add fixes from further testing

packages/aws-lc-fips/aws-lc-fips.spec

@@ -8,11 +8,16 @@ URL: https://github.com/aws/aws-lc
 Source0: https://github.com/aws/aws-lc/archive/AWS-LC-FIPS-%{version}/aws-lc-AWS-LC-FIPS-%{version}.tar.gz
 
 BuildRequires: %{_cross_os}glibc-devel
+BuildRequires: %{_cross_os}libstdc++
 
 Requires: %{_cross_os}glibc
+Requires: %{_cross_os}libstdc++
 
 %description
-%{summary}.
+AWS-LC is a general-purpose cryptographic library maintained by the
+AWS Cryptography team for AWS and their customers. It іs based on code
+from the Google BoringSSL project and the OpenSSL project. This version
+includes FIPS support.
 
 %package devel
 Summary: Development files for %{name}
@@ -60,8 +65,8 @@ rm -rf %{buildroot}%{_cross_libdir}/ssl/cmake
 
 %files
 %{_cross_attribution_file}
-%{_cross_libdir}/libcrypto.so.*
-%{_cross_libdir}/libssl.so.*
+%{_cross_libdir}/libcrypto.so*
+%{_cross_libdir}/libssl.so*
 %{_cross_bindir}/bssl
 %{_cross_bindir}/openssl
 

packages/cryptsetup/Cargo.toml

@@ -17,9 +17,9 @@ force-upstream = true
 
 [build-dependencies]
 glibc = { path = "../glibc" }
-device-mapper = { path = "../device-mapper" }
 json-c = { path = "../json-c" }
 util-linux = { path = "../util-linux" }
+device-mapper = { path = "../device-mapper" }
 libpopt = { path = "../libpopt" }
-systemd = { path = "../systemd" }
 aws-lc-fips = { path = "../aws-lc-fips" }
+libargon2 = { path = "../libargon2" }

packages/cryptsetup/cryptsetup.spec

@@ -18,6 +18,7 @@ BuildRequires: %{_cross_os}kernel-6.1-devel
 BuildRequires: %{_cross_os}libblkid-devel
 BuildRequires: %{_cross_os}systemd-devel
 BuildRequires: %{_cross_os}aws-lc-fips-devel
+BuildRequires: %{_cross_os}libargon2-devel
 
 Requires: %{_cross_os}libdevmapper
 Requires: %{_cross_os}libjson-c
@@ -26,13 +27,15 @@ Requires: %{_cross_os}libuuid
 Requires: %{_cross_os}libpopt
 Requires: %{_cross_os}systemd
 Requires: %{_cross_os}aws-lc-fips
+Requires: %{_cross_os}libargon2
 
 %description
 %{summary}.
 
 %package devel
 Summary: Development files for cryptsetup
 Requires: %{name}
+Requires: %{_cross_os}libargon2-devel
 
 %description devel
 The %{name}-devel package contains libraries and header files for
@@ -45,11 +48,10 @@ developing applications that use %{name}.
 %cross_configure \
     --disable-asciidoc \
     --disable-ssh-token \
-    --disable-internal-argon2 \
-    --disable-internal-sse-argon2 \
+    --enable-libargon2 \
     --disable-pwquality \
-    --enable-static \
-    --enable-cryptsetup \
+    --disable-static \
+    --disable-cryptsetup \
     --disable-veritysetup \
     --disable-integritysetup \
     --disable-nls \
@@ -67,14 +69,12 @@ rm -rf %{buildroot}%{_cross_libdir}/tmpfiles.d/cryptsetup.conf
 
 %files
 %license COPYING COPYING.LGPL
-%{_cross_sbindir}/cryptsetup
 %{_cross_libdir}/libcryptsetup.so.*
+%{_cross_libdir}/libcryptsetup.so
 %{_cross_attribution_file}
 %exclude %{_cross_mandir}
 
 %files devel
-%{_cross_libdir}/libcryptsetup.so
-%{_cross_libdir}/libcryptsetup.a
 %{_cross_libdir}/pkgconfig/libcryptsetup.pc
 %{_cross_includedir}/libcryptsetup.h
 

packages/device-mapper/device-mapper.spec

@@ -54,9 +54,9 @@ This package contains the device-mapper shared library, libdevmapper.
   --with-device-mode=0660 \
   --enable-pkgconfig \
   --enable-udev_sync \
-  --enable-dmeventd \
+  --disable-dmeventd \
   --disable-readline \
-  --disable-selinux \
+  --enable-selinux \
   --disable-cache_check_needs_check \
   --disable-lvmpolld \
   --disable-lvmlockd \
@@ -99,26 +99,20 @@ make install_device-mapper DESTDIR=%{buildroot} INSTALL="/usr/bin/install -p"
 # Remove unpackaged files
 rm -f %{buildroot}%{_cross_sbindir}/blkdeactivate
 rm -f %{buildroot}%{_cross_sbindir}/dmstats
+rm -rf %{buildroot}%{_cross_datadir}/man
 
 # Only install dmsetup related files
 install -d %{buildroot}%{_cross_sbindir}
 install -p -m 0755 libdm/dm-tools/dmsetup %{buildroot}%{_cross_sbindir}/dmsetup
-install -p -m 0755 daemons/dmeventd/dmeventd %{buildroot}%{_cross_sbindir}/dmeventd
 install -d %{buildroot}%{_cross_libdir}
 
 # Device mapper library
 install -p -m 0755 libdm/ioctl/libdevmapper.so.1.02 %{buildroot}%{_cross_libdir}/
 ln -s libdevmapper.so.1.02 %{buildroot}%{_cross_libdir}/libdevmapper.so.1
 ln -sf libdevmapper.so.1 %{buildroot}%{_cross_libdir}/libdevmapper.so
 
-# Device mapper event library
-install -p -m 0755 daemons/dmeventd/libdevmapper-event.so.1.02 %{buildroot}%{_cross_libdir}/
-ln -s libdevmapper-event.so.1.02 %{buildroot}%{_cross_libdir}/libdevmapper-event.so.1
-ln -sf libdevmapper-event.so.1 %{buildroot}%{_cross_libdir}/libdevmapper-event.so
-
 install -d %{buildroot}%{_cross_includedir}
 install -p -m 0644 libdm/libdevmapper.h %{buildroot}%{_cross_includedir}/
-install -p -m 0644 daemons/dmeventd/libdevmapper-event.h %{buildroot}%{_cross_includedir}/
 install -d %{buildroot}%{_cross_prefix}/lib/udev/rules.d
 install -p -m 0644 udev/10-dm.rules %{buildroot}%{_cross_prefix}/lib/udev/rules.d/
 install -p -m 0644 udev/13-dm-disk.rules %{buildroot}%{_cross_prefix}/lib/udev/rules.d/
@@ -127,16 +121,13 @@ install -p -m 0644 udev/95-dm-notify.rules %{buildroot}%{_cross_prefix}/lib/udev
 %files
 %license COPYING COPYING.LIB
 %{_cross_sbindir}/dmsetup
-%{_cross_sbindir}/dmeventd
 %{_cross_prefix}/lib/udev/rules.d/10-dm.rules
 %{_cross_prefix}/lib/udev/rules.d/13-dm-disk.rules
 %{_cross_prefix}/lib/udev/rules.d/95-dm-notify.rules
-%exclude %{_cross_mandir}
 
 %files -n %{_cross_os}libdevmapper
 %license COPYING COPYING.LIB
 %{_cross_libdir}/libdevmapper.so.*
-%{_cross_libdir}/libdevmapper-event.so.*
 
 %package -n %{_cross_os}libdevmapper-devel
 Summary: Development libraries and headers for device-mapper
@@ -148,10 +139,7 @@ the device-mapper libraries.
 
 %files -n %{_cross_os}libdevmapper-devel
 %{_cross_libdir}/libdevmapper.so
-%{_cross_libdir}/libdevmapper-event.so
 %{_cross_includedir}/libdevmapper.h
-%{_cross_includedir}/libdevmapper-event.h
-%{_cross_pkgconfigdir}/devmapper-event.pc
 %{_cross_pkgconfigdir}/devmapper.pc
 
 

packages/libargon2/Cargo.toml

@@ -0,0 +1,18 @@
+[package]
+name = "libargon2"
+version = "0.1.0"
+edition = "2021"
+publish = false
+build = "../build.rs"
+
+[lib]
+path = "../packages.rs"
+
+[package.metadata.build-package]
+package-name = "libargon2"
+releases-url = "https://github.com/P-H-C/phc-winner-argon2/releases/download"
+
+[[package.metadata.build-package.external-files]]
+url = "https://github.com/P-H-C/phc-winner-argon2/archive/refs/tags/20190702.tar.gz"
+sha512 = "0a4cb89e8e63399f7df069e2862ccd05308b7652bf4ab74372842f66bcc60776399e0eaf979a7b7e31436b5e6913fe5b0a6949549d8c82ebd06e0629b106e85f"
+force-upstream = true 

packages/libargon2/libargon2.spec

@@ -0,0 +1,84 @@
+%global debug_package %{nil}
+
+Name: %{_cross_os}libargon2
+Version: 20190702
+Release: 1%{?dist}
+Summary: The password-hashing library
+License: CC0-1.0 OR Apache-2.0
+URL: https://github.com/P-H-C/phc-winner-argon2
+Source0: %{url}/archive/%{version}.tar.gz
+
+BuildRequires: %{_cross_os}glibc-devel
+Requires: %{_cross_os}glibc
+
+%global soname 1
+
+%description
+Argon2 is a password-hashing function that summarizes the state of the art
+in the design of memory-hard functions and can be used to hash passwords
+for credential storage, key derivation, or other applications.
+
+It has three variants:
+* Argon2d: Faster and uses data-depending memory access
+* Argon2i: Uses data-independent memory access
+* Argon2id: Hybrid of Argon2i and Argon2d
+
+%package devel
+Summary: Development files for Argon2 password hashing library
+Requires: %{name}
+
+%description devel
+Development files for the Argon2 password hashing library.
+
+%prep
+%autosetup -n phc-winner-argon2-%{version}
+
+# Verify soname version
+if ! grep -q 'ABI_VERSION = %{soname}' Makefile; then
+    echo "Error: soname version mismatch"
+    grep ABI_VERSION Makefile
+    exit 1
+fi
+
+# Fix pkgconfig file
+sed -e 's:lib/@HOST_MULTIARCH@:%{_lib}:;s/@UPSTREAM_VER@/%{version}/' -i libargon2.pc.in
+
+%build
+%set_cross_build_flags
+
+# Modify Makefile to use proper flags and paths
+sed -e '/^CFLAGS/s:^CFLAGS:LDFLAGS=%{_cross_ldflags}\nCFLAGS:' \
+    -e 's:-O3 -Wall:%{_cross_cflags}:' \
+    -e '/^LIBRARY_REL/s:lib:%{_lib}:' \
+    -e 's:-march=\$(OPTTARGET) :${CFLAGS} :' \
+    -e 's:CFLAGS += -march=\$(OPTTARGET)::' \
+    -i Makefile
+
+make -j1 PREFIX=%{_cross_prefix} \
+    CC=%{_cross_target}-gcc \
+    OPTTARGET=none \
+    LIBRARY_REL=lib
+
+%install
+make install DESTDIR=%{buildroot} \
+    PREFIX=%{_cross_prefix} \
+    LIBRARY_REL=lib
+
+rm %{buildroot}%{_cross_bindir}/argon2
+rm %{buildroot}%{_cross_libdir}/libargon2.a
+# Fix permissions
+chmod -x %{buildroot}%{_cross_includedir}/argon2.h
+find %{buildroot}%{_cross_libdir} -name "libargon2.so" -type f -exec chmod +x {} \;
+
+%files
+%license LICENSE
+%{_cross_attribution_file}
+%{_cross_libdir}/libargon2.so
+%{_cross_libdir}/libargon2.so.%{soname}
+
+%files devel
+%doc README.md CHANGELOG.md
+%{_cross_includedir}/argon2.h
+%{_cross_pkgconfigdir}/libargon2.pc
+
+%changelog 

packages/systemd/9015-fix-openssl-error-format-strings.patch

@@ -0,0 +1,49 @@
+diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c
+index f63cd9b..cb794c9 100644
+--- a/src/resolve/resolved-dns-dnssec.c
++++ b/src/resolve/resolved-dns-dnssec.c
+@@ -149,7 +149,7 @@ static int dnssec_rsa_verify_raw(
+         r = EVP_PKEY_verify(ctx, signature, signature_size, data, data_size);
+         if (r < 0)
+                 return log_debug_errno(SYNTHETIC_ERRNO(EIO),
+-                                       "Signature verification failed: 0x%lx", ERR_get_error());
++                                       "Signature verification failed: 0x%u", ERR_get_error());
+
+ #  pragma GCC diagnostic pop
+ #else
+@@ -336,7 +336,7 @@ static int dnssec_ecdsa_verify_raw(
+
+         if (EC_KEY_set_public_key(eckey, p) <= 0)
+                 return log_debug_errno(SYNTHETIC_ERRNO(EIO),
+-                                       "EC_POINT_bn2point failed: 0x%lx", ERR_get_error());
++                                       "EC_POINT_bn2point failed: 0x%u", ERR_get_error());
+
+         assert(EC_KEY_check_key(eckey) == 1);
+
+@@ -361,7 +361,7 @@ static int dnssec_ecdsa_verify_raw(
+         k = ECDSA_do_verify(data, data_size, sig, eckey);
+         if (k < 0)
+                 return log_debug_errno(SYNTHETIC_ERRNO(EIO),
+-                                       "Signature verification failed: 0x%lx", ERR_get_error());
++                                       "Signature verification failed: 0x%u", ERR_get_error());
+
+ #  pragma GCC diagnostic pop
+ #else
+@@ -512,7 +512,7 @@ static int dnssec_eddsa_verify_raw(
+         evkey = EVP_PKEY_new_raw_public_key(EVP_PKEY_ED25519, NULL, key, key_size);
+         if (!evkey)
+                 return log_debug_errno(SYNTHETIC_ERRNO(EIO),
+-                                       "EVP_PKEY_new_raw_public_key failed: 0x%lx", ERR_get_error());
++                                       "EVP_PKEY_new_raw_public_key failed: 0x%u", ERR_get_error());
+
+         pctx = EVP_PKEY_CTX_new(evkey, NULL);
+         if (!pctx)
+@@ -532,7 +532,7 @@ static int dnssec_eddsa_verify_raw(
+         r = EVP_DigestVerify(ctx, signature, signature_size, data, data_size);
+         if (r < 0)
+                 return log_debug_errno(SYNTHETIC_ERRNO(EIO),
+-                                       "Signature verification failed: 0x%lx", ERR_get_error());
++                                       "Signature verification failed: 0x%u", ERR_get_error());
+
+         return r;
+