#
# spec file for package libxcrypt
#
# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via https://bugs.opensuse.org/
#


%define sover   1
%define lname   libcrypt%{sover}
Name:           libxcrypt
Version:        4.4.38
Release:        1.2
Summary:        Extended crypt library for DES, MD5, Blowfish and others
License:        BSD-2-Clause AND GPL-3.0-or-later AND LGPL-2.1-or-later AND BSD-3-Clause AND SUSE-Public-Domain
Group:          Development/Libraries/C and C++
URL:            https://github.com/besser82/libxcrypt
Source0:        https://github.com/besser82/libxcrypt/releases/download/v%{version}/%{name}-%{version}.tar.xz
Source1:        https://github.com/besser82/libxcrypt/releases/download/v%{version}/%{name}-%{version}.tar.xz.asc
Source2:        https://github.com/besser82/libxcrypt/releases/download/v%{version}/libxcrypt-gpgkey.asc#/%{name}.keyring
Source3:        baselibs.conf
BuildRequires:  fdupes
BuildRequires:  pkgconfig

# Enable support for livepatching.
%ifarch x86_64
%bcond_without livepatching
%else
%bcond_with livepatching
%endif

%description
libxcrypt is a modern library for one-way hashing of passwords.  It
supports DES, MD5, SHA-2-256, SHA-2-512, and bcrypt-based password
hashes, and provides the traditional Unix 'crypt' and 'crypt_r'
interfaces, as well as a set of extended interfaces pioneered by
Openwall Linux, 'crypt_rn', 'crypt_ra', 'crypt_gensalt',
'crypt_gensalt_rn', and 'crypt_gensalt_ra'.

%package -n %{lname}
Summary:        Extended crypt library for DES, MD5, Blowfish and others
License:        BSD-2-Clause AND LGPL-2.1-or-later AND BSD-3-Clause AND SUSE-Public-Domain
Group:          System/Libraries
# Compatibility provides to help the transition from libowcrypt.so.1
# to libcrypt.so.1, which provides all symbols of the former
%ifarch x86_64 s390x ppc64le aarch64
Provides:       libowcrypt.so.1()(64bit)
Provides:       libowcrypt.so.1(OW_CRYPT_1.0)(64bit)
%endif
%ifarch i586
Provides:       libowcrypt.so.1
Provides:       libowcrypt.so.1(OW_CRYPT_1.0)
%endif

%description -n %{lname}
libxcrypt is a modern library for one-way hashing of passwords.  It
supports DES, MD5, SHA-2-256, SHA-2-512, and bcrypt-based password
hashes, and provides the traditional Unix 'crypt' and 'crypt_r'
interfaces, as well as a set of extended interfaces pioneered by
Openwall Linux, 'crypt_rn', 'crypt_ra', 'crypt_gensalt',
'crypt_gensalt_rn', and 'crypt_gensalt_ra'.

%package devel
Summary:        Development files for %{name}
License:        BSD-2-Clause AND LGPL-2.1-or-later AND BSD-3-Clause AND SUSE-Public-Domain
Group:          Development/Languages/C and C++
Requires:       %{lname} = %{version}
Requires:       pkgconfig >= 0.9.0
Conflicts:      glibc-devel < 2.28
Provides:       glibc-devel:%{_libdir}/libcrypt.so

%description devel
The %{name}-devel package contains libraries and header files for
developing applications that use %{name}.

%package devel-static
Summary:        Static library for -static linking with %{name}
License:        BSD-2-Clause AND GPL-3.0-or-later AND LGPL-2.1-or-later AND BSD-3-Clause AND SUSE-Public-Domain
Group:          Development/Libraries/C and C++
Requires:       %{name}-devel = %{version}
Requires:       glibc-devel-static
Conflicts:      glibc-devel-static < 2.28
Provides:       glibc-devel-static:%{_libdir}/libcrypt.a

%description devel-static
This package contains the libxcrypt static libraries for -static
linking.  You don't need this, unless you link statically, which
is highly discouraged.

%prep
%autosetup -p 1

%build
%global _lto_cflags %_lto_cflags -ffat-lto-objects
%configure			\
  --disable-silent-rules	\
  --enable-shared		\
  --enable-static		\
  --enable-obsolete-api=suse	\
  --enable-hashes=all		\
  --with-pkgconfigdir=%{_libdir}/pkgconfig

%if %{with livepatching}
%make_build CFLAGS="$CFLAGS -fpatchable-function-entry=16,14 -fdump-ipa-clones"
%else
%make_build
%endif

%install

%if %{with livepatching}
%define tar_basename libxcrypt-livepatch-%{version}-%{release}
%define tar_package_name %{tar_basename}.%{_arch}.tar.xz
%define clones_dest_dir %{tar_basename}/%{_arch}

# Ipa-clones are files generated by gcc which logs changes made across
# functions, and we need to know such changes to build livepatches
# correctly. These files are intended to be used by the livepatch
# developers and may be retrieved by using `osc getbinaries`.
#
# Create ipa-clones destination folder and move clones there.
mkdir -p ipa-clones/%{clones_dest_dir}
find . -name "*.ipa-clones" ! -empty \
       -exec cp -t ipa-clones/%{clones_dest_dir} --parents {} +

# Create tarball with ipa-clones.
tar -cJf %{tar_package_name} -C ipa-clones \
    --owner root --group root --sort name %{tar_basename}

# Copy tarball to the OTHER folder to store it as artifact.
cp %{tar_package_name} %{_topdir}/OTHER
%endif

%make_install
rm -v %{buildroot}%{_libdir}/*.la
%fdupes -s %{buildroot}%{_mandir}

%check
%make_build check || \
  {
    rc=$?;
    echo "-----BEGIN TESTLOG-----";
    cat test-suite.log;
    echo "-----END TESTLOG-----";
    exit $rc;
  }

%ldconfig_scriptlets -n %{lname}

%files -n %{lname}
%license COPYING.LIB LICENSING
%doc AUTHORS NEWS THANKS
%{_libdir}/*.so.*

%files devel
%doc TODO
%{_libdir}/*.so
%{_includedir}/*.h
%{_libdir}/pkgconfig/*.pc
%{_mandir}/man?/*%{?ext_man}

%files devel-static
%{_libdir}/*.a

%changelog
* Tue Jan 14 2025 Lucas Mulling <lucas.mulling@suse.com>
- Update to 4.4.38
  * Fix several "-Wunterminated-string-initialization", which are seen by
    upcoming GCC 15.x (issue #194).
  * Fix "-Wmaybe-uninitialized" in crypt.c, which is seen by GCC 13.3.0.
  * Skip test/explicit-bzero if compiling with ASAN.
  * Drop hard requirement for the pkg-config binary (issue #198).
- Use %%ldconfig_scriptlets
* Thu Jan  2 2025 Lucas Mulling <lucas.mulling@suse.com>
- Update to 4.4.37
  * Several fixes to the manpages (issue #185).
  * Only test the needed makecontext signature during configure (issue #178).
  * Fix -Werror=strict-overflow in lib/crypt-bcrypt.c, which is seen by GCC
    4.8.5 (issue #197).
- Symlink duplicated manpages
* Mon Jul 17 2023 Andreas Schwab <schwab@suse.de>
- Update to 4.4.36
  * Fix left over bits failing with Perl v5.38.0
* Sat Jul  1 2023 Dirk Müller <dmueller@suse.com>
- update to 4.4.35:
  * Fix build with Perl v5.38.0 (issue #170).
  * Fix build with MinGW-w(32|64).
* Thu Jun  1 2023 Andreas Schwab <schwab@suse.de>
- Update to 4.4.34
  * Optimize some cast operation for performance in
    lib/alg-yescrypt-platform.c.
  * Add SHA-2 Maj() optimization proposed by Wei Dai in lib/alg-sha512.c.
  * Explicitly clean the stack and context state after computation in
    lib/alg-gost3411-2012-hmac.c, lib/alg-hmac-sha1.c, and lib/alg-sha256.c
    (issue #168).
* Thu Mar 23 2023 Martin Liška <mliska@suse.cz>
- Enable LTO now (boo#1138833) and use FAT LTO objects for static libs.
* Fri Mar 10 2023 Giuliano Belinassi <giuliano.belinassi@suse.com>
- Enable livepatching support on x86_64.
* Wed Nov 30 2022 Andreas Schwab <schwab@suse.de>
- Update to 4.4.33
  * Fix variable name in crypt(3) for a datamember of 'struct crypt_data'
  * Fix -Werror=strict-overflow in lib/crypt-des.c, which is seen
    by GCC 12.x
  * Add some SHA-2 Maj() optimization in lib/alg-sha256.c
  * Fix -Werror=conversion in lib/alg-yescrypt-opt.c
  * Improvements to huge page handling in lib/alg-yescrypt-platform.c
  * Fix -Werror=sign-conversion in lib/alg-yescrypt-platform.c
* Sun Apr 10 2022 Dirk Müller <dmueller@suse.com>
- update to 4.4.28:
  No changes whatsoever.
* Mon Dec 20 2021 Dirk Müller <dmueller@suse.com>
- update to 4.4.27:
  * Limit the maximum amount of rbytes to 64 bytes (512 bits) for yescrypt,
    gost-yescrypt, and scrypt
* Sun Nov 28 2021 Andreas Stieger <andreas.stieger@gmx.de>
- update to 4.4.26:
  * fix compilation on system with gcc >= 10 that do not support
    declarations with __attribute__((symver))
- switch to bootstrapped tarball, add upstream signing key and
  verify source signature
* Wed Aug 18 2021 Andreas Schwab <schwab@suse.de>
- Update to 4.4.25
  * Fix several issues found by Covscan in the testsuite.  These include:
  - CWE-170: String not null terminated (STRING_NULL)
  - CWE-188: Reliance on integer endianness (INCOMPATIBLE_CAST)
  - CWE-190: Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)
  - CWE-569: Wrong sizeof argument (SIZEOF_MISMATCH)
  - CWE-573: Missing varargs init or cleanup (VARARGS)
  - CWE-687: Argument cannot be negative (NEGATIVE_RETURNS)
  * Stricter checking of invalid salt characters (issue #135).
* Thu Jun 24 2021 Paolo Stivanin <info@paolostivanin.com>
- Update to 4.4.23
  * Fix output calculation for gensalt_yescrypt_rn().
  * Fix -Werror=conversion in lib/crypt-des-obsolete.c,
    test/des-obsolete.c, and test/des-obsolete_r.c.
  * The crypt_checksalt() function has been fixed to correctly return
    with 'CRYPT_SALT_INVALID', in case the setting, that is passed
    to be checked, represents an empty passphrase or an uncomputed
    setting for descrypt without any salt characters.
  * The crypt_checksalt() function will now return the value
    'CRYPT_SALT_METHOD_LEGACY' in case the setting, that is passed
    to be checked, uses a hashing method, which is considered to be
    too weak for use with new passphrases.
  * Fix build when the CFLAGS variable, that is passed into the
    configure script, has a leading whitespace character in it
    (issue #123).
* Tue Apr 13 2021 Paolo Stivanin <info@paolostivanin.com>
- Update to 4.4.19
  * Improve fallback implementation of explicit_bzero.
  * Add glibc-on-CSKY, ARC, and RISCV-32 entries to libcrypt.minver.
    These were added in GNU libc 2.29, 2.32, and 2.33 respectively
  * Do not build xcrypt.h if we’re not going to install it.
  * Do not apply --enable-obsolete-api-enosys mode to fcrypt.
  * Compilation fix for NetBSD.  NetBSD’s <unistd.h> declares encrypt
    and setkey to return int, contrary to POSIX (which says they return
    void).  Rename those declarations out of the way with macros.
  * Compilation fixes for building with GCC 11.
    Basically fixes for explicit type-casting.
  * Force update of existing symlinks during installation
* Mon Feb 22 2021 Andreas Schwab <schwab@suse.de>
- Update to version 4.4.18
  * Fix conversion error in lib/alg-gost3411-core.c
* Tue Sep  1 2020 Andreas Schwab <schwab@suse.de>
- Add compatibility provides for SLE15
- Update to version 4.4.17
  * Salt string compatibility with generic implementations
* Mon Mar  2 2020 Andreas Schwab <schwab@suse.de>
- Update to version 4.4.15
  * The compatibility symbols crypt_gensalt_r, xcrypt, xcrypt_r,
    xcrypt_gensalt, and xcrypt_gensalt_r are deprecated further
  * Speed up ka-sunmd5 by skipping most of the test phrases
- Package README.md and TODO.md (bsc#1165389)
* Thu Jan 30 2020 Andreas Schwab <schwab@suse.de>
- Update to version 4.4.12
  * Another fix for GCC v10.x, which occurs on s390 architectures only.
* Wed Jan 22 2020 Andreas Schwab <schwab@suse.de>
- Update to version 4.4.11
  * Fixes for GCC v10.x
  * Change how the known-answer tests are parallelized
- gcc10.patch: remove
* Thu Dec 12 2019 Andreas Schwab <schwab@suse.de>
- gcc10.patch: fix build with gcc10 (bsc#1158192)
* Sat Dec  7 2019 Andreas Schwab <schwab@suse.de>
- Update to version 4.4.10
  * Fix alignment problem for GOST 34.11 (Streebog) in gost-yestcrypt.
  * The crypt_* functions will now all fail and set errno to ERANGE if
    their 'phrase' argument is longer than CRYPT_MAX_PASSPHRASE_SIZE
    characters (this is currently 512)
  * The NT hashing method no longer truncates passphrases at 128
    characters; Windows does not do this.
- format-overflow.patch: remove
* Thu Jun 20 2019 Martin Liška <mliska@suse.cz>
- Disable LTO due to symbol versioning (boo#1138833).
* Tue Feb 19 2019 schwab@suse.de
- format-overflow.patch: Fix -Werror=format-overflow
* Thu Feb 14 2019 Martin Liška <mliska@suse.cz>
- Update to version 4.4.3:
  * Add libxcrypt.so, libxcrypt.a and xcrypt.h.
  * Add new man3 manual pages.
* Tue Oct  9 2018 schwab@suse.de
- Set compatibility level to suse
* Wed Aug  8 2018 schwab@suse.de
- Add conflicts with glibc-devel < 2.28
* Mon Aug  6 2018 jengelh@inai.de
- Fix RPM groups for Factory.
* Wed Aug  1 2018 schwab@suse.de
- Update to libxcrypt 4.1.0
  * Fix spelling of SUSE.
  * Lower the minimum required automake version to 1.14.
  * Fix build with USE_SWAPCONTEXT turned off.
  * Extend --enable-weak-hashes configure option to accept optional
    "glibc" parameter.
  * Fix the leak of obtained random bytes.
  * Check expected output strings for deterministic methods.
  * Fix memory leak in crypt_sha1_rn.
  * Fix read of random bytes out of bounds in gensalt_sha1_rn.
  * Make it possible to disable individual hashes at configure time.
  * Make salt validation pickier.
  * Replace crypt-sunmd5.c with BSD-licensed cleanroom reimplementation.
  * Make crypt_gensalt for $sha1 deterministic.
  * Fix incorrect output-size computation in crypt_sha1_rn.
  * Add docs for SHA1, MD5/Sun, NTHASH.
  * Introduce CRYPT_GENSALT_IMPLEMENTS_* feature test macros.
  * Install libcrypt.pc symlink along with libxcrypt.pc.
  * Extend --enable-obsolete-api configure option.
  * Extend overall test coverage.
* Wed May 23 2018 schwab@suse.de
- Update to libxcrypt 4.0.1
* Wed May  9 2018 schwab@suse.de
- ABI compatible replacement for libcypt from glibc