Hello community, here is the log from the commit of package libkcapi for openSUSE:Factory checked in at 2020-03-25 23:44:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libkcapi (Old) and /work/SRC/openSUSE:Factory/.libkcapi.new.3160 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libkcapi" Wed Mar 25 23:44:15 2020 rev:6 rq:788020 version:1.1.5 Changes: -------- --- /work/SRC/openSUSE:Factory/libkcapi/libkcapi.changes 2019-12-16 17:26:34.099955354 +0100 +++ /work/SRC/openSUSE:Factory/.libkcapi.new.3160/libkcapi.changes 2020-03-25 23:44:58.424026521 +0100 @@ -1,0 +2,117 @@ +Wed Jan 8 07:23:22 UTC 2020 - Marcus Meissner <[email protected]> + +- updated to 1.1.5: + - Fix invocation of ansi_cprng in FIPS mode during testing + - Fix testing on kernels >= 5.0 + - Add virtualization test for kernel 5.1 + - Fix the limit between vmsplice() and sendmsg() by Christophe Leroy + - Fix remove code duplication by Ondrej MosnáÄek + - Fix potential memleak in speed-test +- updated to 1.1.4: + - Fix: use sendmsg when processing more than 1<<16 bytes input data which improves performance on some architectures +- updated to 1.1.3: + - Fix: default location of FIPS 140-2 HMAC control file is .<orig file>.hmac (was accidentally moved to <orig file>.hmac with 1.1.0) +- updated to 1.1.2: + - Fix: Bug fixes for GCC 8.1.0 regarding string length checks by Krzysztof Kozlowski + - Enhancement: ensure that tests execute on architectures other than X86 by Ondrej MosnáÄek + - Fix: Bug fix to initialize FDs at the correct time in kcapi-kernel-if.c by Ondrej MosnáÄek + - Test fix: Support test execution outside build environment by Ondrej MosnáÄek +- updated to 1.1.1: + - Fix: Bug fixes for kcapi_hasher by Ondrej MosnáÄek +- updated to 1.1.0: + - API Enhancement: Addition of kcapi_handle_reinit + - Fix: simplify code by removing the internal *_fd functions from kcapi-kernel-if.c + - Test enhancement: add IIV speed testing + - Fix: add a loop around the read system call to always obtain all generated data + - Fix: use host compiler for compiling docproc (reported by Christophe LEROY, fixed by Björn Esser) + - Fix: make error handling of hashing applications consistent with coreutils applications (reported by Christophe LEROY) + - Fix: support for zero length files (patched by Ondrej MosnáÄek) + - Fix: support for zero message hashes on kernels <= 4.9 (patched by Ondrej MosnáÄek) + - Fix: Add Travis CI test system provided by Ondrej MosnáÄek + - Fix: Add several fixes to kcapi-hasher by Ondrej MosnáÄek + - Fix: Add additional tests for kcapi-hasher by Ondrej MosnáÄek + - Fix: Apply unpadding only to last block of data by Ondrej MosnáÄek + - Fix: Fix resource leaks in error code paths suggested by Ondrej MosnáÄek + - Enhancement: achieve hmaccalc CLI equivalence by Ondrej MosnáÄek +- updated to 1.0.3: + - Fix: support STDIN and --tag of sha*sum applications + - Enhancement: Add small enhancements to support integration with distros -- reported by Björn Esser +- updated to 1.0.2: + - Fix: hasher-test.sh on 32-bit systems + - Fix: AIO return code handling on large number of requests -- reported by Jonathan Cameron + - Enhancement: disable coredumps of library + - Fix: remove unchecked -fstack-protector-strong from Makefile -- reported by Mathieu Malaterre + - Fix: document that kcapi_cipher_stream_op must be called in a loop to collect all data in a multhreaded environment. + - Test Fix: Update symmetric multithreaded stream test to invoke kcapi_cipher_stream_op in a loop to collect all data. + - Fix: Initialize the cipher handle on stack with zeros as the library expects a zero-initialized cipher handle. This fixes a possible segfault where free() is called on a non-initialized memory location. + - Fix: port algif_kpp and algif_akcipher to 4.15-rc3 +- updated to 1.0.1: + - Fix: constify AEAD cipher input data + - Fix: use GCC byte swapping acceleration if present + - Fix: KDF counter handling on little endian systems when generating more than 255 blocks + - Use LD_PRELOAD for execution of test cases to force using of the freshly compiled binaries + - Fix: return code handling of _kcapi_common_vmsplice_chunk_fd as reported by Christophe Leroy + - Fix: return code handling in _kcapi_md_update + - Fix: kcapi-hasher now supports files larger than 2GB + - Fix: kcapi-dgst now supports files larger than 2GB + - Fix: use stack protector + - Fix: rename header guards to remove leading underscore as pointed out by Markus Elfring + - Test Fix: Allow compiing the test code without asymmetric and KPP support +- updated to 1.0.0: + - Fix: Small compile fixes for new checks of GCC 7 + - API Change: Rename all LOG_* enums to KCAPI_LOG_* to prevent namespace poisoning + - Fix: soname and file name of library now compiles with conventions (thanks to Marcus Meissner) + - Fix: kcapi-rng.c: unify FD/syscall read code and fix __NR_getrandom resolution + - Enhancement: add kcapi-enc application to access symmetric encryption on command line + - Fix: consolidate duplicate code in kcapi-hasher + - Enhancement: add kcapi-dgst application to access hashes on command line + - Enhancement: add kcapi-rng man page + - Enhancement: add kcapi-rng --hex command line option + - Fix: enable full symmetric AIO support + - Fix: consolidate all test code into test/ and invoke all tests with test-invocation.sh + - Fix: fix memleaks in error code paths as reported by clang + - Fix: reduce memory footprint by rearranging data structures + - Fix: kcapi-hasher is now fully FIPS 140-2 compliant as it now includes the integrity test for libkcapi.so + - Enhancement: Add speed tests for MV-CESA accelerated ciphers and hash algorithms (thanks to Bastian Stender) + - Test Enhancement: add kcapi-enc-test-large.c test testing edge conditions of AF_ALG + - Test Enhancement: add virttest.sh - use of test system based on eudyptula-boot to test on linux-4.3.6, linux-4.4.86, linux-4.5, linux-4.7, linux-4.10, linux-4.12 + - Test Enhancement: add kcapi-fuzz-test.sh to support fuzzing the AF_ALG interfaces + - Enhancement: add RPM SPEC file (tested with Fedora 26) + - API Change: replace --disable-lib-asym with --enable-lib-asym as the algif_akcipher.c kernel interface is not likely to be added to the kernel anytime soon + - API Enhancement: add KPP API which is not compiled by default, use --enable-lib-kpp (the algif_kpp.c kernel interface is not likely to be added to the Linux kernel any time soon) + - Test Enhancement: Add KPP tests + - Enhancement: Re-enable AIO support for symmetric and AEAD ciphers down to Linux kernels 4.1 and 4.7, respectively. This is due to integrating a fix against a kernel crash when using AIO. + - Fix: simply KDF code base + - API Enhancement: add message digest convenience functions kcapi_md_*sha* + - API Enhancement: add cipher convenience functions kcapi_cipher_*_aes_* + - API Enhancement: add rng convenience function kcapi_rng_get_bytes + - API Change: remove kcapi_aead_getdata, use kcapi_aead_getdata_input and kcapi_aead_getdata_output instead + - API Change: remove kcapi_aead_outbuflen, use kcapi_aead_outbuflen_enc and kcapi_aead_outbuflen_dec instead +- updated to 0.14.0: + - AIO: fix tracking of completed IOCBs + - speed-test: fix AEAD handling + - speed-test: fix time calculation + - compiler now warns a user of deprecated API calls + - AIO: handle kernel errors for algif_skcipher gracefully + - AIO: using multiple IOCB if algif_aead interface supports it + - ASYM: add PKCS1 tests + - AIO: add ASYM AIO support + - AIO: fix AEAD AIO fallback + - AIO: add AIO fallback testing + - replace enforcement of symmetric cipher limits with a log message only (the underlying kernel implementations should catch any errors) + - add fuzzing tests + - use autotools build system as provided by Georges Savoundararadj with additional considerations from Marcin Nowakowski (thanks a lot) + - ALG_MAX_PAGES restriction is gone with current AF_ALG interface + - add HKDF (RFC5869) + - add apps/kcapi-rng + - add support for multiple accepts where the caller maintains the opfd + - fix memleak in error case in PBKDF + - add multithreaded symmetric cipher tests + - enable full AIO support for kernels 4.13 and higher (fallback AIO implementation using synchronous support for earlier kernels) -- this is due to the broken AIO support for earlier kernels + - Add tests for the AAD copy operation to be supported for kernel 4.13 +- dropped libkcapi-use-external-fipshmac.patch (done differently in upstream) +- dropped reproduciblesort.patch (done differently upstream) +- dropped reproducibledate.patch: merged upstream +- libkcapi.keyring imported + +------------------------------------------------------------------- Old: ---- libkcapi-0.13.0.tar.bz2 libkcapi-use-external-fipshmac.patch reproducibledate.patch reproduciblesort.patch New: ---- libkcapi-1.1.5.tar.xz libkcapi-1.1.5.tar.xz.asc libkcapi.keyring ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libkcapi.spec ++++++ --- /var/tmp/diff_new_pack.yG7upa/_old 2020-03-25 23:45:01.388027491 +0100 +++ /var/tmp/diff_new_pack.yG7upa/_new 2020-03-25 23:45:01.388027491 +0100 @@ -1,7 +1,7 @@ # # spec file for package libkcapi # -# Copyright (c) 2019 SUSE LLC +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,20 +17,18 @@ Name: libkcapi -Version: 0.13.0 +Version: 1.1.5 Release: 0 Summary: Linux Kernel Crypto API User Space Interface Library License: GPL-2.0-only Group: Productivity/Security URL: http://www.chronox.de/libkcapi.html -#Source: https://github.com/smuellerDD/libkcapi/archive/v0.13.0.zip -Source: libkcapi-0.13.0.tar.bz2 -Patch0: libkcapi-use-external-fipshmac.patch -# PATCH-FIX-UPSTREAM rewritten upstream in https://github.com/smuellerDD/libkcapi/commit/0e7b2b0300782 -Patch1: reproduciblesort.patch -# PATCH-FIX-UPSTREAM https://github.com/smuellerDD/libkcapi/pull/12 -Patch2: reproducibledate.patch -BuildRequires: fipscheck +Source: https://www.chronox.de/libkcapi/libkcapi-%{version}.tar.xz +Source1: https://www.chronox.de/libkcapi/libkcapi-%{version}.tar.xz.asc +Source2: libkcapi.keyring +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool BuildRequires: openssl BuildRequires: xmlto @@ -39,17 +37,17 @@ Netlink interface handling that is used for accesing the Linux kernel crypto API. -%package -n libkcapi0 +%package -n libkcapi1 Summary: Linux Kernel Crypto API User Space Interface Library Group: System/Libraries -%description -n libkcapi0 +%description -n libkcapi1 libkcapi allows user-space to access the Linux kernel crypto API. %package devel Summary: Linux Kernel Crypto API User Space Interface Library Group: Development/Languages/C and C++ -Requires: libkcapi0 = %{version} +Requires: libkcapi1 = %{version} %description devel libkcapi exports APIs so that developers need not consider the low-level @@ -76,58 +74,90 @@ %prep %setup -q -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 %build -cd lib -export CFLAGS="%optflags" -%make_build -make man -cd ../apps +autoreconf -i +%configure \ + --disable-static \ + --enable-kcapi-test \ + --enable-kcapi-speed \ + --enable-kcapi-hasher \ + --enable-kcapi-rngapp \ + --enable-kcapi-encapp \ + --enable-kcapi-dgstapp + make %{?_smp_mflags} %install -cd lib -make install maninstall DESTDIR=%{buildroot} LIBDIR="%{_libdir}" %{?_smp_mflags} -cd ../apps -make install DESTDIR=%{buildroot} %{?_smp_mflags} BINDIR=/usr/%_lib/libkcapi/ +make install DESTDIR=%{buildroot} LIBDIR="%{_libdir}" BINDIR=/%{_libexecdir}/libkcapi/ %{?_smp_mflags} +rm %{buildroot}/%_libdir/libkcapi.la + +mkdir -p %{buildroot}/%{_libexecdir}/libkcapi/ +mv %{buildroot}/usr/bin/* %{buildroot}/%{_libexecdir}/libkcapi/ +mv %{buildroot}/usr/bin/.??* %{buildroot}/%{_libexecdir}/libkcapi/ # Add generation of HMAC checksums of the final fipshmac fipscheck stripped binaries %define __spec_install_post \ %{?__debug_package:%{__debug_install_post}} \ %{__arch_install_post} \ %{__os_install_post} \ - openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/usr/%_lib/libkcapi/fipscheck |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.fipscheck.hmac \ - openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/usr/%_lib/libkcapi/fipshmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.fipshmac.hmac \ - openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha1sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha1sum.hmac \ - openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha256sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha256sum.hmac \ - openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha384sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha384sum.hmac \ - openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha512sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha512sum.hmac \ - openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha1hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha1hmac.hmac \ - openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha256hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha256hmac.hmac \ - openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha384hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha384hmac.hmac \ - openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/usr/%_lib/libkcapi/sha512hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/usr/%_lib/libkcapi/.sha512hmac.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/fipscheck |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.fipscheck.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/fipshmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.fipshmac.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/sha1sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.sha1sum.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/sha256sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.sha256sum.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/sha384sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.sha384sum.hmac \ + openssl sha256 -hmac orboDeJITITejsirpADONivirpUkvarP $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/sha512sum |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.sha512sum.hmac \ + openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/sha1hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.sha1hmac.hmac \ + openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/sha256hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.sha256hmac.hmac \ + openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/sha384hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.sha384hmac.hmac \ + openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/sha512hmac |sed -e 's/.* //;' > $RPM_BUILD_ROOT/%{_libexecdir}/libkcapi/.sha512hmac.hmac \ + openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_libdir/libkcapi.so|sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libdir/.libkcapi.so.hmac \ + openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_libdir/libkcapi.so.1|sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libdir/.libkcapi.so.1.hmac \ + openssl sha512 -hmac FIPS-FTW-RHT2009 $RPM_BUILD_ROOT/%_libdir/libkcapi.so.%version|sed -e 's/.* //;' > $RPM_BUILD_ROOT/%_libdir/.libkcapi.so.%version.hmac \ %{nil} -%post -n libkcapi0 -p /sbin/ldconfig +%post -n libkcapi1 -p /sbin/ldconfig -%postun -n libkcapi0 -p /sbin/ldconfig +%postun -n libkcapi1 -p /sbin/ldconfig -%files -n libkcapi0 +%files -n libkcapi1 %license COPYING -%doc CHANGES -%{_libdir}/libkcapi.so.0.13.* -%{_libdir}/libkcapi.so.0 +%doc CHANGES.md +%{_libdir}/libkcapi.so.1.* +%{_libdir}/libkcapi.so.1 +%{_libdir}/.libkcapi.so.1* %files devel %{_includedir}/kcapi.h %{_mandir}/man3/* +%{_libdir}/libkcapi.so +%{_libdir}/.libkcapi.so.hmac +%{_libdir}/pkgconfig/libkcapi.pc %files tools -%dir %{_libdir}/libkcapi -%{_libdir}/libkcapi/* -%{_libdir}/libkcapi/.*hmac +%dir %{_libexecdir}/libkcapi +%{_libexecdir}/libkcapi/*sum* +%{_libexecdir}/libkcapi/*hmac* +%{_libexecdir}/libkcapi/.*.hmac +%{_libexecdir}/libkcapi/kcapi +%{_libexecdir}/libkcapi/kcapi-convenience +%{_libexecdir}/libkcapi/compile-test.sh +%{_libexecdir}/libkcapi/hasher-test.sh +%{_libexecdir}/libkcapi/kcapi-convenience.sh +%{_libexecdir}/libkcapi/kcapi-dgst-test.sh +%{_libexecdir}/libkcapi/kcapi-enc-test-large +%{_libexecdir}/libkcapi/kcapi-enc-test-large.sh +%{_libexecdir}/libkcapi/kcapi-enc-test.sh +%{_libexecdir}/libkcapi/kcapi-fuzz-test.sh +%{_libexecdir}/libkcapi/fipscheck +%{_libexecdir}/libkcapi/kcapi-dgst +%{_libexecdir}/libkcapi/kcapi-enc +%{_libexecdir}/libkcapi/kcapi-rng +%{_libexecdir}/libkcapi/kcapi-speed +%{_libexecdir}/libkcapi/libtest.sh +%{_libexecdir}/libkcapi/test-invocation.sh +%{_libexecdir}/libkcapi/test.sh +%{_libexecdir}/libkcapi/virttest.sh +%{_mandir}/man1/kcapi* %changelog
