Blame SPECS/libkcapi.spec

8c1053
# Shared object version of libkcapi.
8c1053
%global vmajor            1
cf1a29
%global vminor            2
cf1a29
%global vpatch            0
8c1053
8c1053
# Do we build the replacements packages?
8c1053
%bcond_with replace_coreutils
8c1053
# Replace fipscheck by default in Fedora 33+:
8c1053
%if 0%{?fedora} >= 33 || 0%{?rhel} >= 9
8c1053
%bcond_without replace_fipscheck
8c1053
%else
8c1053
%bcond_with replace_fipscheck
8c1053
%endif
8c1053
# Replace hmaccalc by default in Fedora 28+:
8c1053
%if 0%{?fedora} >= 28 || 0%{?rhel} >= 8
8c1053
%bcond_without replace_hmaccalc
8c1053
%else
8c1053
%bcond_with replace_hmaccalc
8c1053
%endif
8c1053
%if 0%{?fedora} >= 29 || 0%{?rhel} >= 8
8c1053
%bcond_without test_package
8c1053
%else
8c1053
%bcond_with test_package
8c1053
%endif
8c1053
8c1053
# This package needs at least Linux Kernel v4.10.0.
8c1053
%global min_kernel_ver    4.10.0
8c1053
8c1053
# Do we need to tweak sysctl.d? In newer versions of the Linux
8c1053
# Kernel the default ancillary buffer size is set high enough.
8c1053
# TODO: Adapt this when the patch for net/core/sock.c is merged.
8c1053
%if %{lua:print(rpm.vercmp('99.0.0', posix.uname('%r')));} >= 0
8c1053
%global with_sysctl_tweak 1
8c1053
%else
8c1053
%global with_sysctl_tweak 0
8c1053
%endif
8c1053
8c1053
%if %{with_sysctl_tweak}
8c1053
# Priority for the sysctl.d preset.
8c1053
%global sysctl_prio       50
8c1053
8c1053
# Value used for the sysctl.d preset.
8c1053
%global sysctl_optmem_max 81920
8c1053
8c1053
# Extension for the README.distro file.
8c1053
%global distroname_ext    %{?fedora:fedora}%{?rhel:redhat}
8c1053
%endif
8c1053
8c1053
# Lowest limit to run the testsuite.  If we cannot obtain this
8c1053
# value, we asume the testsuite cannot be run.
8c1053
%global test_optmem_max   %(%{__cat} /proc/sys/net/core/optmem_max || echo 0)
8c1053
8c1053
# For picking patches from upstream commits or pull requests.
8c1053
%global giturl            https://github.com/smuellerDD/%{name}
8c1053
8c1053
# Do we replace some coreutils?
8c1053
%if %{with replace_coreutils}
8c1053
# TODO: Adapt this when replacing some coreutils initially.
8c1053
%global coreutils_evr     8.29-1%{?dist}
8c1053
%endif
8c1053
8c1053
# Do we replace fipscheck?
8c1053
%if %{with replace_fipscheck}
8c1053
%global fipscheck_evr     1.5.0-9
8c1053
%endif
8c1053
8c1053
# Do we replace hmaccalc?
8c1053
%if %{with replace_hmaccalc}
8c1053
%global hmaccalc_evr      0.9.14-10%{?dist}
8c1053
%endif
8c1053
8c1053
%global apps_hmaccalc sha1hmac sha224hmac sha256hmac sha384hmac sha512hmac
8c1053
%global apps_fipscheck sha1sum sha224sum sha256sum sha384sum sha512sum md5sum fipscheck fipshmac
8c1053
8c1053
# On old kernels use mock hashers implemented via openssl
8c1053
%if %{lua:print(rpm.vercmp(posix.uname('%r'), '3.19'));} >= 0
8c1053
%global sha512hmac bin/kcapi-hasher -n sha512hmac
8c1053
%global fipshmac   bin/kcapi-hasher -n fipshmac
8c1053
%else
8c1053
%global sha512hmac bash %{_sourcedir}/sha512hmac-openssl.sh
8c1053
%global fipshmac   bash %{_sourcedir}/fipshmac-openssl.sh
8c1053
%endif
8c1053
8c1053
# Add generation of HMAC checksums of the final stripped
8c1053
# binaries.  %%define with lazy globbing is used here
8c1053
# intentionally, because using %%global does not work.
8c1053
%define __spec_install_post                                      \
8c1053
%{?__debug_package:%{__debug_install_post}}                      \
8c1053
%{__arch_install_post}                                           \
8c1053
%{__os_install_post}                                             \
8c1053
bin_path=%{buildroot}%{_bindir}                                  \
8c1053
lib_path=%{buildroot}/%{_lib}                                    \
8c1053
for app in %{apps_hmaccalc}; do                                  \
8c1053
  test -e "$bin_path"/$app || continue                           \
8c1053
  { %sha512hmac "$bin_path"/$app || exit 1; }                    \\\
8c1053
    | cut -f 1 -d ' ' >"$lib_path"/hmaccalc/$app.hmac            \
8c1053
done                                                             \
8c1053
for app in %{apps_fipscheck}; do                                 \
8c1053
  test -e "$bin_path"/$app || continue                           \
8c1053
  %fipshmac -d "$lib_path"/fipscheck "$bin_path"/$app || exit 1  \
8c1053
done                                                             \
8c1053
%{_sbindir}/hardlink -cfv %{buildroot}%{_bindir}                 \
8c1053
%fipshmac -d "$lib_path"/fipscheck                               \\\
8c1053
  "$lib_path"/libkcapi.so.%{version} || exit 1                   \
8c1053
%{__ln_s} libkcapi.so.%{version}.hmac                            \\\
8c1053
  "$lib_path"/fipscheck/libkcapi.so.%{vmajor}.hmac               \
8c1053
%{nil}
8c1053
8c1053
8c1053
Name:           libkcapi
8c1053
Version:        %{vmajor}.%{vminor}.%{vpatch}
cf1a29
Release:        2%{?dist}
8c1053
Summary:        User space interface to the Linux Kernel Crypto API
8c1053
8c1053
License:        BSD or GPLv2
8c1053
URL:            http://www.chronox.de/%{name}.html
8c1053
Source0:        http://www.chronox.de/%{name}/%{name}-%{version}.tar.xz
8c1053
Source1:        http://www.chronox.de/%{name}/%{name}-%{version}.tar.xz.asc
8c1053
Source2:        sha512hmac-openssl.sh
8c1053
Source3:        fipshmac-openssl.sh
8c1053
cf1a29
Patch100:       100-fix-double-free-hasher.patch
8c1053
8c1053
BuildRequires:  bash
8c1053
BuildRequires:  clang
8c1053
BuildRequires:  coreutils
8c1053
BuildRequires:  cppcheck
8c1053
BuildRequires:  docbook-utils-pdf
8c1053
BuildRequires:  gcc
8c1053
BuildRequires:  git
8c1053
BuildRequires:  hardlink
8c1053
BuildRequires:  kernel-headers >= %{min_kernel_ver}
8c1053
BuildRequires:  libtool
8c1053
BuildRequires:  openssl
8c1053
BuildRequires:  perl
8c1053
BuildRequires:  systemd
8c1053
BuildRequires:  xmlto
8c1053
8c1053
# For ownership of %%{_sysctldir}.
8c1053
Requires:       systemd
8c1053
8c1053
Obsoletes:      %{name}-replacements <= %{version}-%{release}
8c1053
8c1053
%description
8c1053
libkcapi allows user-space to access the Linux kernel crypto API.
8c1053
8c1053
This library uses the netlink interface and exports easy to use APIs
8c1053
so that a developer does not need to consider the low-level netlink
8c1053
interface handling.
8c1053
8c1053
The library does not implement any cipher algorithms.  All consumer
8c1053
requests are sent to the kernel for processing.  Results from the
8c1053
kernel crypto API are returned to the consumer via the library API.
8c1053
8c1053
The kernel interface and therefore this library can be used by
8c1053
unprivileged processes.
8c1053
8c1053
8c1053
%package        devel
8c1053
Summary:        Development files for the %{name} package
8c1053
Requires:       %{name}%{?_isa} == %{version}-%{release}
8c1053
8c1053
%description    devel
8c1053
Header files for applications that use %{name}.
8c1053
8c1053
8c1053
%package        doc
8c1053
Summary:        User documentation for the %{name} package
8c1053
Requires:       %{name}%{?_isa} == %{version}-%{release}
8c1053
8c1053
%description    doc
8c1053
User documentation for %{name}.
8c1053
8c1053
8c1053
%if %{with replace_coreutils}
8c1053
%package        checksum
8c1053
Summary:        Drop-in replacement for *sum utils provided by the %{name} package
8c1053
Requires:       %{name}%{?_isa}    == %{version}-%{release}
8c1053
8c1053
Requires:       coreutils%{?_isa}  >= %{coreutils_evr}
8c1053
8c1053
Conflicts:      coreutils          < %{coreutils_evr}
8c1053
Conflicts:      coreutils-single
8c1053
8c1053
%description    checksum
8c1053
Provides drop-in replacements for sha*sum tools (from package
8c1053
coreutils) using %{name}.
8c1053
%endif
8c1053
8c1053
8c1053
%if %{with replace_fipscheck}
8c1053
%package        fipscheck
8c1053
Summary:        Drop-in replacements for fipscheck/fipshmac provided by the %{name} package
8c1053
Requires:       %{name}%{?_isa}   == %{version}-%{release}
8c1053
8c1053
Obsoletes:      fipscheck         <= %{fipscheck_evr}
8c1053
8c1053
Provides:       fipscheck         == %{fipscheck_evr}.1
8c1053
Provides:       fipscheck%{?_isa} == %{fipscheck_evr}.1
8c1053
8c1053
%description    fipscheck
8c1053
Provides drop-in replacements for fipscheck and fipshmac tools (from
8c1053
package fipscheck) using %{name}.
8c1053
%endif
8c1053
8c1053
8c1053
%if %{with replace_hmaccalc}
8c1053
%package        hmaccalc
8c1053
Summary:        Drop-in replacements for hmaccalc provided by the %{name} package
8c1053
Requires:       %{name}%{?_isa}   == %{version}-%{release}
8c1053
8c1053
Obsoletes:      hmaccalc          <= %{hmaccalc_evr}
8c1053
8c1053
Provides:       hmaccalc          == %{hmaccalc_evr}.1
8c1053
Provides:       hmaccalc%{?_isa}  == %{hmaccalc_evr}.1
8c1053
8c1053
%description    hmaccalc
8c1053
Provides drop-in replacements for sha*hmac tools (from package
8c1053
hmaccalc) using %{name}.
8c1053
%endif
8c1053
8c1053
8c1053
%package        static
8c1053
Summary:        Static library for -static linking with %{name}
8c1053
Requires:       %{name}-devel%{?_isa} == %{version}-%{release}
8c1053
8c1053
%description    static
8c1053
This package contains the %{name} static libraries for -static
8c1053
linking.  You don't need this, unless you link statically, which
8c1053
is highly discouraged.
8c1053
8c1053
8c1053
%package        tools
8c1053
Summary:        Utility applications for the %{name} package
8c1053
Requires:       %{name}%{?_isa} == %{version}-%{release}
8c1053
8c1053
%description    tools
8c1053
Utility applications that are provided with %{name}.  This includes
8c1053
tools to use message digests, symmetric ciphers and random number
8c1053
generators implemented in the Linux kernel from command line.
8c1053
8c1053
8c1053
%if %{with test_package}
8c1053
%package        tests
8c1053
Summary:        Testing scripts for the %{name} package
8c1053
Requires:       %{name}%{?_isa}       == %{version}-%{release}
8c1053
Requires:       %{name}-tools%{?_isa} == %{version}-%{release}
8c1053
%if %{with replace_hmaccalc}
8c1053
Requires:       %{name}-hmaccalc%{?_isa} == %{version}-%{release}
8c1053
%endif
8c1053
%if %{with replace_coreutils}
8c1053
Requires:       %{name}-checksum%{?_isa} == %{version}-%{release}
8c1053
%endif
8c1053
Requires:       coreutils
8c1053
Requires:       openssl
8c1053
Requires:       perl
8c1053
8c1053
%description    tests
8c1053
Auxiliary scripts for testing %{name}.
8c1053
%endif
8c1053
8c1053
8c1053
%prep
8c1053
%autosetup -p 1 -S git
8c1053
8c1053
%if %{with_sysctl_tweak}
8c1053
%{__cat} << EOF > README.%{distroname_ext}
8c1053
This package increases the default limit of the ancillary buffer size
8c1053
per kernel socket defined in \`net.core.optmem_max\` to %{sysctl_optmem_max} bytes.
8c1053
8c1053
For this preset to become active it requires a reboot after the
8c1053
installation of this package.  You can also manually increase this
8c1053
limit by invocing \`sysctl net.core.optmem_max=%{sysctl_optmem_max}\` as the
8c1053
super-user, e.g. using \`su\` or \`sudo\` on the terminal.
8c1053
8c1053
This is done to provide consumers of the new Linux Kernel Crypto API
8c1053
User Space Interface a well sufficient and reasonable maximum limit
8c1053
by default, especially when using AIO with a larger amount of IOVECs.
8c1053
8c1053
For further information about the AF_ALG kernel socket and AIO, see
8c1053
the discussion at the kernel-crypto mailing-list:
8c1053
https://www.mail-archive.com/linux-crypto@vger.kernel.org/msg30417.html
8c1053
8c1053
See the instructions given in '%{_sysctldir}/50-default.conf',
8c1053
if you need or want to override the preset made by this package.
8c1053
EOF
8c1053
8c1053
%{__cat} << EOF > %{sysctl_prio}-%{name}-optmem_max.conf
8c1053
# See the 'README.%{distroname_ext}' file shipped in %%doc
8c1053
# with the %{name} package.
8c1053
#
8c1053
# See '%{_sysctldir}/50-default.conf',
8c1053
# if you need or want to override this preset.
8c1053
8c1053
# Increase the ancillary buffer size per socket.
8c1053
net.core.optmem_max = %{sysctl_optmem_max}
8c1053
EOF
8c1053
%endif
8c1053
8c1053
%{_bindir}/autoreconf -fiv
8c1053
8c1053
8c1053
%build
8c1053
%configure               \
8c1053
  --libdir=/%{_lib}      \
8c1053
  --disable-silent-rules \
8c1053
  --enable-kcapi-encapp  \
8c1053
  --enable-kcapi-dgstapp \
8c1053
  --enable-kcapi-hasher  \
8c1053
  --enable-kcapi-rngapp  \
8c1053
  --enable-kcapi-speed   \
8c1053
  --enable-kcapi-test    \
8c1053
  --enable-shared        \
8c1053
  --enable-static        \
8c1053
  --enable-sum-prefix=   \
8c1053
  --enable-sum-dir=/%{_lib} \
8c1053
  --with-pkgconfigdir=%{_libdir}/pkgconfig
8c1053
%make_build all doc
8c1053
8c1053
8c1053
%install
8c1053
%make_install
8c1053
8c1053
# Install sysctl.d preset.
8c1053
%{__mkdir_p} %{buildroot}%{_sysctldir}
8c1053
%{__install} -Dpm 0644 -t %{buildroot}%{_sysctldir} \
8c1053
  %{sysctl_prio}-%{name}-optmem_max.conf
8c1053
8c1053
# Install into proper location for inclusion by %%doc.
8c1053
%{__mkdir_p} %{buildroot}%{_pkgdocdir}
8c1053
%{__install} -Dpm 0644 -t %{buildroot}%{_pkgdocdir} \
8c1053
%if %{with_sysctl_tweak}
8c1053
  README.%{distroname_ext}                          \
8c1053
%endif
8c1053
  README.md CHANGES.md TODO doc/%{name}.p{df,s}
8c1053
%{__cp} -pr lib/doc/html %{buildroot}%{_pkgdocdir}
8c1053
8c1053
# Install replacement tools, if enabled.
8c1053
%if !%{with replace_coreutils}
8c1053
%{__rm} -f                            \
8c1053
  %{buildroot}%{_bindir}/md5sum       \
8c1053
  %{buildroot}%{_bindir}/sha*sum
8c1053
%endif
8c1053
8c1053
%if !%{with replace_fipscheck}
8c1053
%{__rm} -f %{buildroot}%{_bindir}/fips*
8c1053
%endif
8c1053
8c1053
%if !%{with replace_hmaccalc}
8c1053
%{__rm} -f %{buildroot}%{_bindir}/sha*hmac
8c1053
%endif
8c1053
8c1053
# We don't ship autocrap dumplings.
8c1053
%{_bindir}/find %{buildroot} -type f -name '*.la' -print -delete
8c1053
8c1053
# HMAC checksums are generated during __spec_install_post.
8c1053
%{_bindir}/find %{buildroot} -type f -name '*.hmac' -print -delete
8c1053
8c1053
# Remove 0-size files.
8c1053
%{_bindir}/find %{buildroot} -type f -size 0 -print -delete
8c1053
8c1053
# Make sure all docs have non-exec permissions, except for the dirs.
8c1053
%{_bindir}/find %{buildroot}%{_pkgdocdir} -type f -print | \
8c1053
  %{_bindir}/xargs %{__chmod} -c 0644
8c1053
%{_bindir}/find %{buildroot}%{_pkgdocdir} -type d -print | \
8c1053
  %{_bindir}/xargs %{__chmod} -c 0755
8c1053
8c1053
# Possibly save some space by hardlinking.
8c1053
for d in %{_mandir} %{_pkgdocdir}; do
8c1053
  %{_sbindir}/hardlink -cfv %{buildroot}$d
8c1053
done
8c1053
8c1053
8c1053
%check
8c1053
# Some basic sanity checks.
8c1053
for t in cppcheck scan; do
8c1053
  %make_build $t
8c1053
done
8c1053
8c1053
# On some arches `/proc/sys/net/core/optmem_max` is lower than 20480,
8c1053
# which is the lowest limit needed to run the testsuite.  If that limit
8c1053
# is not met, we do not run it.
8c1053
%if %{test_optmem_max} >= 20480
8c1053
# Skip the testsuite on old kernels.
8c1053
%if %{lua:print(rpm.vercmp(posix.uname('%r'), '5.1'));} >= 0
8c1053
# Real testsuite.
8c1053
pushd test
8c1053
# Ignore test result since the CI will do better testing anyway
8c1053
NO_32BIT_TEST=1    \
8c1053
  ./test-invocation.sh || true
8c1053
popd
8c1053
%endif
8c1053
%endif
8c1053
8c1053
8c1053
%ldconfig_scriptlets
8c1053
8c1053
8c1053
%files
8c1053
%license COPYING*
8c1053
%doc %dir %{_pkgdocdir}
8c1053
%doc %{_pkgdocdir}/README.md
8c1053
/%{_lib}/%{name}.so.%{vmajor}
8c1053
/%{_lib}/%{name}.so.%{version}
8c1053
/%{_lib}/fipscheck/%{name}.so.%{vmajor}.hmac
8c1053
/%{_lib}/fipscheck/%{name}.so.%{version}.hmac
8c1053
%if %{with_sysctl_tweak}
8c1053
%doc %{_pkgdocdir}/README.%{distroname_ext}
8c1053
%{_sysctldir}/%{sysctl_prio}-%{name}-optmem_max.conf
8c1053
%endif
8c1053
8c1053
8c1053
%files          devel
8c1053
%doc %{_pkgdocdir}/CHANGES.md
8c1053
%doc %{_pkgdocdir}/TODO
8c1053
%{_includedir}/kcapi.h
8c1053
%{_mandir}/man3/kcapi_*.3.*
8c1053
/%{_lib}/%{name}.so
8c1053
%{_libdir}/pkgconfig/%{name}.pc
8c1053
8c1053
8c1053
%files          doc
8c1053
%doc %{_pkgdocdir}
8c1053
8c1053
8c1053
%if %{with replace_coreutils}
8c1053
%files          checksum
8c1053
%{_bindir}/md5sum
8c1053
%{_bindir}/sha*sum
8c1053
/%{_lib}/fipscheck/md5sum.hmac
8c1053
/%{_lib}/fipscheck/sha*sum.hmac
8c1053
%endif
8c1053
8c1053
%if %{with replace_fipscheck}
8c1053
%files          fipscheck
8c1053
%{_bindir}/fips*
8c1053
/%{_lib}/fipscheck/fips*.hmac
8c1053
%endif
8c1053
8c1053
%if %{with replace_hmaccalc}
8c1053
%files          hmaccalc
8c1053
%{_bindir}/sha*hmac
8c1053
/%{_lib}/hmaccalc/sha*hmac.hmac
8c1053
%endif
8c1053
8c1053
8c1053
%files          static
8c1053
/%{_lib}/%{name}.a
8c1053
8c1053
8c1053
%files          tools
8c1053
%{_bindir}/kcapi*
8c1053
%{_mandir}/man1/kcapi*.1.*
8c1053
8c1053
8c1053
%if %{with test_package}
8c1053
%files          tests
8c1053
%{_libexecdir}/%{name}/*
8c1053
%endif
8c1053
8c1053
8c1053
%changelog
cf1a29
* Tue May 26 2020 Sahana Prasad <sahana@redhat.com> - 1.2.0-2
cf1a29
- Fix double free issue in hasher()
cf1a29
cf1a29
* Mon May 25 2020 Sahana Prasad <sahana@redhat.com> - 1.2.0-1
cf1a29
- [RHEL] Update to upstream version 1.2.0
cf1a29
8c1053
* Thu Apr 30 2020 Sahana Prasad <sahana@redhat.com> - 1.1.5-3
8c1053
- Enables building on old kernels [sync fix in Fedora from omosnance].
8c1053
- This is required for covscans as they run on RHEL7 machines.
8c1053
8c1053
* Wed Apr 29 2020 Sahana Prasad <sahana@redhat.com> - 1.1.5-2
8c1053
- Drop the license from the doc subpackage to avoid conflicts
8c1053
8c1053
* Mon Apr 27 2020 Sahana Prasad <sahana@redhat.com> - 1.1.5-1
8c1053
- [RHEL] Update to upstream version 1.1.5
8c1053
- [RHEL] Sync with Fedora branch
8c1053
8c1053
* Thu Aug 09 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-16_1
8c1053
- [RHEL] Apply 'Add missing dependencies to the tests package'
8c1053
- [RHEL] Apply 'Update patch from upstream'
8c1053
8c1053
* Thu Aug 09 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-16
8c1053
- Add missing dependencies to the tests package
8c1053
- Update patch from upstream
8c1053
8c1053
* Thu Aug 09 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-15_1
8c1053
- [RHEL] Apply 'Build and tests require perl'
8c1053
8c1053
* Thu Aug 09 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-15
8c1053
- Build and tests require perl
8c1053
8c1053
* Thu Aug 09 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-14_2
8c1053
- [RHEL] Re-enable AEAD tests and ignore test result
8c1053
- [RHEL] Drop the ppc64 ignore-failures workaround
8c1053
8c1053
* Thu Aug 09 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-14_1
8c1053
- [RHEL] Apply 'Add missing script to the 'tests' package'
8c1053
8c1053
* Thu Aug 09 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-14
8c1053
- Add missing script to the 'tests' package
8c1053
8c1053
* Wed Aug 08 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-13_1
8c1053
- [RHEL] Sync with the Fedora branch
8c1053
8c1053
* Wed Aug 08 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-13
8c1053
- Add missing requires to the 'tests' subpackage
8c1053
8c1053
* Wed Aug 08 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-12_1
8c1053
- [RHEL] Sync with the Fedora branch
8c1053
8c1053
* Tue Aug 07 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-12
8c1053
- Produce a subpackage with test scripts
8c1053
- Build the 'tests' subpackage conditionally
8c1053
8c1053
* Wed Aug 01 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-11_1
8c1053
- [RHEL] Sync with the Fedora branch
8c1053
8c1053
* Wed Aug 01 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-11
8c1053
- Add patch to fix unwanted closing of FD 0
8c1053
8c1053
* Tue Jul 31 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-10
8c1053
- Remove the kernel headers workaround
8c1053
8c1053
* Mon Jul 30 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-9_1
8c1053
- [RHEL] Sync with the Fedora branch
8c1053
- [RHEL] Rebase the disable-AEAD-tests patch
8c1053
8c1053
* Fri Jul 27 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.1.1-9
8c1053
- Rebuild for new binutils
8c1053
8c1053
* Fri Jul 27 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-8
8c1053
- Add more Coverity fixes from upstream
8c1053
- Add patch to fix AEAD fuzz test for BE arches
8c1053
- Fixup specfile
8c1053
8c1053
* Mon Jul 23 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-7_1
8c1053
- [RHEL] Sync with the Fedora branch
8c1053
- [RHEL] Fixup specfile
8c1053
- [RHEL] Rebase the disable-AEAD-tests patch
8c1053
8c1053
* Mon Jul 23 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-7
8c1053
- Add various fixes from upstream
8c1053
- Drop the Requires on kernel package
8c1053
8c1053
* Wed Jul 18 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-3_2
8c1053
- [RHEL] Temporarily disable AEAD tests
8c1053
8c1053
* Mon Jul 16 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-6
8c1053
- Put .hmac files into a separate directory
8c1053
8c1053
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.1-5
8c1053
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
8c1053
8c1053
* Thu Jul 12 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-4
8c1053
- Add patch to work around FTBFS on rawhide
8c1053
8c1053
* Wed Jul 11 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-3_1
8c1053
- [RHEL] Sync with the Fedora branch
8c1053
8c1053
* Wed Jul 11 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-3
8c1053
- Fix off-by-one error in checkfile parsing
8c1053
8c1053
* Wed Jul 11 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-2_2
8c1053
- [RHEL] Disable fuzz test
8c1053
8c1053
* Wed Jul 11 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-2_1
8c1053
- [RHEL] Sync with the Fedora branch
8c1053
8c1053
* Wed Jul 11 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-2
8c1053
- Fix command-line parsing in libkcapi-hmaccalc
8c1053
8c1053
* Tue Jul 10 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-1_2
8c1053
- [RHEL] Work around build failure with new kernel headers
8c1053
8c1053
* Mon Jun 18 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-1_1
8c1053
- [RHEL] Skip CLang static analysis
8c1053
- [RHEL] Remove the dependency on kernel package
8c1053
8c1053
* Mon Jun 18 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-1
8c1053
- Update to upstream version 1.1.1
8c1053
8c1053
* Wed May 09 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.0-5
8c1053
- Skip CLang static analysis in RHEL
8c1053
- Revert "Skip CLang static analysis in RHEL"
8c1053
- Use own sha512hmac and fipscheck
8c1053
8c1053
* Wed May 02 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.0-4
8c1053
- Fix description lines being too long
8c1053
8c1053
* Fri Apr 27 2018 Björn Esser <besser82@fedoraproject.org> - 1.1.0-3
8c1053
- Fix conditional for hmaccalc replacement
8c1053
8c1053
* Mon Apr 16 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.0-2
8c1053
- Enable hmaccalc replacements in Fedora 28+
8c1053
8c1053
* Thu Apr 12 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.0-1
8c1053
- Update to upstream version 1.1.0
8c1053
8c1053
* Sat Mar 31 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-10
8c1053
- Replace single patches with a monolitic one from upstream
8c1053
- Obsolete replacements subpackage
8c1053
- Ignore failing tests on %%{power64} temporarily
8c1053
8c1053
* Thu Mar 08 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.0.3-9
8c1053
- Split up the replacements subpackage
8c1053
8c1053
* Mon Feb 26 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-8
8c1053
- Increase optmem_max preset to 81920
8c1053
8c1053
* Mon Feb 26 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-7
8c1053
- Obsoletes work by package name, not by provides (rhbz#1537225)
8c1053
8c1053
* Sun Feb 25 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-6
8c1053
- Add patch to fix a copy-paste typo
8c1053
8c1053
* Sat Feb 17 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-5
8c1053
- Add patch to fix build with -Werror
8c1053
8c1053
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org>
8c1053
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
8c1053
8c1053
* Sun Feb 04 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-3
8c1053
- Switch to %%ldconfig_scriptlets
8c1053
8c1053
* Wed Jan 17 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-2
8c1053
- Decrease optmem_max preset to 40960
8c1053
- Let the build fail, if the minimum kernel version cannot be met
8c1053
- Conditionalize the sysctl.d tweak on version of the kernel
8c1053
- Conditionalize the name of README.distro on the distro
8c1053
8c1053
* Tue Jan 16 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-1
8c1053
- Initial import (rhbz#1533929)
8c1053
8c1053
* Tue Jan 16 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.13
8c1053
- Increase optmem_max preset to 81920
8c1053
8c1053
* Tue Jan 16 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.12
8c1053
- Add sysctl.d preset and README.fedora
8c1053
8c1053
* Mon Jan 15 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.11
8c1053
- Make the contents of the -replacements package configurable
8c1053
8c1053
* Mon Jan 15 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.10
8c1053
- Fix Obsoletes of the -replacements package
8c1053
8c1053
* Sun Jan 14 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.9
8c1053
- Disable the -replacements package until we have a plan for it
8c1053
8c1053
* Sun Jan 14 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.8
8c1053
- Move the kcapi-hasher binary to -replacements package, since it is
8c1053
  not of much use without the linked invocation names and saves the
8c1053
  extra Requires on the -tools package
8c1053
8c1053
* Sun Jan 14 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.7
8c1053
- Fix internal Requires of sub-packages
8c1053
- Hardlink files in %%{_bindir}
8c1053
8c1053
* Sun Jan 14 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.6
8c1053
- Add patches from upstream
8c1053
8c1053
* Sat Jan 13 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.5
8c1053
- Add patches from upstream
8c1053
8c1053
* Sat Jan 13 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.4
8c1053
- Asume the testsuite cannot be run, if the value of optmem_max cannot
8c1053
  be obtained
8c1053
8c1053
* Sat Jan 13 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.3
8c1053
- Move libraries to /%%{_lib} instead of %%{_libdir}, which is useful
8c1053
  during boot when the library might be needed before a potentially
8c1053
  seperate /usr partition is mounted
8c1053
8c1053
* Sat Jan 13 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.2
8c1053
- Asume optmem_max is at least 20480, if the real value cannot be obtained
8c1053
8c1053
* Fri Jan 12 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.3-0.1
8c1053
- New upstream release
8c1053
8c1053
* Wed Jan 10 2018 Björn Esser <besser82@fedoraproject.org> - 1.0.2-0.1
8c1053
- Initial rpm release (rhbz#1533929)