I've noticed that v2.2.3 is obviously a bugfix-only release:
...
93a12d3 (tag: v2.2.3) Update to version 2.2.3
6563dd2 use correct libica for ibmca_mechaList_test
e91e179 PKEY: Fix usage of ECX keys
fae4490 (tag: v2.2.2) Update to version 2.2.2
...
and according to the FFe definition, bugfix-only updates might be acceptable,
so I will follow that route.
I've created such a package:
openssl-ibmca (2.2.3-0ubuntu1) jammy; urgency=medium
* New upstream release. LP: #1967141
* The difference between 2.2.2 and 2.2.3 includes just these two fixes:
- "PKEY: Fix usage of ECX keys"
- "use correct libica for ibmca_mechaList_test"
Rather than adding these as quilt patches, raising the package to the
bugfix-only version that incl. them is preferable.
* For "PKEY: Fix usage of ECX keys" a backport of
"Fix compilation for OpenSSL 3.0" was needed:
d/p/e59cce5-Fix-compilation-for-OpenSSL-3.0.patch
* For convenience reasons a generated sample config is now included in
the package, but also the optional configuration generator Perl script
'ibmca-engine-opensslconfig'.
It built fine locally (on s390x - it's an s390x-only package).
PPA:
============================================================================
Testsuite summary for openssl-ibmca 2.2.3
============================================================================
# TOTAL: 34
# PASS: 26
# SKIP: 8
# XFAIL: 0
# FAIL: 0
# XPASS: 0
# ERROR: 0
============================================================================
(Two more tests are (auto-)skipped, because the builder does not have access to the s390x crypto hardware.
(The other skipped tests are skipped by upstream, since they are known to cause issues on openssl 3 systems).
On top I installed, tested ad verified the package on an s390x system:
$ uname -a
Linux s1lp15 5.15.0-23-generic #23-Ubuntu SMP Fri Mar 11 14:53:58 UTC 2022 s390x s390x s390x GNU/Linux
$ apt-cache policy openssl-ibmca
openssl-ibmca:
Installed: 2.2.3-0ubuntu1
Candidate: 2.2.3-0ubuntu1
Version table:
*** 2.2.3-0ubuntu1 100
100 /var/lib/dpkg/status
2.2.2-0ubuntu1 500
500 http://ports.ubuntu.com/ubuntu-ports jammy/universe s390x Packages
I've noticed that v2.2.3 is obviously a bugfix-only release: _test
...
93a12d3 (tag: v2.2.3) Update to version 2.2.3
6563dd2 use correct libica for ibmca_mechaList
e91e179 PKEY: Fix usage of ECX keys
fae4490 (tag: v2.2.2) Update to version 2.2.2
...
and according to the FFe definition, bugfix-only updates might be acceptable,
so I will follow that route.
I've created such a package: _test" e59cce5- Fix-compilation -for-OpenSSL- 3.0.patch engine- opensslconfig' .
openssl-ibmca (2.2.3-0ubuntu1) jammy; urgency=medium
* New upstream release. LP: #1967141
* The difference between 2.2.2 and 2.2.3 includes just these two fixes:
- "PKEY: Fix usage of ECX keys"
- "use correct libica for ibmca_mechaList
Rather than adding these as quilt patches, raising the package to the
bugfix-only version that incl. them is preferable.
* For "PKEY: Fix usage of ECX keys" a backport of
"Fix compilation for OpenSSL 3.0" was needed:
d/p/
* For convenience reasons a generated sample config is now included in
the package, but also the optional configuration generator Perl script
'ibmca-
It built fine locally (on s390x - it's an s390x-only package).
In addition I've did a PPA build of this package which is available here: /launchpad. net/~fheimes/ +archive/ ubuntu/ lp1967141
https:/
The build includes a run of the test suite:
local build: ======= ======= ======= ======= ======= ======= ======= ======= ======= ====== ======= ======= ======= ======= ======= ======= ======= ======= ======= ====== ======= ======= ======= ======= ======= ======= ======= ======= ======= ======
=======
Testsuite summary for openssl-ibmca 2.2.3
=======
# TOTAL: 34
# PASS: 28
# SKIP: 6
# XFAIL: 0
# FAIL: 0
# XPASS: 0
# ERROR: 0
=======
PPA: ======= ======= ======= ======= ======= ======= ======= ======= ======= ====== ======= ======= ======= ======= ======= ======= ======= ======= ======= ====== ======= ======= ======= ======= ======= ======= ======= ======= ======= ======
=======
Testsuite summary for openssl-ibmca 2.2.3
=======
# TOTAL: 34
# PASS: 26
# SKIP: 8
# XFAIL: 0
# FAIL: 0
# XPASS: 0
# ERROR: 0
=======
(Two more tests are (auto-)skipped, because the builder does not have access to the s390x crypto hardware.
(The other skipped tests are skipped by upstream, since they are known to cause issues on openssl 3 systems).
On top I installed, tested ad verified the package on an s390x system: dpkg/status ports.ubuntu. com/ubuntu- ports jammy/universe s390x Packages
$ uname -a
Linux s1lp15 5.15.0-23-generic #23-Ubuntu SMP Fri Mar 11 14:53:58 UTC 2022 s390x s390x s390x GNU/Linux
$ apt-cache policy openssl-ibmca
openssl-ibmca:
Installed: 2.2.3-0ubuntu1
Candidate: 2.2.3-0ubuntu1
Version table:
*** 2.2.3-0ubuntu1 100
100 /var/lib/
2.2.2-0ubuntu1 500
500 http://
And I can confirm that sshd does NOT core dump.