diff --git a/openssl-3.changes b/openssl-3.changes
index 8f48fed..4267466 100644
--- a/openssl-3.changes
+++ b/openssl-3.changes
@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Mon Dec 23 20:14:08 UTC 2024 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Add support for userspace livepatching on ppc64le (jsc#PED-11850).
+- Use gcc-13 for ppc64le.
+
+-------------------------------------------------------------------
+Tue Dec 17 12:42:19 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
+
+- Fix evp_properties section in the openssl.cnf file [bsc#1234647]
+  * Rebase patches:
+    - openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
+    - openssl-TESTS-Disable-default-provider-crypto-policies.patch
+
 -------------------------------------------------------------------
 Tue Nov 12 15:46:20 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
 
diff --git a/openssl-3.spec b/openssl-3.spec
index d604d98..054b34c 100644
--- a/openssl-3.spec
+++ b/openssl-3.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package openssl-3
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -146,13 +146,20 @@ Patch65:        openssl-3-fix-sha3-squeeze-ppc64.patch
 Patch66:        openssl-3-fix-quic_multistream_test.patch
 
 BuildRequires:  pkgconfig
-%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1550
+
+# ulp-macros is available according to SUSE version.
+%ifarch x86_64
+%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1540
 BuildRequires:  ulp-macros
-%else
-# Define ulp-macros macros as empty
-%define cflags_livepatching ""
-%define pack_ipa_dumps      echo "Livepatching is disabled in this build"
 %endif
+%endif
+%ifarch ppc64le
+%if 0%{?sle_version} >= 150700 || 0%{?suse_version} >= 1570
+BuildRequires:  gcc13
+BuildRequires:  ulp-macros
+%endif
+%endif
+
 BuildRequires:  pkgconfig
 BuildRequires:  pkgconfig(zlib)
 Requires:       libopenssl3 = %{version}-%{release}
@@ -246,6 +253,14 @@ export MACHINE=armv5el
 export MACHINE=armv6l
 %endif
 
+# In ppc64le we need gcc-13 for userspace livepatching until we have the
+# required -fpatchable-functions-entry patch merged into the mainline
+%ifarch ppc64le
+%if 0%{?sle_version} >= 150700 || 0%{?suse_version} >= 1570
+export CC=gcc-13
+export CXX=g++-13
+%endif
+%endif
 ./Configure \
     enable-camellia \
 %ifarch x86_64 aarch64 ppc64le
@@ -264,7 +279,7 @@ export MACHINE=armv6l
     --libdir=%{_lib} \
     --openssldir=%{ssletcdir} \
     %{optflags} \
-    %{cflags_livepatching} \
+    %{?cflags_livepatching} \
     -Wa,--noexecstack \
     -Wl,-z,relro,-z,now \
     -fno-common \
@@ -324,7 +339,7 @@ gcc -o showciphers %{optflags} -I%{buildroot}%{_includedir} %{SOURCE5} -L%{build
 LD_LIBRARY_PATH=%{buildroot}%{_libdir} ./showciphers
 
 %install
-%{pack_ipa_dumps}
+%{?pack_ipa_dumps}
 %make_install %{?_smp_mflags} MANSUFFIX=%{man_suffix}
 
 rename so.%{sover} so.%{version} %{buildroot}%{_libdir}/*.so.%{sover}
diff --git a/openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch b/openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
index ae72609..ab6ed6d 100644
--- a/openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
+++ b/openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
@@ -322,12 +322,13 @@ Index: openssl-3.2.3/apps/openssl.cnf
 ===================================================================
 --- openssl-3.2.3.orig/apps/openssl.cnf
 +++ openssl-3.2.3/apps/openssl.cnf
-@@ -52,6 +52,11 @@ tsa_policy3 = 1.2.3.4.5.7
+@@ -52,6 +52,12 @@ tsa_policy3 = 1.2.3.4.5.7
  
  [openssl_init]
  providers = provider_sect
 +# Load default TLS policy configuration
 +ssl_conf = ssl_module
++alg_section = evp_properties
 +
 +[ evp_properties ]
 +# This section is intentionally added empty here to be tuned on particular systems
diff --git a/openssl-TESTS-Disable-default-provider-crypto-policies.patch b/openssl-TESTS-Disable-default-provider-crypto-policies.patch
index de884ed..6a011f0 100644
--- a/openssl-TESTS-Disable-default-provider-crypto-policies.patch
+++ b/openssl-TESTS-Disable-default-provider-crypto-policies.patch
@@ -2,16 +2,18 @@ Index: openssl-3.2.3/apps/openssl.cnf
 ===================================================================
 --- openssl-3.2.3.orig/apps/openssl.cnf
 +++ openssl-3.2.3/apps/openssl.cnf
-@@ -45,7 +45,7 @@ tsa_policy3 = 1.2.3.4.5.7
+@@ -45,8 +45,8 @@ tsa_policy3 = 1.2.3.4.5.7
  [openssl_init]
  providers = provider_sect
  # Load default TLS policy configuration
 -ssl_conf = ssl_module
+-alg_section = evp_properties
 +##ssl_conf = ssl_module
++##alg_section = evp_properties
  
  [ evp_properties ]
  # This section is intentionally added empty here to be tuned on particular systems
-@@ -60,20 +60,20 @@ ssl_conf = ssl_module
+@@ -61,20 +61,20 @@ alg_section = evp_properties
  # to side-channel attacks and as such have been deprecated.
  
  [provider_sect]