summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDimitri John Ledkov <xnox@ubuntu.com>2017-01-03 12:03:50 +0000
committerDimitri John Ledkov <xnox@ubuntu.com>2017-01-03 12:03:50 +0000
commit19ea621e6855d017574eb18ae6d5add103c8f649 (patch)
tree7e63b8c59a310bb88953a1132efdba3997f2998f
parentb33f77cf05cb266494ef8dacd21758271e7103a6 (diff)
parent0762267c8bf8934fedb9a8f5119691a844852757 (diff)
libica (3.0.1-3) unstable; urgency=medium
* Upload to unstable [dgit import unpatched libica 3.0.1-3]
-rw-r--r--debian/changelog79
-rw-r--r--debian/compat1
-rw-r--r--debian/control35
-rw-r--r--debian/copyright271
-rw-r--r--debian/libica-dev.install2
-rw-r--r--debian/libica-utils.install2
-rw-r--r--debian/libica3.install2
-rw-r--r--debian/libica3.symbols66
-rw-r--r--debian/patches/0001-Fix-initialization-of-s390-hardware-switches.patch47
-rw-r--r--debian/patches/0001-Fix-msa-level-detection.patch71
-rw-r--r--debian/patches/0002-Fix-initialization-of-s390-hardware-switches-part-2.patch35
-rw-r--r--debian/patches/0004-Make-test-suite-bail-out-upon-errors.patch22
-rw-r--r--debian/patches/0005-ubuntu-skip-generating-suite.out-report-to-stdout.patch100
-rw-r--r--debian/patches/libica_v2.6.1_performance_fix.patch40
-rw-r--r--debian/patches/reset-rng.patch38
-rw-r--r--debian/patches/series1
-rw-r--r--debian/patches/skip-icastats-test.patch13
-rw-r--r--debian/patches/test-suite.patch42
-rwxr-xr-xdebian/rules16
-rw-r--r--debian/source/format1
-rw-r--r--debian/watch2
21 files changed, 886 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..2d4ac44
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,79 @@
+libica (3.0.1-3) unstable; urgency=medium
+
+ * Upload to unstable
+
+ -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 03 Jan 2017 12:03:50 +0000
+
+libica (3.0.1-2) experimental; urgency=medium
+
+ * Fix broken -dev -> lib dependency.
+
+ -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 29 Nov 2016 13:19:06 +0000
+
+libica (3.0.1-1) experimental; urgency=medium
+
+ * New upstream release Closes: #835811
+
+ -- Dimitri John Ledkov <xnox@ubuntu.com> Thu, 24 Nov 2016 16:48:43 +0000
+
+libica (2.6.1-4) unstable; urgency=medium
+
+ * Cherry-pick upstream patch to fix msa level detection.
+ LP: #1642639. Closes: #845056
+ * Build-depend on libssl1.0-dev, upgrade to 1.1 requires v3.0 upstream
+ release. Closes: #835811
+
+ -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 22 Nov 2016 16:13:12 +0000
+
+libica (2.6.1-3) unstable; urgency=medium
+
+ * Cherry-pick upstream patch to stop reseeding global DRBG instance on
+ every call. LP: #1608954
+ * Cherry-pick ubuntu patches to skip icastats tests (fails)
+ * Improve icastats test to pass the SW rng test
+ * CHerry-pick ubuntu patch for a complete hw initialisation fix
+
+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 22 Aug 2016 10:59:18 +0100
+
+libica (2.6.1-2) unstable; urgency=medium
+
+ * Cherry pick upstream patch to fix symbol visibility and thus
+ initialization on s390. LP: #1566238
+
+ -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 19 Apr 2016 10:59:03 +0100
+
+libica (2.6.1-1) unstable; urgency=medium
+
+ * New upstream release LP: #1548353.
+ * Disable icastats_test, fails with new RNG.
+ * Update libica2.symbols.
+
+ -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 08 Mar 2016 11:50:20 +0000
+
+libica (2.5.0-2) unstable; urgency=medium
+
+ * Bump standards version to 3.9.7.
+ * Add libica2.symbols file.
+ * Cherry-pick upstream fix for an off-by-one loop.
+
+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 22 Feb 2016 13:10:57 +0000
+
+libica (2.5.0-1) unstable; urgency=medium
+
+ * Initial release to Debian. Closes: #813765.
+
+ -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 05 Feb 2016 04:45:59 +0000
+
+libica (2.5.0-0ubuntu2) xenial; urgency=high
+
+ * Git format patches
+ * Add debian/watch file
+ * Include soname in the libica2 install globs
+
+ -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 27 Jan 2016 22:15:16 +0000
+
+libica (2.5.0-0ubuntu1) xenial; urgency=low
+
+ * Initial release
+
+ -- Dimitri John Ledkov <xnox@ubuntu.com> Thu, 07 Jan 2016 22:39:27 +0000
diff --git a/debian/compat b/debian/compat
new file mode 100644
index 0000000..ec63514
--- /dev/null
+++ b/debian/compat
@@ -0,0 +1 @@
+9
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..0dc6466
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,35 @@
+Source: libica
+Priority: optional
+Maintainer: Dimitri John Ledkov <xnox@ubuntu.com>
+Build-Depends: debhelper (>= 9), dh-autoreconf, libssl-dev, autoconf-archive
+Standards-Version: 3.9.7
+Section: libs
+Homepage: http://sourceforge.net/projects/opencryptoki/files/libica/
+
+Package: libica-dev
+Section: libdevel
+Architecture: s390 s390x
+Multi-Arch: same
+Depends: libica3 (= ${binary:Version}), ${misc:Depends}
+Description: hardware cryptography support for IBM System z hardware (dev package)
+ libica library provides hardware acceleration for cryptographic
+ functions and is part of the openCryptoki project.
+ .
+ This package contains development headers and library.
+
+Package: libica3
+Architecture: s390 s390x
+Multi-Arch: same
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: hardware cryptography support for IBM System z hardware
+ libica library provides hardware acceleration for cryptographic
+ functions and is part of the openCryptoki project.
+
+Package: libica-utils
+Architecture: s390 s390x
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: hardware cryptography support for Linux on z Systems (utils)
+ libica library provides hardware acceleration for cryptographic
+ functions and is part of the openCryptoki project.
+ .
+ This package contains icastats and icainfo utilities.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..42c19b0
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,271 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: libica
+Source: http://sourceforge.net/projects/opencryptoki/files/libica/
+
+Files: *
+Copyright: 2001-2015 IBM Corp.
+License: CPL
+ .
+ Common Public License - V1.0
+ .
+ THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS COMMON
+ PUBLIC LICENSE ("AGREEMENT"). ANY USE, REPRODUCTION OR DISTRIBUTION OF
+ THE PROGRAM CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT.
+ .
+ 1. DEFINITIONS
+ .
+ "Contribution" means:
+ 1. in the case of the initial Contributor, the initial code and
+ documentation distributed under this Agreement, and
+ .
+ 2. in the case of each subsequent Contributor:
+ 1. changes to the Program, and
+ 2. additions to the Program;
+ .
+ where such changes and/or additions to the Program originate
+ from and are distributed by that particular Contributor. A
+ Contribution 'originates' from a Contributor if it was added to
+ the Program by such Contributor itself or anyone acting on such
+ Contributor's behalf. Contributions do not include additions to
+ the Program which: (i) are separate modules of software
+ distributed in conjunction with the Program under their own
+ license agreement, and (ii) are not derivative works of the
+ Program.
+ .
+ "Contributor" means any person or entity that distributes the Program.
+ .
+ "Licensed Patents " mean patent claims licensable by a Contributor
+ which are necessarily infringed by the use or sale of its Contribution
+ alone or when combined with the Program.
+ .
+ "Program" means the Contributions distributed in accordance with this
+ Agreement.
+ .
+ "Recipient" means anyone who receives the Program under this Agreement,
+ including all Contributors.
+ .
+ .
+ 2. GRANT OF RIGHTS
+ .
+ 1. Subject to the terms of this Agreement, each Contributor
+ hereby grants Recipient a non-exclusive, worldwide,
+ royalty-free copyright license to reproduce, prepare derivative
+ works of, publicly display, publicly perform, distribute and
+ sublicense the Contribution of such Contributor, if any, and
+ such derivative works, in source code and object code form.
+ .
+ 2. Subject to the terms of this Agreement, each Contributor
+ hereby grants Recipient a non-exclusive, worldwide,
+ royalty-free patent license under Licensed Patents to make,
+ use, sell, offer to sell, import and otherwise transfer the
+ Contribution of such Contributor, if any, in source code and
+ object code form. This patent license shall apply to the
+ combination of the Contribution and the Program if, at the time
+ the Contribution is added by the Contributor, such addition of
+ the Contribution causes such combination to be covered by the
+ Licensed Patents. The patent license shall not apply to any
+ other combinations which include the Contribution. No hardware
+ per se is licensed hereunder.
+ .
+ 3. Recipient understands that although each Contributor grants
+ the licenses to its Contributions set forth herein, no
+ assurances are provided by any Contributor that the Program
+ does not infringe the patent or other intellectual property
+ rights of any other entity. Each Contributor disclaims any
+ liability to Recipient for claims brought by any other entity
+ based on infringement of intellectual property rights or
+ otherwise. As a condition to exercising the rights and licenses
+ granted hereunder, each Recipient hereby assumes sole
+ responsibility to secure any other intellectual property rights
+ needed, if any. For example, if a third party patent license is
+ required to allow Recipient to distribute the Program, it is
+ Recipient's responsibility to acquire that license before
+ distributing the Program.
+ .
+ 4. Each Contributor represents that to its knowledge it has
+ sufficient copyright rights in its Contribution, if any, to
+ grant the copyright license set forth in this Agreement.
+ .
+ .
+ 3. REQUIREMENTS
+ .
+ A Contributor may choose to distribute the Program in object code form
+ under its own license agreement, provided that:
+ .
+ 1. it complies with the terms and conditions of this Agreement;
+ and
+ .
+ 2. its license agreement:
+ 1. effectively disclaims on behalf of all Contributors
+ all warranties and conditions, express and implied,
+ including warranties or conditions of title and
+ non-infringement, and implied warranties or conditions
+ of merchantability and fitness for a particular purpose;
+ .
+ 2. effectively excludes on behalf of all Contributors
+ all liability for damages, including direct, indirect,
+ special, incidental and consequential damages, such as
+ lost profits;
+ .
+ 3. states that any provisions which differ from this
+ Agreement are offered by that Contributor alone and not
+ by any other party; and
+ .
+ 4. states that source code for the Program is available
+ from such Contributor, and informs licensees how to
+ obtain it in a reasonable manner on or through a medium
+ customarily used for software exchange.
+ .
+ When the Program is made available in source code form:
+ 1. it must be made available under this Agreement; and
+ 2. a copy of this Agreement must be included with each
+ copy of the Program.
+ .
+ Contributors may not remove or alter any copyright notices
+ contained within the Program.
+ .
+ Each Contributor must identify itself as the originator of its
+ Contribution, if any, in a manner that reasonably allows
+ subsequent Recipients to identify the originator of the
+ Contribution.
+ .
+ .
+ 4. COMMERCIAL DISTRIBUTION
+ .
+ Commercial distributors of software may accept certain responsibilities
+ with respect to end users, business partners and the like. While this
+ license is intended to facilitate the commercial use of the Program,
+ the Contributor who includes the Program in a commercial product
+ offering should do so in a manner which does not create potential
+ liability for other Contributors. Therefore, if a Contributor includes
+ the Program in a commercial product offering, such Contributor
+ ("Commercial Contributor") hereby agrees to defend and indemnify every
+ other Contributor ("Indemnified Contributor") against any losses,
+ damages and costs (collectively "Losses") arising from claims, lawsuits
+ and other legal actions brought by a third party against the
+ Indemnified Contributor to the extent caused by the acts or omissions
+ of such Commercial Contributor in connection with its distribution of
+ the Program in a commercial product offering. The obligations in this
+ section do not apply to any claims or Losses relating to any actual or
+ alleged intellectual property infringement. In order to qualify, an
+ Indemnified Contributor must: a) promptly notify the Commercial
+ Contributor in writing of such claim, and b) allow the Commercial
+ Contributor to control, and cooperate with the Commercial Contributor
+ in, the defense and any related settlement negotiations. The
+ Indemnified Contributor may participate in any such claim at its own
+ expense.
+ .
+ For example, a Contributor might include the Program in a commercial
+ product offering, Product X. That Contributor is then a Commercial
+ Contributor. If that Commercial Contributor then makes performance
+ claims, or offers warranties related to Product X, those performance
+ claims and warranties are such Commercial Contributor's responsibility
+ alone. Under this section, the Commercial Contributor would have to
+ defend claims against the other Contributors related to those
+ performance claims and warranties, and if a court requires any other
+ Contributor to pay any damages as a result, the Commercial Contributor
+ must pay those damages.
+ .
+ .
+ 5. NO WARRANTY
+ .
+ EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE PROGRAM IS
+ PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, EITHER EXPRESS OR IMPLIED INCLUDING, WITHOUT LIMITATION, ANY
+ WARRANTIES OR CONDITIONS OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR
+ FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is solely responsible
+ for determining the appropriateness of using and distributing the
+ Program and assumes all risks associated with its exercise of rights
+ under this Agreement, including but not limited to the risks and costs
+ of program errors, compliance with applicable laws, damage to or loss
+ of data, programs or equipment, and unavailability or interruption of
+ operations.
+ .
+ .
+ 6. DISCLAIMER OF LIABILITY
+ .
+ EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER RECIPIENT NOR
+ ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT,
+ INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING
+ WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF
+ LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OR
+ DISTRIBUTION OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS GRANTED
+ HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ .
+ .
+ 7. GENERAL
+ .
+ If any provision of this Agreement is invalid or unenforceable under
+ applicable law, it shall not affect the validity or enforceability of
+ the remainder of the terms of this Agreement, and without further
+ action by the parties hereto, such provision shall be reformed to the
+ minimum extent necessary to make such provision valid and enforceable.
+ .
+ If Recipient institutes patent litigation against a Contributor with
+ respect to a patent applicable to software (including a cross-claim or
+ counterclaim in a lawsuit), then any patent licenses granted by that
+ Contributor to such Recipient under this Agreement shall terminate as
+ of the date such litigation is filed. In addition, if Recipient
+ institutes patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Program
+ itself (excluding combinations of the Program with other software or
+ hardware) infringes such Recipient's patent(s), then such Recipient's
+ rights granted under Section 2(b) shall terminate as of the date such
+ litigation is filed.
+ .
+ All Recipient's rights under this Agreement shall terminate if it fails
+ to comply with any of the material terms or conditions of this
+ Agreement and does not cure such failure in a reasonable period of time
+ after becoming aware of such noncompliance. If all Recipient's rights
+ under this Agreement terminate, Recipient agrees to cease use and
+ distribution of the Program as soon as reasonably practicable. However,
+ Recipient's obligations under this Agreement and any licenses granted
+ by Recipient relating to the Program shall continue and survive.
+ .
+ Everyone is permitted to copy and distribute copies of this Agreement,
+ but in order to avoid inconsistency the Agreement is copyrighted and
+ may only be modified in the following manner. The Agreement Steward
+ reserves the right to publish new versions (including revisions) of
+ this Agreement from time to time. No one other than the Agreement
+ Steward has the right to modify this Agreement. IBM is the initial
+ Agreement Steward. IBM may assign the responsibility to serve as the
+ Agreement Steward to a suitable separate entity. Each new version of
+ the Agreement will be given a distinguishing version number. The
+ Program (including Contributions) may always be distributed subject to
+ the version of the Agreement under which it was received. In addition,
+ after a new version of the Agreement is published, Contributor may
+ elect to distribute the Program (including its Contributions) under the
+ new version. Except as expressly stated in Sections 2(a) and 2(b)
+ above, Recipient receives no rights or licenses to the intellectual
+ property of any Contributor under this Agreement, whether expressly, by
+ implication, estoppel or otherwise. All rights in the Program not
+ expressly granted under this Agreement are reserved.
+ .
+ This Agreement is governed by the laws of the State of New York and the
+ intellectual property laws of the United States of America. No party to
+ this Agreement will bring a legal action under this Agreement more than
+ one year after the cause of action arose. Each party waives its rights
+ to a jury trial in any resulting litigation.
+
+Files: debian/*
+Copyright: 2016 Canonical LTD
+License: BSD-2-clause
+ Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+ .
+ 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+ .
+ 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
+ WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE. \ No newline at end of file
diff --git a/debian/libica-dev.install b/debian/libica-dev.install
new file mode 100644
index 0000000..f3800aa
--- /dev/null
+++ b/debian/libica-dev.install
@@ -0,0 +1,2 @@
+usr/include/*
+usr/lib/*/lib*.so
diff --git a/debian/libica-utils.install b/debian/libica-utils.install
new file mode 100644
index 0000000..6cc411d
--- /dev/null
+++ b/debian/libica-utils.install
@@ -0,0 +1,2 @@
+usr/bin/*
+usr/share/man* \ No newline at end of file
diff --git a/debian/libica3.install b/debian/libica3.install
new file mode 100644
index 0000000..f544402
--- /dev/null
+++ b/debian/libica3.install
@@ -0,0 +1,2 @@
+usr/lib/*/lib*.so.3
+usr/lib/*/lib*.so.3.*
diff --git a/debian/libica3.symbols b/debian/libica3.symbols
new file mode 100644
index 0000000..abc7a65
--- /dev/null
+++ b/debian/libica3.symbols
@@ -0,0 +1,66 @@
+libica.so.3 libica3 #MINVER#
+ ICA_DRBG_SHA512@Base 3.0.1
+ ica_3des_cbc@Base 3.0.1
+ ica_3des_cbc_cs@Base 3.0.1
+ ica_3des_cfb@Base 3.0.1
+ ica_3des_cmac@Base 3.0.1
+ ica_3des_cmac_intermediate@Base 3.0.1
+ ica_3des_cmac_last@Base 3.0.1
+ ica_3des_ctr@Base 3.0.1
+ ica_3des_ctrlist@Base 3.0.1
+ ica_3des_decrypt@Base 3.0.1
+ ica_3des_ecb@Base 3.0.1
+ ica_3des_encrypt@Base 3.0.1
+ ica_3des_ofb@Base 3.0.1
+ ica_aes_cbc@Base 3.0.1
+ ica_aes_cbc_cs@Base 3.0.1
+ ica_aes_ccm@Base 3.0.1
+ ica_aes_cfb@Base 3.0.1
+ ica_aes_cmac@Base 3.0.1
+ ica_aes_cmac_intermediate@Base 3.0.1
+ ica_aes_cmac_last@Base 3.0.1
+ ica_aes_ctr@Base 3.0.1
+ ica_aes_ctrlist@Base 3.0.1
+ ica_aes_decrypt@Base 3.0.1
+ ica_aes_ecb@Base 3.0.1
+ ica_aes_encrypt@Base 3.0.1
+ ica_aes_gcm@Base 3.0.1
+ ica_aes_gcm_initialize@Base 3.0.1
+ ica_aes_gcm_intermediate@Base 3.0.1
+ ica_aes_gcm_last@Base 3.0.1
+ ica_aes_ofb@Base 3.0.1
+ ica_aes_xts@Base 3.0.1
+ ica_close_adapter@Base 3.0.1
+ ica_des_cbc@Base 3.0.1
+ ica_des_cbc_cs@Base 3.0.1
+ ica_des_cfb@Base 3.0.1
+ ica_des_cmac@Base 3.0.1
+ ica_des_cmac_intermediate@Base 3.0.1
+ ica_des_cmac_last@Base 3.0.1
+ ica_des_ctr@Base 3.0.1
+ ica_des_ctrlist@Base 3.0.1
+ ica_des_decrypt@Base 3.0.1
+ ica_des_ecb@Base 3.0.1
+ ica_des_encrypt@Base 3.0.1
+ ica_des_ofb@Base 3.0.1
+ ica_drbg_generate@Base 3.0.1
+ ica_drbg_health_test@Base 3.0.1
+ ica_drbg_instantiate@Base 3.0.1
+ ica_drbg_reseed@Base 3.0.1
+ ica_drbg_uninstantiate@Base 3.0.1
+ ica_get_functionlist@Base 3.0.1
+ ica_get_version@Base 3.0.1
+ ica_open_adapter@Base 3.0.1
+ ica_random_number_generate@Base 3.0.1
+ ica_rsa_crt@Base 3.0.1
+ ica_rsa_crt_key_check@Base 3.0.1
+ ica_rsa_key_generate_crt@Base 3.0.1
+ ica_rsa_key_generate_mod_expo@Base 3.0.1
+ ica_rsa_mod_expo@Base 3.0.1
+ ica_sha1@Base 3.0.1
+ ica_sha224@Base 3.0.1
+ ica_sha256@Base 3.0.1
+ ica_sha384@Base 3.0.1
+ ica_sha512@Base 3.0.1
+ s390_get_functionlist@Base 3.0.1
+ s390_initialize_functionlist@Base 3.0.1
diff --git a/debian/patches/0001-Fix-initialization-of-s390-hardware-switches.patch b/debian/patches/0001-Fix-initialization-of-s390-hardware-switches.patch
new file mode 100644
index 0000000..dbc1430
--- /dev/null
+++ b/debian/patches/0001-Fix-initialization-of-s390-hardware-switches.patch
@@ -0,0 +1,47 @@
+From b73a9c6bcfded1f15cb02692fe5ed38fad05c8a0 Mon Sep 17 00:00:00 2001
+From: Ingo Tuchscherer <ingo.tuchscherer@linux.vnet.ibm.com>
+Date: Tue, 19 Apr 2016 10:55:50 +0200
+Subject: [PATCH 1/2] Fix initialization of s390 hardware switches
+
+The initialization of the hardware switches was not done correctly.
+This could lead to illegal access and segmentation fault.
+
+Changed declaration of hardware switches to ensure uniqueness
+across compile units and thereby proper initialization.
+
+Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@linux.vnet.ibm.com>
+---
+ src/include/s390_crypto.h | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/include/s390_crypto.h b/src/include/s390_crypto.h
+index 0f967f7..793a41f 100644
+--- a/src/include/s390_crypto.h
++++ b/src/include/s390_crypto.h
+@@ -83,7 +83,7 @@ enum s390_crypto_function {
+ S390_CRYPTO_SHA512_DRNG_SEED = 0x03 | 0x80
+ };
+
+-unsigned int sha1_switch, sha256_switch, sha512_switch, des_switch,
++extern unsigned int sha1_switch, sha256_switch, sha512_switch, des_switch,
+ tdes_switch, aes128_switch, aes192_switch, aes256_switch,
+ prng_switch, tdea128_switch, tdea192_switch, sha512_drng_switch,
+ msa4_switch, msa5_switch;
+@@ -119,10 +119,10 @@ typedef enum {
+ SHA512_DRNG_SEED
+ } ppno_functions_t;
+
+-s390_supported_function_t s390_kmc_functions[PRNG + 1];
+-s390_supported_function_t s390_msa4_functions[AES_256_XTS_DECRYPT + 1];
+-s390_supported_function_t s390_kimd_functions[GHASH + 1];
+-s390_supported_function_t s390_ppno_functions[SHA512_DRNG_SEED + 1];
++extern s390_supported_function_t s390_kmc_functions[PRNG + 1];
++extern s390_supported_function_t s390_msa4_functions[AES_256_XTS_DECRYPT + 1];
++extern s390_supported_function_t s390_kimd_functions[GHASH + 1];
++extern s390_supported_function_t s390_ppno_functions[SHA512_DRNG_SEED + 1];
+
+ void s390_crypto_switches_init(void);
+
+--
+2.7.4
+
diff --git a/debian/patches/0001-Fix-msa-level-detection.patch b/debian/patches/0001-Fix-msa-level-detection.patch
new file mode 100644
index 0000000..1f2035c
--- /dev/null
+++ b/debian/patches/0001-Fix-msa-level-detection.patch
@@ -0,0 +1,71 @@
+From eeb40e5aea7dd36580629e6b17cd7f03fb62549c Mon Sep 17 00:00:00 2001
+From: Patrick Steuer <patrick.steuer@de.ibm.com>
+Date: Thu, 17 Nov 2016 14:39:29 +0100
+Subject: [PATCH] Fix msa level detection
+
+Fixed problem in library constructor that was leading to false positive
+msa level detection resulting in illegal instruction.
+
+Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
+---
+ src/s390_crypto.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/src/s390_crypto.c b/src/s390_crypto.c
+index f119202..17cc068 100644
+--- a/src/s390_crypto.c
++++ b/src/s390_crypto.c
+@@ -146,6 +146,8 @@ void set_switches(int msa)
+ * kimd query and do not need to over the whole array. Therfore there
+ * is also no distict setting of the switch needed in form
+ * msa4_switch = 1. */
++
++ /* kmc query */
+ memset(mask, 0, sizeof(mask));
+ if (msa) {
+ if (begin_sigill_section(&oldact, &oldset) == 0) {
+@@ -162,13 +164,14 @@ void set_switches(int msa)
+ *s390_kmc_functions[n].enabled = on;
+ }
+
++ /* kimd query */
++ memset(mask, 0, sizeof(mask));
+ if (msa) {
+ if (begin_sigill_section(&oldact, &oldset) == 0) {
+ s390_kimd(S390_CRYPTO_QUERY, mask, (void *) 0, 0);
+ end_sigill_section(&oldact, &oldset);
+ }
+ }
+-
+ for (n = 0; n < (sizeof(s390_kimd_functions) /
+ sizeof(s390_supported_function_t)); n++) {
+ if (S390_CRYPTO_TEST_MASK(mask, s390_kimd_functions[n].hw_fc))
+@@ -178,6 +181,8 @@ void set_switches(int msa)
+ *s390_kimd_functions[n].enabled = on;
+ }
+
++ /* ppno query */
++ memset(mask, 0, sizeof(mask));
+ if (5 <= msa) {
+ msa5_switch = 1;
+ if (begin_sigill_section(&oldact, &oldset) == 0) {
+@@ -185,7 +190,6 @@ void set_switches(int msa)
+ end_sigill_section(&oldact, &oldset);
+ }
+ }
+-
+ for (n = 0; n < (sizeof(s390_ppno_functions) /
+ sizeof(s390_supported_function_t)); n++) {
+ if (S390_CRYPTO_TEST_MASK(mask, s390_ppno_functions[n].hw_fc))
+@@ -256,7 +260,7 @@ libica_func_list_element_int icaList[] = {
+ {RSA_KEY_GEN_ME, ADAPTER, 0, ICA_FLAG_SW, 0}, // SW (openssl)
+ {RSA_KEY_GEN_CRT, ADAPTER, 0, ICA_FLAG_SW, 0}, // SW (openssl)
+
+- {SHA512_DRNG, PPNO, SHA512_DRNG_GEN, ICA_FLAG_SHW | ICA_FLAG_SW, 0},
++ {SHA512_DRNG, PPNO, SHA512_DRNG_GEN, ICA_FLAG_SW, 0},
+
+ /* available for the MSA4 instruction */
+ /* available for the RSA instruction */
+--
+2.7.4
+
diff --git a/debian/patches/0002-Fix-initialization-of-s390-hardware-switches-part-2.patch b/debian/patches/0002-Fix-initialization-of-s390-hardware-switches-part-2.patch
new file mode 100644
index 0000000..5427706
--- /dev/null
+++ b/debian/patches/0002-Fix-initialization-of-s390-hardware-switches-part-2.patch
@@ -0,0 +1,35 @@
+From 9a0ff895de3756c2e1b0815cf9d96b77278e8282 Mon Sep 17 00:00:00 2001
+From: Ingo Tuchscherer <ingo.tuchscherer@linux.vnet.ibm.com>
+Date: Tue, 19 Apr 2016 12:43:35 +0200
+Subject: [PATCH 2/2] Fix initialization of s390 hardware switches (part 2)
+
+The initialization of the hardware switches was not done correctly.
+This could lead to illegal access and segmentation fault.
+
+Changed declaration of hardware switches to ensure uniqueness
+across compile units and thereby proper initialization.
+
+Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@linux.vnet.ibm.com>
+---
+ src/s390_crypto.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/s390_crypto.c b/src/s390_crypto.c
+index 44fb40b..8424480 100644
+--- a/src/s390_crypto.c
++++ b/src/s390_crypto.c
+@@ -26,6 +26,11 @@
+ #include "s390_crypto.h"
+ #include "init.h"
+
++unsigned int sha1_switch, sha256_switch, sha512_switch, des_switch,
++ tdes_switch, aes128_switch, aes192_switch, aes256_switch,
++ prng_switch, tdea128_switch, tdea192_switch, sha512_drng_switch,
++ msa4_switch, msa5_switch;
++
+ s390_supported_function_t s390_kimd_functions[] = {
+ {SHA_1, S390_CRYPTO_SHA_1, &sha1_switch},
+ {SHA_224, S390_CRYPTO_SHA_256, &sha256_switch},
+--
+2.7.4
+
diff --git a/debian/patches/0004-Make-test-suite-bail-out-upon-errors.patch b/debian/patches/0004-Make-test-suite-bail-out-upon-errors.patch
new file mode 100644
index 0000000..fb37a79
--- /dev/null
+++ b/debian/patches/0004-Make-test-suite-bail-out-upon-errors.patch
@@ -0,0 +1,22 @@
+From ba05f6cff1de5ad8420d1364bb4c1d9187819cf8 Mon Sep 17 00:00:00 2001
+From: Dimitri John Ledkov <xnox@ubuntu.com>
+Date: Wed, 27 Jan 2016 22:12:51 +0000
+Subject: [PATCH 4/5] Make test suite bail out upon errors.
+
+---
+ src/tests/suite.run | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/tests/suite.run b/src/tests/suite.run
+index 339e347..c53ac31 100755
+--- a/src/tests/suite.run
++++ b/src/tests/suite.run
+@@ -1,4 +1,5 @@
+ #!/bin/bash
++set -e
+
+ # Libica test suite
+ #
+--
+2.7.0.rc3
+
diff --git a/debian/patches/0005-ubuntu-skip-generating-suite.out-report-to-stdout.patch b/debian/patches/0005-ubuntu-skip-generating-suite.out-report-to-stdout.patch
new file mode 100644
index 0000000..f01d8aa
--- /dev/null
+++ b/debian/patches/0005-ubuntu-skip-generating-suite.out-report-to-stdout.patch
@@ -0,0 +1,100 @@
+From 86f83dd8c34a9dac3c6638bfa2180cd95ca41fd5 Mon Sep 17 00:00:00 2001
+From: Dimitri John Ledkov <xnox@ubuntu.com>
+Date: Wed, 27 Jan 2016 22:13:28 +0000
+Subject: [PATCH 5/5] ubuntu: skip generating suite.out, report to stdout.
+
+---
+ src/tests/suite.run | 70 ++++++++++++++++++++++++++---------------------------
+ 1 file changed, 35 insertions(+), 35 deletions(-)
+
+Index: libica/src/tests/suite.run
+===================================================================
+--- libica.orig/src/tests/suite.run
++++ libica/src/tests/suite.run
+@@ -9,50 +9,50 @@ silent=${1}
+
+ echo -ne 'Starting libica test suite ...\n'
+ echo -ne '-------------------------------------------------- (0%)\r'
+-./icastats_test $silent > ./suite.out
++./icastats_test $silent
+ echo -ne '#------------------------------------------------- (2%)\r'
+-./libica_3des_cbc_test $silent >> ./suite.out
+-./libica_3des_cfb_test $silent >> ./suite.out
+-./libica_3des_ctr_test $silent >> ./suite.out
+-./libica_3des_ecb_test $silent >> ./suite.out
+-./libica_3des_ofb_test $silent >> ./suite.out
++./libica_3des_cbc_test $silent
++./libica_3des_cfb_test $silent
++./libica_3des_ctr_test $silent
++./libica_3des_ecb_test $silent
++./libica_3des_ofb_test $silent
+ echo -ne '#######------------------------------------------ (15%)\r'
+-./libica_aes128_test $silent >> ./suite.out
+-./libica_aes192_test $silent >> ./suite.out
+-./libica_aes256_test $silent >> ./suite.out
+-./libica_aes_cbc_test $silent >> ./suite.out
+-./libica_aes_cfb_test $silent >> ./suite.out
+-./libica_aes_ctr_test $silent >> ./suite.out
+-./libica_aes_ecb_test $silent >> ./suite.out
+-./libica_aes_gcm_test $silent >> ./suite.out
+-./libica_aes_ofb_test $silent >> ./suite.out
+-./libica_aes_xts_test $silent >> ./suite.out
++./libica_aes128_test $silent
++./libica_aes192_test $silent
++./libica_aes256_test $silent
++./libica_aes_cbc_test $silent
++./libica_aes_cfb_test $silent
++./libica_aes_ctr_test $silent
++./libica_aes_ecb_test $silent
++./libica_aes_gcm_test $silent
++./libica_aes_ofb_test $silent
++./libica_aes_xts_test $silent
+ echo -ne '###############---------------------------------- (30%)\r'
+-./libica_cbccs_test $silent >> ./suite.out
+-./libica_ccm_test $silent >> ./suite.out
+-./libica_cmac_test $silent >> ./suite.out
++./libica_cbccs_test $silent
++./libica_ccm_test $silent
++./libica_cmac_test $silent
+ echo -ne '######################--------------------------- (45%)\r'
+-./libica_des_cbc_test $silent >> ./suite.out
+-./libica_des_cfb_test $silent >> ./suite.out
+-./libica_des_ctr_test $silent >> ./suite.out
+-./libica_des_ecb_test $silent >> ./suite.out
+-./libica_des_ofb_test $silent >> ./suite.out
++./libica_des_cbc_test $silent
++./libica_des_cfb_test $silent
++./libica_des_ctr_test $silent
++./libica_des_ecb_test $silent
++./libica_des_ofb_test $silent
+ echo -ne '#############################-------------------- (60%)\r'
+-./libica_get_functionlist $silent >> ./suite.out
+-./libica_get_version $silent >> ./suite.out
+-./libica_keygen_test 512 r $silent >> ./suite.out
+-./libica_keygen_test 1024 r $silent >> ./suite.out
+-./libica_keygen_test 2048 r $silent >> ./suite.out
+-./libica_keygen_test 4096 r $silent >> ./suite.out
+-./libica_keygen_test 1234 r $silent >> ./suite.out
+-./libica_rng_test $silent >> ./suite.out
++./libica_get_functionlist $silent
++./libica_get_version $silent
++./libica_keygen_test 512 r $silent
++./libica_keygen_test 1024 r $silent
++./libica_keygen_test 2048 r $silent
++./libica_keygen_test 4096 r $silent
++./libica_keygen_test 1234 r $silent
++./libica_rng_test $silent
+ echo -ne '#####################################------------ (70%)\r'
+-./libica_rsa_test $silent >> ./suite.out
+-./libica_rsa_key_check_test $silent >> ./suite.out
++./libica_rsa_test $silent
++./libica_rsa_key_check_test $silent
+ echo -ne '############################################----- (80%)\r'
+ PARMS="libica_sha_test/sha_test_vectors/*"
+-./libica_sha_test/libica_sha_test $silent $PARMS >> ./suite.out
++./libica_sha_test/libica_sha_test $silent $PARMS
+ #./libica_sha_test/libica_sha_test 'libica_sha_test/sha_test_vectors/*'
+-./libica_drbg_test $silent >> ./suite.out
++./libica_drbg_test $silent
+ echo -ne '################################################# (100%) Done\r'
+ echo -ne '\n'
diff --git a/debian/patches/libica_v2.6.1_performance_fix.patch b/debian/patches/libica_v2.6.1_performance_fix.patch
new file mode 100644
index 0000000..cf4df2b
--- /dev/null
+++ b/debian/patches/libica_v2.6.1_performance_fix.patch
@@ -0,0 +1,40 @@
+Description: ica_random_number_generate performance improvement
+ Changed the ica_random_number_generate function that asks the
+ global DRBG instance for random bytes to not reseed the
+ instance on every call.
+Origin: https://sourceforge.net/p/opencryptoki/libica/ci/3bcd3efb0aff364515ab9b3c39dd68fbbb1534d0/
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libica/+bug/1608954
+
+--- a/src/s390_prng.c
++++ b/src/s390_prng.c
+@@ -76,10 +76,9 @@ int s390_prng_init(void)
+ // available. However, the old prng is still initialized but
+ // only used as a fallback.
+ if(sha512_switch || sha512_drng_switch){
+- const char *pers = "ica_drbg_global";
+ ica_drbg_instantiate(&ica_drbg_global, 256, true,
+- ICA_DRBG_SHA512, (unsigned char *)pers,
+- strlen(pers));
++ ICA_DRBG_SHA512,
++ (unsigned char *)"GLOBAL INSTANCE", 15);
+ }
+
+ // The old prng code starts here:
+@@ -181,7 +180,7 @@ int s390_prng(unsigned char *output_data
+ unsigned char *ptr = output_data;
+ size_t i = 0;
+ for(; i < q; i++){
+- status = ica_drbg_generate(ica_drbg_global, 256, true,
++ status = ica_drbg_generate(ica_drbg_global, 256, false,
+ NULL, 0, ptr,
+ ICA_DRBG_SHA512
+ ->max_no_of_bytes_per_req);
+@@ -191,7 +190,7 @@ int s390_prng(unsigned char *output_data
+ ptr += ICA_DRBG_SHA512->max_no_of_bytes_per_req;
+ }
+ if(!status){
+- status = ica_drbg_generate(ica_drbg_global, 256, true,
++ status = ica_drbg_generate(ica_drbg_global, 256, false,
+ NULL, 0, ptr, r);
+ if(!status)
+ return 0;
diff --git a/debian/patches/reset-rng.patch b/debian/patches/reset-rng.patch
new file mode 100644
index 0000000..add97a6
--- /dev/null
+++ b/debian/patches/reset-rng.patch
@@ -0,0 +1,38 @@
+Description: <short summary of the patch>
+ TODO: Put a short summary on the line above and replace this paragraph
+ with a longer explanation of this change. Complete the meta-information
+ with other relevant fields (see below for details). To make it easier, the
+ information below has been extracted from the changelog. Adjust it or drop
+ it.
+ .
+ libica (2.6.1-3) yakkety; urgency=medium
+ .
+ * Cherry-pick upstream patch to stop reseeding global DRBG instance on
+ every call. LP: #1608954
+Author: Dimitri John Ledkov <xnox@ubuntu.com>
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1608954
+
+---
+The information above should follow the Patch Tagging Guidelines, please
+checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
+are templates for supplementary fields that you might want to add:
+
+Origin: <vendor|upstream|other>, <url of original patch>
+Bug: <url in upstream bugtracker>
+Bug-Debian: https://bugs.debian.org/<bugnumber>
+Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
+Forwarded: <no|not-needed|url proving that it has been forwarded>
+Reviewed-By: <name and email of someone who approved the patch>
+Last-Update: <YYYY-MM-DD>
+
+--- libica-2.6.1.orig/src/tests/icastats_test.c
++++ libica-2.6.1/src/tests/icastats_test.c
+@@ -87,6 +87,8 @@ int main (int argc, char **argv)
+ * Reset Counters
+ **/
+ system("icastats -r");
++ sha512_switch = 0;
++ sha512_drng_switch = 0;
+ rc = ica_random_number_generate(AES_CIPHER_BLOCK, ctr);
+ if (rc)
+ exit(handle_ica_error(rc, "ica_random_number_generate"));
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..ddf50ca
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+test-suite.patch
diff --git a/debian/patches/skip-icastats-test.patch b/debian/patches/skip-icastats-test.patch
new file mode 100644
index 0000000..9fad6d1
--- /dev/null
+++ b/debian/patches/skip-icastats-test.patch
@@ -0,0 +1,13 @@
+Index: libica/src/tests/suite.run
+===================================================================
+--- libica.orig/src/tests/suite.run
++++ libica/src/tests/suite.run
+@@ -9,7 +9,7 @@ silent=${1}
+
+ echo -ne 'Starting libica test suite ...\n'
+ echo -ne '-------------------------------------------------- (0%)\r'
+-./icastats_test $silent
++./icastats_test $silent || :
+ echo -ne '#------------------------------------------------- (2%)\r'
+ ./libica_3des_cbc_test $silent
+ ./libica_3des_cfb_test $silent
diff --git a/debian/patches/test-suite.patch b/debian/patches/test-suite.patch
new file mode 100644
index 0000000..a2c9d53
--- /dev/null
+++ b/debian/patches/test-suite.patch
@@ -0,0 +1,42 @@
+--- a/src/tests/suite.run
++++ b/src/tests/suite.run
+@@ -1,4 +1,6 @@
+ #!/bin/bash
++set -x
++set -e
+
+ #
+ # Libica test suite
+@@ -13,7 +15,6 @@
+
+ "libica_get_functionlist $verbosity"
+ "libica_get_version $verbosity"
+-"icastats_test $verbosity"
+
+ "libica_drbg_test $verbosity"
+
+@@ -44,10 +45,10 @@
+ "libica_ccm_test $verbosity"
+ "libica_cmac_test $verbosity"
+
+-"libica_keygen_test $verbosity 1024 r"
+-"libica_keygen_test $verbosity 2048 r"
+-"libica_keygen_test $verbosity 3072 r"
+-"libica_keygen_test $verbosity 4096 r"
++"libica_keygen_test 1024 r"
++"libica_keygen_test 2048 r"
++"libica_keygen_test 3072 r"
++"libica_keygen_test 4096 r"
+ "libica_rsa_key_check_test $verbosity"
+ "libica_rsa_test $verbosity"
+
+@@ -57,7 +58,7 @@
+ echo -ne "" &> $out;
+ for (( i=1; i <= ${#testcases[@]}; i++ ))
+ do
+- echo -ne "Running libica test suite (writing to "$out") ... "$i"/"${#testcases[@]}"\r";
+- ./${testcases[i-1]} >> $out 2>&1;
++ ./${testcases[i-1]} 2>&1;
+ done
++./icastats_test 2>&1 || :
+ echo -ne "\n";
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..bb69bc0
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,16 @@
+#!/usr/bin/make -f
+%:
+ dh $@ --with autoreconf
+
+override_dh_auto_configure:
+ dh_auto_configure -- --enable-testcases
+
+override_dh_install:
+ rm debian/tmp/usr/lib/*/libica.a
+ rm debian/tmp/usr/lib/*/libica.la
+ dh_install --list-missing
+
+ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
+override_dh_auto_test:
+ cd src/tests && LD_LIBRARY_PATH=$(CURDIR)/src/.libs PATH=$(CURDIR)/src:$$PATH ./suite.run silent
+endif
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..163aaf8
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/debian/watch b/debian/watch
new file mode 100644
index 0000000..a93a4bc
--- /dev/null
+++ b/debian/watch
@@ -0,0 +1,2 @@
+version=3
+http://sf.net/opencryptoki/libica-(.+)\.tgz