +168,7 @@
if [ "${DISCIPLINE}" != "ECKD" ]; then
echo "This script only works on ECKD DASD."
if [ ${ORIG_ONLINE_STATUS} -eq 0 ]; then
- /sbin/chccwdev -d -s ${BUSID}
+ /usr/sbin/chccwdev -d -s ${BUSID}
fi
exit 12
fi
@@ -180,8 +180,8 @@
exit 13
fi
- /sbin/chccwdev -d -s ${BUSID}
- /sbin/udevadm settle
+ /usr/sbin/chccwdev -d -s ${BUSID}
+ /usr/sbin/udevadm settle
read STATUS < /sys/bus/ccw/devices/${BUSID}/online
if [ ${STATUS} -ne 0 ]; then
@@ -190,8 +190,8 @@
fi
fi
-/sbin/chccwdev -a raw_track_access=1 -e ${BUSID}
-/sbin/udevadm settle
+/usr/sbin/chccwdev -a raw_track_access=1 -e ${BUSID}
+/usr/sbin/udevadm settle
read STATUS < /sys/bus/ccw/devices/${BUSID}/online
if [ ${STATUS} -ne 1 ]; then
@@ -208,11 +208,11 @@
fi
echo "Setting ${BUSID} back offline with raw track access disabled."
-/sbin/chccwdev -d -s -a raw_track_access=0 ${BUSID}
-/sbin/udevadm settle
+/usr/sbin/chccwdev -d -s -a raw_track_access=0 ${BUSID}
+/usr/sbin/udevadm settle
if [ ${ORIG_ONLINE_STATUS} -eq 1 ]; then
- /sbin/chccwdev -e ${BUSID}
- /sbin/udevadm settle
+ /usr/sbin/chccwdev -e ${BUSID}
+ /usr/sbin/udevadm settle
fi
++++++ mkdump.pl ++++++
--- /var/tmp/diff_new_pack.JGQUWz/_old 2022-06-02 21:55:13.392446027 +0200
+++ /var/tmp/diff_new_pack.JGQUWz/_new 2022-06-02 21:55:13.392446027 +0200
@@ -33,14 +33,14 @@
my $VERSION = "2.0.3";
-my $BLKID = "/sbin/blkid";
+my $BLKID = "/usr/sbin/blkid";
my $PARTED = "/usr/sbin/parted";
-my $FDASD = "/sbin/fdasd";
-my $DASDVIEW = "/sbin/dasdview";
-my $DASDFMT = "/sbin/dasdfmt";
-my $ZIPL = "/sbin/zipl";
-my $UDEVADM = "/sbin/udevadm";
-my $ZGETDUMP = "/sbin/zgetdump";
+my $FDASD = "/usr/sbin/fdasd";
+my $DASDVIEW = "/usr/sbin/dasdview";
+my $DASDFMT = "/usr/sbin/dasdfmt";
+my $ZIPL = "/usr/sbin/zipl";
+my $UDEVADM = "/usr/sbin/udevadm";
+my $ZGETDUMP = "/usr/sbin/zgetdump";
# temporary DASD device configuration file for Zipl
my $MDPATH = "/tmp/mvdump.conf.".`mcookie`;
++++++ s390-tools-sles12-update-by_id-links-on-change-and-add-action.patch
++++++
--- /var/tmp/diff_new_pack.JGQUWz/_old 2022-06-02 21:55:13.536446210 +0200
+++ /var/tmp/diff_new_pack.JGQUWz/_new 2022-06-02 21:55:13.540446216 +0200
@@ -17,15 +17,18 @@
index 2b1435c..a08cb7c 100644
--- a/etc/udev/rules.d/59-dasd.rules
+++ b/etc/udev/rules.d/59-dasd.rules
-@@ -6,7 +6,7 @@
+@@ -6,9 +6,9 @@
SUBSYSTEM!="block", GOTO="dasd_symlinks_end"
KERNEL!="dasd*", GOTO="dasd_symlinks_end"
-ACTION!="change", GOTO="dasd_block_end"
+ACTION!="change|add", GOTO="dasd_block_end"
# by-id (hardware serial number)
- KERNEL=="dasd*[!0-9]", ATTRS{status}=="online",
IMPORT{program}="/sbin/dasdinfo -a -e -b $kernel"
+-KERNEL=="dasd*[!0-9]", ATTRS{status}=="online",
IMPORT{program}="/sbin/dasdinfo -a -e -b $kernel"
++KERNEL=="dasd*[!0-9]", ATTRS{status}=="online",
IMPORT{program}="/usr/sbin/dasdinfo -a -e -b $kernel"
KERNEL=="dasd*[!0-9]", ENV{ID_SERIAL}=="?*",
SYMLINK+="disk/by-id/$env{ID_BUS}-$env{ID_SERIAL}"
+ KERNEL=="dasd*[!0-9]", ENV{ID_UID}=="?*",
SYMLINK+="disk/by-id/$env{ID_BUS}-$env{ID_UID}"
+ KERNEL=="dasd*[!0-9]", ENV{ID_XUID}=="?*",
SYMLINK+="disk/by-id/$env{ID_BUS}-$env{ID_XUID}"
--
1.8.1.4
++++++ s390-tools-sles15sp4-genprotimg-boot-disable-Warray-bounds-for-now.patch
++++++
>From 9e620058184cfdf026241b953bfbb095256198a0 Mon Sep 17 00:00:00 2001
From: Marc Hartmayer <mhart...@linux.ibm.com>
Date: Tue, 26 Apr 2022 09:22:10 +0000
Subject: [PATCH] genprotimg/boot: disable `-Warray-bounds` for now
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This work around fixes the gcc-12 false positive by disabling `Warray-bounds`:
CC genprotimg/boot/stage3a.o
In file included from stage3a.c:14:
In function ???__test_facility???,
inlined from ???test_facility??? at ../../include/boot/s390.h:428:9,
inlined from ???start??? at stage3a.c:42:7:
../../include/boot/s390.h:418:17: error: array subscript 0 is outside array
bounds of ???void[0]??? [-Werror=array-bounds]
418 | return (*ptr & (0x80 >> (nr & 7))) != 0;
| ^~~~
Unfortunately, there is currently no better fix available that doesn't result
in larger boot loader code sizes. Given the importancy of the boot loader file
sizes the other fixes aren't acceptable. The Linux kernel shares the
problem (but for performance reasons), take a look at the discussion
https://lore.kernel.org/lkml/yt9dzgkelelc....@linux.ibm.com/ for details.
Fixes: https://github.com/ibm-s390-linux/s390-tools/issues/130
Signed-off-by: Marc Hartmayer <mhart...@linux.ibm.com>
Reviewed-by: Jan H??ppner <hoepp...@linux.ibm.com>
Signed-off-by: Jan H??ppner <hoepp...@linux.ibm.com>
---
genprotimg/boot/Makefile | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/genprotimg/boot/Makefile b/genprotimg/boot/Makefile
index f957a70..95bd6cc 100644
--- a/genprotimg/boot/Makefile
+++ b/genprotimg/boot/Makefile
@@ -15,7 +15,8 @@ ALL_CFLAGS := $(NO_PIE_CFLAGS) -Os -g \
-fno-delete-null-pointer-checks -fno-stack-protector \
-fexec-charset=IBM1047 -m64 -mpacked-stack \
-mstack-size=4096 -mstack-guard=128 -msoft-float \
- -Wall -Wformat-security -Wextra -Werror
+ -Wall -Wformat-security -Wextra -Werror \
+ -Wno-array-bounds
FILES := stage3a.bin stage3b.bin stage3b_reloc.bin
--
2.35.3
++++++
s390-tools-sles15sp4-libseckey-Adapt-keymgmt_match-implementation-to-Open.patch
++++++
Subject: [PATCH] [BZ 198268] libseckey: Adapt keymgmt_match() implementation to
OpenSSL
From: Ingo Franzki <ifran...@linux.ibm.com>
Description: zkey: KMIP plugin fails to connection to KMIP server
Symptom: When a zkey key repository is bound to the KMIP plugin, and the
connection to the KMIP server is to be configired using command
'zkey kms configure --kmip-server <server>', it fails to connect
to the specified KMIP server.
Problem: When trying to establish a TSL connection to the KMIP server,
the KMIP client sets up an OpenSSL SSL context with its
certificate and its private key (which is a secure key) using
OpenSSL function SSL_CTX_use_PrivateKey(). When running with
OpenSSL 3.0, This calls the secure key provider's match
function to check if the private key specified matches the
public key of the certificate using EVP_PKEY_eq(). EVP_PKEY_eq()
includes the private key into the selector bits for the match
call, although the certificate only contains the public key
part.
OpenSSL commit ee22a3741e3fc27c981e7f7e9bcb8d3342b0c65a changed
the OpenSSL provider's keymgmt_match() function to be not so
strict with the selector bits in regards to matching different
key parts.
This means, that if the public key is selected to be matched,
and the public key matches (together with any also selected
parameters), then the private key is no longer checked, although
it may also be selected to be matched. This is according to how
the OpenSSL function EVP_PKEY_eq() is supposed to behave.
Solution: Adapt the secure key provider's match function to behave like
the match functions of the providers coming with OpenSSL.
Reproduction: Configure a connection to a KMIP server on a system that comes
with OpenSSL 3.0.
Upstream-ID: 6c5c5f7e558c114ddaa475e96c9ec708049aa423
Problem-ID: 198268
Upstream-Description:
libseckey: Adapt keymgmt_match() implementation to OpenSSL
OpenSSL commit ee22a3741e3fc27c981e7f7e9bcb8d3342b0c65a changed
the
OpenSSL provider's keymgmt_match() function to be not so strict
with
the selector bits in regards to matching different key parts.
Adapt the secure key provider's match function accordingly.
This means, that if the public key is selected to be matched, and
the public key matches (together with any also selected
parameters),
then the private key is no longer checked, although it may also be
selected to be matched. This is according to how the OpenSSL
function
EVP_PKEY_eq() is supposed to behave.
OpenSSL function SSL_CTX_use_PrivateKey() calls the providers
match
function to check if the private key specified matches the public
key
of the certificate using EVP_PKEY_eq(). EVP_PKEY_eq() includes the
private key into the selector bits here, although the certificate
only contains the public key part.
Signed-off-by: Ingo Franzki <ifran...@linux.ibm.com>
Signed-off-by: Jan Hoeppner <hoepp...@linux.ibm.com>
Signed-off-by: Ingo Franzki <ifran...@linux.ibm.com>
---
libseckey/sk_provider.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
--- a/libseckey/sk_provider.c
+++ b/libseckey/sk_provider.c
@@ -2216,13 +2216,23 @@ static int sk_prov_keymgmt_match(const s
if (key1->type != key2->type)
return 0;
+
+ if (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) {
+ /* match everything except private key */
+ return default_match_fn(key1->default_key, key2->default_key,
+ selection &
+ (~OSSL_KEYMGMT_SELECT_PRIVATE_KEY));
+ }
+
if (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) {
if (key1->secure_key_size != key2->secure_key_size)
return 0;
- if (key1->secure_key_size > 0 &&
- memcmp(key1->secure_key, key2->secure_key,
- key1->secure_key_size) != 0)
- return 0;
+ if (key1->secure_key_size > 0) {
+ if (memcmp(key1->secure_key, key2->secure_key,
+ key1->secure_key_size) != 0)
+ return 0;
+ selection &= (~OSSL_KEYMGMT_SELECT_PRIVATE_KEY);
+ }
}
return default_match_fn(key1->default_key, key2->default_key,
++++++ virtsetup.sh ++++++
--- /var/tmp/diff_new_pack.JGQUWz/_old 2022-06-02 21:55:13.724446450 +0200
+++ /var/tmp/diff_new_pack.JGQUWz/_new 2022-06-02 21:55:13.728446456 +0200
@@ -38,7 +38,7 @@
/usr/lib/systemd/scripts/detach_disks.sh
fi
if [ "${ZVM_WARN_ABOUT_POSSIBLE_LGR_PROBLEMS}" == yes ]; then
- /sbin/lgr_check
+ /usr/sbin/lgr_check
fi
;;
none)
++++++ vmlogrdr.service ++++++
--- /var/tmp/diff_new_pack.JGQUWz/_old 2022-06-02 21:55:13.752446486 +0200
+++ /var/tmp/diff_new_pack.JGQUWz/_new 2022-06-02 21:55:13.756446490 +0200
@@ -8,8 +8,8 @@
Type=oneshot
RemainAfterExit=yes
-ExecStart=/sbin/modprobe vmlogrdr
-ExecStop=/sbin/modprobe -r vmlogrdr
+ExecStart=/usr/sbin/modprobe vmlogrdr
+ExecStop=/usr/sbin/modprobe -r vmlogrdr
[Install]
WantedBy=default.target
