2024-04-04 07:23:49 +02:00
|
|
|
-------------------------------------------------------------------
|
Accepting request 1168592 from home:ngueorguiev:branches:security:tls
- Amended the .spec file
- Changed the package names
+-------------+---------------------------------+--------------------------+
| Flavor | Package name | Note |
+-------------+---------------------------------+--------------------------+
| '' | openssl-ibmca | Both engine and provider |
| openssl1_1 | openssl1_1-ibmca | openssl1 flavor |
| engine | openssl-ibmca-engine | Only engine |
| provider | openssl-ibmca-provider | Only provider |
+-------------+---------------------------------+--------------------------+
- Applied a patch for openssl1_1 (bsc#1221627)
* openssl1-rename-libica-files.patch
- Re-implemented flavors (openssl3, engine, provider) (bsc#1221627)
+------------+---------------------------------+--------------------------+
| Flavor | Package name | Note |
+------------+---------------------------------+--------------------------+
| '' | openssl-ibmca | openssl1 flavor |
| engine | openssl3-ibmca-engine | Only engine |
| provider | openssl3-ibmca-provider | Only provider |
| openssl3 | openssl3-ibmca | Both engine and provider |
+------------+---------------------------------+--------------------------+
- Changing/editing 'dynamic_path' after the installation on the target system
* From /usr/lib64/ossl-modules to /usr/lib64/engines-3 in
/usr/share/doc/packages/openssl3-ibmca/ibmca-engine-opensslconfig
for openssl3 flavor
- Amended the .spec file (bsc#1221627)
* Removed the flavors
* Removed 'muiltibuild' environment
* Removed the 'provider' logic
- Updated the .spec file (bsc#1218933, bsc#1221627)
* Amended the .spec file to use modulesdir variable
- Implemented _multibuild environment (openssl1, engine, provider)
- Added a flag and logic for provider in the .spec file
* When provider is set to 1, it 'configures' the provider
* When provider is set to 0, it 'configures' the engine
- Removed an obsolete patch (implemented in the version 2.4.1)
* openssl-ibmca-engine-noregister.patch
- Upgrade to version 2.4.1 (jsc#PED-5422)
* Provider: Change the default log directory to /tmp
* Bug fixes
- Updated the .spec file, amended to use libica4 instead of libica
* Requires: libica4 >= 4
- Updated the .spec file
* uses a flag openssl3 (1 or 0) to include or not the openssl3 libraries
- Updated the .spec file as follow:
* BuildRequires: libica-devel >= 4.0.0
* BuildRequires: libica-tools >= 4.0.0
- Added dependency on libica4 (bsc#1209038)
* BuildRequires and Requires statements in .spec file for libica4
- Applies a patch (bsc#1210359)
* openssl-ibmca-engine-noregister.patch
- Updated the '#dynamic_path' line, as it was before, with the comment '#'.
- Upgraded openssl-ibmca to version 2.4.0 (bsc#1210059)
* openssl-ibmca 2.4.0
- Provider: Adjustments for OpenSSL versions 3.1 and 3.2
- Provider: Support RSA blinding
- Provider: Constant-time fixes for RSA PKCS#1 v1.5 and OAEP padding
- Provider: Support "implicit rejection" option for RSA PKCS#1 v1.5 padding
- Provider: Adjustments in OpenSSL config generator and example configs
- Engine: EC: Cache ICA key in EC_KEY object (performance improvement)
- Engine: Enable RSA blinding
- Updated .spec file removed '#' from the line containing
'sed -e 's/^dynamic_path/#dynamic_path/' (bsc#1209038)
- Added in %files
* /usr/lib64/engines-3/ibmca-provider.la
* /usr/lib64/engines-3/ibmca-provider.so
- Upgraded to version 2.3.1 (jsc#PED-597)
* openssl-ibmca 2.3.1
- Adjustments for libica 4.1.0
* openssl-ibmca 2.3.0
- First version including the provider
- Fix for engine build without OpenSSL 3.0 sources
* openssl-ibmca 2.2.3
- Fix PKEY segfault with OpenSSL 3.0
* openssl-ibmca 2.2.2
- Fix tests with OpenSSL 3.0
- Build against libica 4.0
- Removed a Requires for libica from the specfile.
- Removed the obsolete baselibs.conf file
- Completely revamped the postinstall scriptlet so that it doesn't
need to know or care about how many lines are in either
/etc/ssl/openssl.cnf, or the sample file at
/usr/share/doc/packages/openssl-ibmca/openssl.cnf.sample
We're now using the ".include" directive for the openssl.cnf
file, and only modifying that file the minimum necessary to
implement the change. (bsc#1004463)
- Upgraded to version 2.2.1 (jsc#SLE-18333)
* openssl-ibmca 2.2.1
Bug fixes
* openssl-ibmca 2.2.0
Implement fallbacks based on OpenSSL
Disable software fallbacks from libica
Allow to specify default library (libica vs. libica-cex) to use
Provide "libica" engine ctrl to switch library at load time
Update README.md
Remove libica link dependency
Generate sample configuration files from system configuration
Restructure registration global data
* openssl-ibmca 2.1.3
Bug fix
* openssl-ibmca 2.1.2
Bug fixes
- Modified spec file to
* Define a global variable enginesdir the same was as IBM does
instead of _ENGINE_DIR as we had been doing.
* Implemented %make_build macro according to spec-cleaner
* Changed the package description to match IBM's.
* Removed the redundant "autoreconf --force --install"
- Upgrade to version 2.1.1 (jsc#SLE-13709)
* Bug fixes
- Upgrade to version 2.1.0 (jsc#SLE-7852, jsc#SLE-7882)
Add MSA9 CPACF support for X25519, X448, Ed25519 and Ed448
- Upgraded to version 2.0.3 (jsc#SLE-6123, jsc#SLE-6424)
* openssl-ibmca 2.0.3
Add MSA9 CPACF support for ECDSA sign/verify
- Dropped obsolete openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
- Changed the ExclusiveArch directive to include s390x only.
- The code in e_ibmca.c does a dlopen for libica.so.3, instead of
linking against the shared library. As a result, if the package
containing libica.so.3 isn't installed, problems occur. Added
a "Requires: libica3" to the spec file to fix this. (bsc#1142286)
- Made a couple of changes to the spec file based on the output
from spec-cleaner.
- Added openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
An Apache HTTP Server was set up with mod_ssl and the openssl
ibmca engine using libica and a CEX6A card. Whenever a worker
process is cleaned up a segmentation fault occurs.
(bsc#1138517)
- Upgraded to version 2.0.2 (Fate#325688)
* openssl-ibmca 2.0.2
Fix doing rsa-me, altough rsa-crt would be possible.
- Upgraded to version 2.0.1 (Fate#325688)
* openssl-ibmca 2.0.1
Dont fail when a libica symbol cannot be resolved.
- Made multiple changes to the spec file based on spec-cleaner output.
- Upgraded to version 2.0.0 (Fate#325688)
* openssl-ibmca 2.0.0
Add ECC support.
Add check and distcheck make-targets.
Project cleanup, code was broken into multiple files and coding style cleanup.
Improvements to compat macros for openssl.
Don't disable libica sw fallbacks.
Fix dlclose logic.
* openssl-ibmca 1.4.1
Fix structure size for aes-256-ecb/cbc/cfb/ofb
Update man page
Switch to ibmca.so filename to allow standalone use
Switch off Libica fallback mode if available
Make sure ibmca_init only runs once
Provide simple macro for DEBUG_PRINTF possibility
Cleanup and slight rework of function set_supported_meths
- Did some cleanup to the spec file, based on spec-cleanup.
- Removed the following obsolete patches:
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Added the following patches for bsc#1097463
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Upgraded to version 1.4.0
* Re-license to Apache License v2.0
* Fix aes_gcm initialization.
* Update man page.
* Add macros for OpenSSL 0.9.8 compat.
* Remove AC_FUNC_MALLOC from configure.ac
* Add compat macro for OpenSSL 1.0.1e-fips.
* Setting 'foreign' strictness for automake.
* Add AES-GCM support.
* Rework EVP_aes macros.
* Remove dependency of old local OpenSSL headers.
* Fix engine initialization to set function pointers only once.
* Remove blank COPYING and NEWS files.
* Remove INSTALL and move its content to README.md
* Update README.md file to make use of markdown.
* Rename README file to README.md to use markdown
* Add CONTRIBUTING guidelines.
* Adding coding style documentation.
* Enable EVP_MD_FLAG_FIPS flag for SHA-*.
* Initialize rsa_keygen in RSA_METHOD for openssl < 1.1.0
* Fix SHA512 EVP digest struct to use
EVP_MD_FLAG_PKEY_METHOD_SIGNATURE when using OpenSSL 1.0
* Fix wrong parenthesis
* convert libica loading to dlopen() and friends
* Add support to DSO on new API of OpenSSL-1.1.0
- Removed obsolete openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch
- Added BuildRequires for autoconf, automake, and libtool.
- Updated BuildRequires for libica-devel to be >= 3.1.1
- Now that the openSSL engines directory is versioned:
* Modified the spec file to query the libcrypto package
for which directory to install the engine into.
* Removed openssl-ibmca-fix-enginepath.patch. Replaced it
with a sed command so that it will provide the correct
versioned engines directory
- Removed openssl-ibmca-configure.patch. It doesn't seem to
be needed any longer.
- Added openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch (bsc#1032113)
- Added libica-tools to the BuildRequires due to repackaging of libica.
- Renamed BuildRequires from libica2-devel to libica-devel for the
same reason.
- Tweaked a comment to get rid of an rpmlint warning message.
- fixed ssl configuration merging (bsc#1004463)
- openssl-ibmca-fix-enginepath.patch: fix the engine path
- Use macro for configure (fate#319941)
- Use url for source
- Enable parallel building
- Cleanup spec file with spec-cleaner
- Upgraded to version 1.3.0 (fate#319941)
- Updated openssl-ibmca-configure.patch to apply cleanly
- Removed obsolete patches
- openssl-ibmca-README.patch
- openssl-ibmca-sha256-digest-length.patch
- openssl-pkey.patch
- openssl-des-ede.patch
- Did some spec file cleanup.
- Fixed %post script to update library path (the only dynamic part
of the ibmca configuration) every time the package is installed.
(bsc#966139)
- Updated AUTHORS, INSTALL, and README (bsc#942839)
- %post and %postun added to properly update openssl.cnf (bsc#942839)
- Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138)
- Remove dependency on fillup anf insserv; the package provides
neither sysconfig file nor sysvinit script
- Remove depreciated AUTHORS section
- Use %configure macro
- Add openssl-ibmca-configure.patch
- the openssl engines moved to /%_lib/engines bnc#905480
- Forced requirement of libica-2_3_0 (bnc#890824)
- openssl-des-ede.patch: fixed a crash during benchmark (bnc#879922)
- openssl-pkey.patch: defer HMAC signing to pkey framework, fixes
fips self-test during EC key creation (bnc#879922)
- spec file cleaned up a bit
- openssl-ibmca-sha256-digest-length.patch: SHA256: Fixed message
digest length definition in sha256 template (bnc#868275)
- update to 1.2.0
- removed patches:
ibmca-configure.patch
ibmca-segfault.fix.patch
ibmca-sw-fix.patch
openssl-ibmca-1.0.0.rc2-memset-fix.patch
- make it exclusivearch for s390/s390x as the required libica
is only available for s390/s390x
- Made required libica-2_1_0 s390 specific
- Added x86_64 to ExclusiveArch as %ix86 doesn't do it
- Removed libica requirement - allowing build process to find it
- Added COPYING to %files
- Requiring libica 2.1.0 or greater
- enable ppc64le
- fix build (add autoconf automake libtool to BuildRequires)
- disable libtool --finish call
- own engines directory
- package baselibs.conf
- obsolete old -XXbit packages (bnc#437293)
- added baselibs.conf file to build xxbit packages
for multilib support
- added fixes by IBM (bug #243801):
ibmca-segfault.fix: rewrite ibmca_mod_expto remove improper use of BIGNUM
object
ibmca-sw-fix: rewrite ibmca_mod_exp_crtto remove improper use of BIGNUM
object
openssl-ibmca-1.0.0.rc2-memset-fix.patch: fix memory initialization problem
- updated README (bug #185508)
- Fixed configure.in to build correctly
- Fixed spec file
- Initial version from Mike Halcrow
OBS-URL: https://build.opensuse.org/request/show/1168592
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=68
2024-04-17 16:35:05 +02:00
|
|
|
Wed Apr 17 14:04:14 UTC 2024 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
|
2024-04-17 14:50:11 +02:00
|
|
|
|
|
|
|
|
- Amended the .spec file
|
|
|
|
|
- Changed the package names
|
Accepting request 1168592 from home:ngueorguiev:branches:security:tls
- Amended the .spec file
- Changed the package names
+-------------+---------------------------------+--------------------------+
| Flavor | Package name | Note |
+-------------+---------------------------------+--------------------------+
| '' | openssl-ibmca | Both engine and provider |
| openssl1_1 | openssl1_1-ibmca | openssl1 flavor |
| engine | openssl-ibmca-engine | Only engine |
| provider | openssl-ibmca-provider | Only provider |
+-------------+---------------------------------+--------------------------+
- Applied a patch for openssl1_1 (bsc#1221627)
* openssl1-rename-libica-files.patch
- Re-implemented flavors (openssl3, engine, provider) (bsc#1221627)
+------------+---------------------------------+--------------------------+
| Flavor | Package name | Note |
+------------+---------------------------------+--------------------------+
| '' | openssl-ibmca | openssl1 flavor |
| engine | openssl3-ibmca-engine | Only engine |
| provider | openssl3-ibmca-provider | Only provider |
| openssl3 | openssl3-ibmca | Both engine and provider |
+------------+---------------------------------+--------------------------+
- Changing/editing 'dynamic_path' after the installation on the target system
* From /usr/lib64/ossl-modules to /usr/lib64/engines-3 in
/usr/share/doc/packages/openssl3-ibmca/ibmca-engine-opensslconfig
for openssl3 flavor
- Amended the .spec file (bsc#1221627)
* Removed the flavors
* Removed 'muiltibuild' environment
* Removed the 'provider' logic
- Updated the .spec file (bsc#1218933, bsc#1221627)
* Amended the .spec file to use modulesdir variable
- Implemented _multibuild environment (openssl1, engine, provider)
- Added a flag and logic for provider in the .spec file
* When provider is set to 1, it 'configures' the provider
* When provider is set to 0, it 'configures' the engine
- Removed an obsolete patch (implemented in the version 2.4.1)
* openssl-ibmca-engine-noregister.patch
- Upgrade to version 2.4.1 (jsc#PED-5422)
* Provider: Change the default log directory to /tmp
* Bug fixes
- Updated the .spec file, amended to use libica4 instead of libica
* Requires: libica4 >= 4
- Updated the .spec file
* uses a flag openssl3 (1 or 0) to include or not the openssl3 libraries
- Updated the .spec file as follow:
* BuildRequires: libica-devel >= 4.0.0
* BuildRequires: libica-tools >= 4.0.0
- Added dependency on libica4 (bsc#1209038)
* BuildRequires and Requires statements in .spec file for libica4
- Applies a patch (bsc#1210359)
* openssl-ibmca-engine-noregister.patch
- Updated the '#dynamic_path' line, as it was before, with the comment '#'.
- Upgraded openssl-ibmca to version 2.4.0 (bsc#1210059)
* openssl-ibmca 2.4.0
- Provider: Adjustments for OpenSSL versions 3.1 and 3.2
- Provider: Support RSA blinding
- Provider: Constant-time fixes for RSA PKCS#1 v1.5 and OAEP padding
- Provider: Support "implicit rejection" option for RSA PKCS#1 v1.5 padding
- Provider: Adjustments in OpenSSL config generator and example configs
- Engine: EC: Cache ICA key in EC_KEY object (performance improvement)
- Engine: Enable RSA blinding
- Updated .spec file removed '#' from the line containing
'sed -e 's/^dynamic_path/#dynamic_path/' (bsc#1209038)
- Added in %files
* /usr/lib64/engines-3/ibmca-provider.la
* /usr/lib64/engines-3/ibmca-provider.so
- Upgraded to version 2.3.1 (jsc#PED-597)
* openssl-ibmca 2.3.1
- Adjustments for libica 4.1.0
* openssl-ibmca 2.3.0
- First version including the provider
- Fix for engine build without OpenSSL 3.0 sources
* openssl-ibmca 2.2.3
- Fix PKEY segfault with OpenSSL 3.0
* openssl-ibmca 2.2.2
- Fix tests with OpenSSL 3.0
- Build against libica 4.0
- Removed a Requires for libica from the specfile.
- Removed the obsolete baselibs.conf file
- Completely revamped the postinstall scriptlet so that it doesn't
need to know or care about how many lines are in either
/etc/ssl/openssl.cnf, or the sample file at
/usr/share/doc/packages/openssl-ibmca/openssl.cnf.sample
We're now using the ".include" directive for the openssl.cnf
file, and only modifying that file the minimum necessary to
implement the change. (bsc#1004463)
- Upgraded to version 2.2.1 (jsc#SLE-18333)
* openssl-ibmca 2.2.1
Bug fixes
* openssl-ibmca 2.2.0
Implement fallbacks based on OpenSSL
Disable software fallbacks from libica
Allow to specify default library (libica vs. libica-cex) to use
Provide "libica" engine ctrl to switch library at load time
Update README.md
Remove libica link dependency
Generate sample configuration files from system configuration
Restructure registration global data
* openssl-ibmca 2.1.3
Bug fix
* openssl-ibmca 2.1.2
Bug fixes
- Modified spec file to
* Define a global variable enginesdir the same was as IBM does
instead of _ENGINE_DIR as we had been doing.
* Implemented %make_build macro according to spec-cleaner
* Changed the package description to match IBM's.
* Removed the redundant "autoreconf --force --install"
- Upgrade to version 2.1.1 (jsc#SLE-13709)
* Bug fixes
- Upgrade to version 2.1.0 (jsc#SLE-7852, jsc#SLE-7882)
Add MSA9 CPACF support for X25519, X448, Ed25519 and Ed448
- Upgraded to version 2.0.3 (jsc#SLE-6123, jsc#SLE-6424)
* openssl-ibmca 2.0.3
Add MSA9 CPACF support for ECDSA sign/verify
- Dropped obsolete openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
- Changed the ExclusiveArch directive to include s390x only.
- The code in e_ibmca.c does a dlopen for libica.so.3, instead of
linking against the shared library. As a result, if the package
containing libica.so.3 isn't installed, problems occur. Added
a "Requires: libica3" to the spec file to fix this. (bsc#1142286)
- Made a couple of changes to the spec file based on the output
from spec-cleaner.
- Added openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
An Apache HTTP Server was set up with mod_ssl and the openssl
ibmca engine using libica and a CEX6A card. Whenever a worker
process is cleaned up a segmentation fault occurs.
(bsc#1138517)
- Upgraded to version 2.0.2 (Fate#325688)
* openssl-ibmca 2.0.2
Fix doing rsa-me, altough rsa-crt would be possible.
- Upgraded to version 2.0.1 (Fate#325688)
* openssl-ibmca 2.0.1
Dont fail when a libica symbol cannot be resolved.
- Made multiple changes to the spec file based on spec-cleaner output.
- Upgraded to version 2.0.0 (Fate#325688)
* openssl-ibmca 2.0.0
Add ECC support.
Add check and distcheck make-targets.
Project cleanup, code was broken into multiple files and coding style cleanup.
Improvements to compat macros for openssl.
Don't disable libica sw fallbacks.
Fix dlclose logic.
* openssl-ibmca 1.4.1
Fix structure size for aes-256-ecb/cbc/cfb/ofb
Update man page
Switch to ibmca.so filename to allow standalone use
Switch off Libica fallback mode if available
Make sure ibmca_init only runs once
Provide simple macro for DEBUG_PRINTF possibility
Cleanup and slight rework of function set_supported_meths
- Did some cleanup to the spec file, based on spec-cleanup.
- Removed the following obsolete patches:
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Added the following patches for bsc#1097463
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Upgraded to version 1.4.0
* Re-license to Apache License v2.0
* Fix aes_gcm initialization.
* Update man page.
* Add macros for OpenSSL 0.9.8 compat.
* Remove AC_FUNC_MALLOC from configure.ac
* Add compat macro for OpenSSL 1.0.1e-fips.
* Setting 'foreign' strictness for automake.
* Add AES-GCM support.
* Rework EVP_aes macros.
* Remove dependency of old local OpenSSL headers.
* Fix engine initialization to set function pointers only once.
* Remove blank COPYING and NEWS files.
* Remove INSTALL and move its content to README.md
* Update README.md file to make use of markdown.
* Rename README file to README.md to use markdown
* Add CONTRIBUTING guidelines.
* Adding coding style documentation.
* Enable EVP_MD_FLAG_FIPS flag for SHA-*.
* Initialize rsa_keygen in RSA_METHOD for openssl < 1.1.0
* Fix SHA512 EVP digest struct to use
EVP_MD_FLAG_PKEY_METHOD_SIGNATURE when using OpenSSL 1.0
* Fix wrong parenthesis
* convert libica loading to dlopen() and friends
* Add support to DSO on new API of OpenSSL-1.1.0
- Removed obsolete openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch
- Added BuildRequires for autoconf, automake, and libtool.
- Updated BuildRequires for libica-devel to be >= 3.1.1
- Now that the openSSL engines directory is versioned:
* Modified the spec file to query the libcrypto package
for which directory to install the engine into.
* Removed openssl-ibmca-fix-enginepath.patch. Replaced it
with a sed command so that it will provide the correct
versioned engines directory
- Removed openssl-ibmca-configure.patch. It doesn't seem to
be needed any longer.
- Added openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch (bsc#1032113)
- Added libica-tools to the BuildRequires due to repackaging of libica.
- Renamed BuildRequires from libica2-devel to libica-devel for the
same reason.
- Tweaked a comment to get rid of an rpmlint warning message.
- fixed ssl configuration merging (bsc#1004463)
- openssl-ibmca-fix-enginepath.patch: fix the engine path
- Use macro for configure (fate#319941)
- Use url for source
- Enable parallel building
- Cleanup spec file with spec-cleaner
- Upgraded to version 1.3.0 (fate#319941)
- Updated openssl-ibmca-configure.patch to apply cleanly
- Removed obsolete patches
- openssl-ibmca-README.patch
- openssl-ibmca-sha256-digest-length.patch
- openssl-pkey.patch
- openssl-des-ede.patch
- Did some spec file cleanup.
- Fixed %post script to update library path (the only dynamic part
of the ibmca configuration) every time the package is installed.
(bsc#966139)
- Updated AUTHORS, INSTALL, and README (bsc#942839)
- %post and %postun added to properly update openssl.cnf (bsc#942839)
- Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138)
- Remove dependency on fillup anf insserv; the package provides
neither sysconfig file nor sysvinit script
- Remove depreciated AUTHORS section
- Use %configure macro
- Add openssl-ibmca-configure.patch
- the openssl engines moved to /%_lib/engines bnc#905480
- Forced requirement of libica-2_3_0 (bnc#890824)
- openssl-des-ede.patch: fixed a crash during benchmark (bnc#879922)
- openssl-pkey.patch: defer HMAC signing to pkey framework, fixes
fips self-test during EC key creation (bnc#879922)
- spec file cleaned up a bit
- openssl-ibmca-sha256-digest-length.patch: SHA256: Fixed message
digest length definition in sha256 template (bnc#868275)
- update to 1.2.0
- removed patches:
ibmca-configure.patch
ibmca-segfault.fix.patch
ibmca-sw-fix.patch
openssl-ibmca-1.0.0.rc2-memset-fix.patch
- make it exclusivearch for s390/s390x as the required libica
is only available for s390/s390x
- Made required libica-2_1_0 s390 specific
- Added x86_64 to ExclusiveArch as %ix86 doesn't do it
- Removed libica requirement - allowing build process to find it
- Added COPYING to %files
- Requiring libica 2.1.0 or greater
- enable ppc64le
- fix build (add autoconf automake libtool to BuildRequires)
- disable libtool --finish call
- own engines directory
- package baselibs.conf
- obsolete old -XXbit packages (bnc#437293)
- added baselibs.conf file to build xxbit packages
for multilib support
- added fixes by IBM (bug #243801):
ibmca-segfault.fix: rewrite ibmca_mod_expto remove improper use of BIGNUM
object
ibmca-sw-fix: rewrite ibmca_mod_exp_crtto remove improper use of BIGNUM
object
openssl-ibmca-1.0.0.rc2-memset-fix.patch: fix memory initialization problem
- updated README (bug #185508)
- Fixed configure.in to build correctly
- Fixed spec file
- Initial version from Mike Halcrow
OBS-URL: https://build.opensuse.org/request/show/1168592
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=68
2024-04-17 16:35:05 +02:00
|
|
|
+-------------+---------------------------------+--------------------------+
|
|
|
|
|
| Flavor | Package name | Note |
|
|
|
|
|
+-------------+---------------------------------+--------------------------+
|
|
|
|
|
| '' | openssl-ibmca | Both engine and provider |
|
|
|
|
|
| openssl1_1 | openssl1_1-ibmca | openssl1 flavor |
|
|
|
|
|
| engine | openssl-ibmca-engine | Only engine |
|
|
|
|
|
| provider | openssl-ibmca-provider | Only provider |
|
|
|
|
|
+-------------+---------------------------------+--------------------------+
|
2024-04-17 14:50:11 +02:00
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Apr 17 08:41:08 UTC 2024 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
|
|
|
|
|
|
|
|
|
|
- Applied a patch for openssl1_1 (bsc#1221627)
|
|
|
|
|
* openssl1-rename-libica-files.patch
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
Accepting request 1166481 from home:ngueorguiev:branches:security:tls
- Re-implemented flavors (openssl3, engine, provider) (bsc#1221627)
+------------+---------------------------------+--------------------------+
| Flavor | Package name | Note |
+------------+---------------------------------+--------------------------+
| '' | openssl-ibmca | openssl1 flavor |
| engine | openssl3-ibmca-engine | Only engine |
| provider | openssl3-ibmca-provider | Only provider |
| openssl3 | openssl3-ibmca | Both engine and provider |
+------------+---------------------------------+--------------------------+
- Changing/editing 'dynamic_path' after the installation on the target system
* From /usr/lib64/ossl-modules to /usr/lib64/engines-3 in
/usr/share/doc/packages/openssl3-ibmca/ibmca-engine-opensslconfig
for openssl3 flavor
- Amended the .spec file (bsc#1221627)
* Removed the flavors
* Removed 'muiltibuild' environment
* Removed the 'provider' logic
- Updated the .spec file (bsc#1218933, bsc#1221627)
* Amended the .spec file to use modulesdir variable
- Implemented _multibuild environment (openssl1, engine, provider)
- Added a flag and logic for provider in the .spec file
* When provider is set to 1, it 'configures' the provider
* When provider is set to 0, it 'configures' the engine
- Removed an obsolete patch (implemented in the version 2.4.1)
* openssl-ibmca-engine-noregister.patch
- Upgrade to version 2.4.1 (jsc#PED-5422)
* Provider: Change the default log directory to /tmp
* Bug fixes
- Updated the .spec file, amended to use libica4 instead of libica
* Requires: libica4 >= 4
- Updated the .spec file
* uses a flag openssl3 (1 or 0) to include or not the openssl3 libraries
- Updated the .spec file as follow:
* BuildRequires: libica-devel >= 4.0.0
* BuildRequires: libica-tools >= 4.0.0
- Added dependency on libica4 (bsc#1209038)
* BuildRequires and Requires statements in .spec file for libica4
- Applies a patch (bsc#1210359)
* openssl-ibmca-engine-noregister.patch
- Updated the '#dynamic_path' line, as it was before, with the comment '#'.
- Upgraded openssl-ibmca to version 2.4.0 (bsc#1210059)
* openssl-ibmca 2.4.0
- Provider: Adjustments for OpenSSL versions 3.1 and 3.2
- Provider: Support RSA blinding
- Provider: Constant-time fixes for RSA PKCS#1 v1.5 and OAEP padding
- Provider: Support "implicit rejection" option for RSA PKCS#1 v1.5 padding
- Provider: Adjustments in OpenSSL config generator and example configs
- Engine: EC: Cache ICA key in EC_KEY object (performance improvement)
- Engine: Enable RSA blinding
- Updated .spec file removed '#' from the line containing
'sed -e 's/^dynamic_path/#dynamic_path/' (bsc#1209038)
- Added in %files
* /usr/lib64/engines-3/ibmca-provider.la
* /usr/lib64/engines-3/ibmca-provider.so
- Upgraded to version 2.3.1 (jsc#PED-597)
* openssl-ibmca 2.3.1
- Adjustments for libica 4.1.0
* openssl-ibmca 2.3.0
- First version including the provider
- Fix for engine build without OpenSSL 3.0 sources
* openssl-ibmca 2.2.3
- Fix PKEY segfault with OpenSSL 3.0
* openssl-ibmca 2.2.2
- Fix tests with OpenSSL 3.0
- Build against libica 4.0
- Removed a Requires for libica from the specfile.
- Removed the obsolete baselibs.conf file
- Completely revamped the postinstall scriptlet so that it doesn't
need to know or care about how many lines are in either
/etc/ssl/openssl.cnf, or the sample file at
/usr/share/doc/packages/openssl-ibmca/openssl.cnf.sample
We're now using the ".include" directive for the openssl.cnf
file, and only modifying that file the minimum necessary to
implement the change. (bsc#1004463)
- Upgraded to version 2.2.1 (jsc#SLE-18333)
* openssl-ibmca 2.2.1
Bug fixes
* openssl-ibmca 2.2.0
Implement fallbacks based on OpenSSL
Disable software fallbacks from libica
Allow to specify default library (libica vs. libica-cex) to use
Provide "libica" engine ctrl to switch library at load time
Update README.md
Remove libica link dependency
Generate sample configuration files from system configuration
Restructure registration global data
* openssl-ibmca 2.1.3
Bug fix
* openssl-ibmca 2.1.2
Bug fixes
- Modified spec file to
* Define a global variable enginesdir the same was as IBM does
instead of _ENGINE_DIR as we had been doing.
* Implemented %make_build macro according to spec-cleaner
* Changed the package description to match IBM's.
* Removed the redundant "autoreconf --force --install"
- Upgrade to version 2.1.1 (jsc#SLE-13709)
* Bug fixes
- Upgrade to version 2.1.0 (jsc#SLE-7852, jsc#SLE-7882)
Add MSA9 CPACF support for X25519, X448, Ed25519 and Ed448
- Upgraded to version 2.0.3 (jsc#SLE-6123, jsc#SLE-6424)
* openssl-ibmca 2.0.3
Add MSA9 CPACF support for ECDSA sign/verify
- Dropped obsolete openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
- Changed the ExclusiveArch directive to include s390x only.
- The code in e_ibmca.c does a dlopen for libica.so.3, instead of
linking against the shared library. As a result, if the package
containing libica.so.3 isn't installed, problems occur. Added
a "Requires: libica3" to the spec file to fix this. (bsc#1142286)
- Made a couple of changes to the spec file based on the output
from spec-cleaner.
- Added openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
An Apache HTTP Server was set up with mod_ssl and the openssl
ibmca engine using libica and a CEX6A card. Whenever a worker
process is cleaned up a segmentation fault occurs.
(bsc#1138517)
- Upgraded to version 2.0.2 (Fate#325688)
* openssl-ibmca 2.0.2
Fix doing rsa-me, altough rsa-crt would be possible.
- Upgraded to version 2.0.1 (Fate#325688)
* openssl-ibmca 2.0.1
Dont fail when a libica symbol cannot be resolved.
- Made multiple changes to the spec file based on spec-cleaner output.
- Upgraded to version 2.0.0 (Fate#325688)
* openssl-ibmca 2.0.0
Add ECC support.
Add check and distcheck make-targets.
Project cleanup, code was broken into multiple files and coding style cleanup.
Improvements to compat macros for openssl.
Don't disable libica sw fallbacks.
Fix dlclose logic.
* openssl-ibmca 1.4.1
Fix structure size for aes-256-ecb/cbc/cfb/ofb
Update man page
Switch to ibmca.so filename to allow standalone use
Switch off Libica fallback mode if available
Make sure ibmca_init only runs once
Provide simple macro for DEBUG_PRINTF possibility
Cleanup and slight rework of function set_supported_meths
- Did some cleanup to the spec file, based on spec-cleanup.
- Removed the following obsolete patches:
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Added the following patches for bsc#1097463
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Upgraded to version 1.4.0
* Re-license to Apache License v2.0
* Fix aes_gcm initialization.
* Update man page.
* Add macros for OpenSSL 0.9.8 compat.
* Remove AC_FUNC_MALLOC from configure.ac
* Add compat macro for OpenSSL 1.0.1e-fips.
* Setting 'foreign' strictness for automake.
* Add AES-GCM support.
* Rework EVP_aes macros.
* Remove dependency of old local OpenSSL headers.
* Fix engine initialization to set function pointers only once.
* Remove blank COPYING and NEWS files.
* Remove INSTALL and move its content to README.md
* Update README.md file to make use of markdown.
* Rename README file to README.md to use markdown
* Add CONTRIBUTING guidelines.
* Adding coding style documentation.
* Enable EVP_MD_FLAG_FIPS flag for SHA-*.
* Initialize rsa_keygen in RSA_METHOD for openssl < 1.1.0
* Fix SHA512 EVP digest struct to use
EVP_MD_FLAG_PKEY_METHOD_SIGNATURE when using OpenSSL 1.0
* Fix wrong parenthesis
* convert libica loading to dlopen() and friends
* Add support to DSO on new API of OpenSSL-1.1.0
- Removed obsolete openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch
- Added BuildRequires for autoconf, automake, and libtool.
- Updated BuildRequires for libica-devel to be >= 3.1.1
- Now that the openSSL engines directory is versioned:
* Modified the spec file to query the libcrypto package
for which directory to install the engine into.
* Removed openssl-ibmca-fix-enginepath.patch. Replaced it
with a sed command so that it will provide the correct
versioned engines directory
- Removed openssl-ibmca-configure.patch. It doesn't seem to
be needed any longer.
- Added openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch (bsc#1032113)
- Added libica-tools to the BuildRequires due to repackaging of libica.
- Renamed BuildRequires from libica2-devel to libica-devel for the
same reason.
- Tweaked a comment to get rid of an rpmlint warning message.
- fixed ssl configuration merging (bsc#1004463)
- openssl-ibmca-fix-enginepath.patch: fix the engine path
- Use macro for configure (fate#319941)
- Use url for source
- Enable parallel building
- Cleanup spec file with spec-cleaner
- Upgraded to version 1.3.0 (fate#319941)
- Updated openssl-ibmca-configure.patch to apply cleanly
- Removed obsolete patches
- openssl-ibmca-README.patch
- openssl-ibmca-sha256-digest-length.patch
- openssl-pkey.patch
- openssl-des-ede.patch
- Did some spec file cleanup.
- Fixed %post script to update library path (the only dynamic part
of the ibmca configuration) every time the package is installed.
(bsc#966139)
- Updated AUTHORS, INSTALL, and README (bsc#942839)
- %post and %postun added to properly update openssl.cnf (bsc#942839)
- Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138)
- Remove dependency on fillup anf insserv; the package provides
neither sysconfig file nor sysvinit script
- Remove depreciated AUTHORS section
- Use %configure macro
- Add openssl-ibmca-configure.patch
- the openssl engines moved to /%_lib/engines bnc#905480
- Forced requirement of libica-2_3_0 (bnc#890824)
- openssl-des-ede.patch: fixed a crash during benchmark (bnc#879922)
- openssl-pkey.patch: defer HMAC signing to pkey framework, fixes
fips self-test during EC key creation (bnc#879922)
- spec file cleaned up a bit
- openssl-ibmca-sha256-digest-length.patch: SHA256: Fixed message
digest length definition in sha256 template (bnc#868275)
- update to 1.2.0
- removed patches:
ibmca-configure.patch
ibmca-segfault.fix.patch
ibmca-sw-fix.patch
openssl-ibmca-1.0.0.rc2-memset-fix.patch
- make it exclusivearch for s390/s390x as the required libica
is only available for s390/s390x
- Made required libica-2_1_0 s390 specific
- Added x86_64 to ExclusiveArch as %ix86 doesn't do it
- Removed libica requirement - allowing build process to find it
- Added COPYING to %files
- Requiring libica 2.1.0 or greater
- enable ppc64le
- fix build (add autoconf automake libtool to BuildRequires)
- disable libtool --finish call
- own engines directory
- package baselibs.conf
- obsolete old -XXbit packages (bnc#437293)
- added baselibs.conf file to build xxbit packages
for multilib support
- added fixes by IBM (bug #243801):
ibmca-segfault.fix: rewrite ibmca_mod_expto remove improper use of BIGNUM
object
ibmca-sw-fix: rewrite ibmca_mod_exp_crtto remove improper use of BIGNUM
object
openssl-ibmca-1.0.0.rc2-memset-fix.patch: fix memory initialization problem
- updated README (bug #185508)
- Fixed configure.in to build correctly
- Fixed spec file
- Initial version from Mike Halcrow
OBS-URL: https://build.opensuse.org/request/show/1166481
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=64
2024-04-09 18:08:01 +02:00
|
|
|
Tue Apr 9 14:08:05 UTC 2024 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
|
Accepting request 1165422 from home:ngueorguiev:branches:security:tls
- Changing/editing 'dynamic_path' after the installation on the target system
* From /usr/lib64/ossl-modules to /usr/lib64/engines-3 in
/usr/share/doc/packages/openssl-ibmca/ibmca-engine-opensslconfig
- Amended the .spec file (bsc#1221627)
* Removed the flavors
* Removed 'muiltibuild' environment
* Removed the 'provider' logic
- Updated the .spec file (bsc#1218933, bsc#1221627)
* Amended the .spec file to use modulesdir variable
- Implemented _multibuild environment (openssl1, engine, provider)
- Added a flag and logic for provider in the .spec file
* When provider is set to 1, it 'configures' the provider
* When provider is set to 0, it 'configures' the engine
- Removed an obsolete patch (implemented in the version 2.4.1)
* openssl-ibmca-engine-noregister.patch
- Upgrade to version 2.4.1 (jsc#PED-5422)
* Provider: Change the default log directory to /tmp
* Bug fixes
- Updated the .spec file, amended to use libica4 instead of libica
* Requires: libica4 >= 4
- Updated the .spec file
* uses a flag openssl3 (1 or 0) to include or not the openssl3 libraries
- Updated the .spec file as follow:
* BuildRequires: libica-devel >= 4.0.0
* BuildRequires: libica-tools >= 4.0.0
- Added dependency on libica4 (bsc#1209038)
* BuildRequires and Requires statements in .spec file for libica4
- Applies a patch (bsc#1210359)
* openssl-ibmca-engine-noregister.patch
- Updated the '#dynamic_path' line, as it was before, with the comment '#'.
- Upgraded openssl-ibmca to version 2.4.0 (bsc#1210059)
* openssl-ibmca 2.4.0
- Provider: Adjustments for OpenSSL versions 3.1 and 3.2
- Provider: Support RSA blinding
- Provider: Constant-time fixes for RSA PKCS#1 v1.5 and OAEP padding
- Provider: Support "implicit rejection" option for RSA PKCS#1 v1.5 padding
- Provider: Adjustments in OpenSSL config generator and example configs
- Engine: EC: Cache ICA key in EC_KEY object (performance improvement)
- Engine: Enable RSA blinding
- Updated .spec file removed '#' from the line containing
'sed -e 's/^dynamic_path/#dynamic_path/' (bsc#1209038)
- Added in %files
* /usr/lib64/engines-3/ibmca-provider.la
* /usr/lib64/engines-3/ibmca-provider.so
- Upgraded to version 2.3.1 (jsc#PED-597)
* openssl-ibmca 2.3.1
- Adjustments for libica 4.1.0
* openssl-ibmca 2.3.0
- First version including the provider
- Fix for engine build without OpenSSL 3.0 sources
* openssl-ibmca 2.2.3
- Fix PKEY segfault with OpenSSL 3.0
* openssl-ibmca 2.2.2
- Fix tests with OpenSSL 3.0
- Build against libica 4.0
- Removed a Requires for libica from the specfile.
- Removed the obsolete baselibs.conf file
- Completely revamped the postinstall scriptlet so that it doesn't
need to know or care about how many lines are in either
/etc/ssl/openssl.cnf, or the sample file at
/usr/share/doc/packages/openssl-ibmca/openssl.cnf.sample
We're now using the ".include" directive for the openssl.cnf
file, and only modifying that file the minimum necessary to
implement the change. (bsc#1004463)
- Upgraded to version 2.2.1 (jsc#SLE-18333)
* openssl-ibmca 2.2.1
Bug fixes
* openssl-ibmca 2.2.0
Implement fallbacks based on OpenSSL
Disable software fallbacks from libica
Allow to specify default library (libica vs. libica-cex) to use
Provide "libica" engine ctrl to switch library at load time
Update README.md
Remove libica link dependency
Generate sample configuration files from system configuration
Restructure registration global data
* openssl-ibmca 2.1.3
Bug fix
* openssl-ibmca 2.1.2
Bug fixes
- Modified spec file to
* Define a global variable enginesdir the same was as IBM does
instead of _ENGINE_DIR as we had been doing.
* Implemented %make_build macro according to spec-cleaner
* Changed the package description to match IBM's.
* Removed the redundant "autoreconf --force --install"
- Upgrade to version 2.1.1 (jsc#SLE-13709)
* Bug fixes
- Upgrade to version 2.1.0 (jsc#SLE-7852, jsc#SLE-7882)
Add MSA9 CPACF support for X25519, X448, Ed25519 and Ed448
- Upgraded to version 2.0.3 (jsc#SLE-6123, jsc#SLE-6424)
* openssl-ibmca 2.0.3
Add MSA9 CPACF support for ECDSA sign/verify
- Dropped obsolete openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
- Changed the ExclusiveArch directive to include s390x only.
- The code in e_ibmca.c does a dlopen for libica.so.3, instead of
linking against the shared library. As a result, if the package
containing libica.so.3 isn't installed, problems occur. Added
a "Requires: libica3" to the spec file to fix this. (bsc#1142286)
- Made a couple of changes to the spec file based on the output
from spec-cleaner.
- Added openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
An Apache HTTP Server was set up with mod_ssl and the openssl
ibmca engine using libica and a CEX6A card. Whenever a worker
process is cleaned up a segmentation fault occurs.
(bsc#1138517)
- Upgraded to version 2.0.2 (Fate#325688)
* openssl-ibmca 2.0.2
Fix doing rsa-me, altough rsa-crt would be possible.
- Upgraded to version 2.0.1 (Fate#325688)
* openssl-ibmca 2.0.1
Dont fail when a libica symbol cannot be resolved.
- Made multiple changes to the spec file based on spec-cleaner output.
- Upgraded to version 2.0.0 (Fate#325688)
* openssl-ibmca 2.0.0
Add ECC support.
Add check and distcheck make-targets.
Project cleanup, code was broken into multiple files and coding style cleanup.
Improvements to compat macros for openssl.
Don't disable libica sw fallbacks.
Fix dlclose logic.
* openssl-ibmca 1.4.1
Fix structure size for aes-256-ecb/cbc/cfb/ofb
Update man page
Switch to ibmca.so filename to allow standalone use
Switch off Libica fallback mode if available
Make sure ibmca_init only runs once
Provide simple macro for DEBUG_PRINTF possibility
Cleanup and slight rework of function set_supported_meths
- Did some cleanup to the spec file, based on spec-cleanup.
- Removed the following obsolete patches:
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Added the following patches for bsc#1097463
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Upgraded to version 1.4.0
* Re-license to Apache License v2.0
* Fix aes_gcm initialization.
* Update man page.
* Add macros for OpenSSL 0.9.8 compat.
* Remove AC_FUNC_MALLOC from configure.ac
* Add compat macro for OpenSSL 1.0.1e-fips.
* Setting 'foreign' strictness for automake.
* Add AES-GCM support.
* Rework EVP_aes macros.
* Remove dependency of old local OpenSSL headers.
* Fix engine initialization to set function pointers only once.
* Remove blank COPYING and NEWS files.
* Remove INSTALL and move its content to README.md
* Update README.md file to make use of markdown.
* Rename README file to README.md to use markdown
* Add CONTRIBUTING guidelines.
* Adding coding style documentation.
* Enable EVP_MD_FLAG_FIPS flag for SHA-*.
* Initialize rsa_keygen in RSA_METHOD for openssl < 1.1.0
* Fix SHA512 EVP digest struct to use
EVP_MD_FLAG_PKEY_METHOD_SIGNATURE when using OpenSSL 1.0
* Fix wrong parenthesis
* convert libica loading to dlopen() and friends
* Add support to DSO on new API of OpenSSL-1.1.0
- Removed obsolete openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch
- Added BuildRequires for autoconf, automake, and libtool.
- Updated BuildRequires for libica-devel to be >= 3.1.1
- Now that the openSSL engines directory is versioned:
* Modified the spec file to query the libcrypto package
for which directory to install the engine into.
* Removed openssl-ibmca-fix-enginepath.patch. Replaced it
with a sed command so that it will provide the correct
versioned engines directory
- Removed openssl-ibmca-configure.patch. It doesn't seem to
be needed any longer.
- Added openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch (bsc#1032113)
- Added libica-tools to the BuildRequires due to repackaging of libica.
- Renamed BuildRequires from libica2-devel to libica-devel for the
same reason.
- Tweaked a comment to get rid of an rpmlint warning message.
- fixed ssl configuration merging (bsc#1004463)
- openssl-ibmca-fix-enginepath.patch: fix the engine path
- Use macro for configure (fate#319941)
- Use url for source
- Enable parallel building
- Cleanup spec file with spec-cleaner
- Upgraded to version 1.3.0 (fate#319941)
- Updated openssl-ibmca-configure.patch to apply cleanly
- Removed obsolete patches
- openssl-ibmca-README.patch
- openssl-ibmca-sha256-digest-length.patch
- openssl-pkey.patch
- openssl-des-ede.patch
- Did some spec file cleanup.
- Fixed %post script to update library path (the only dynamic part
of the ibmca configuration) every time the package is installed.
(bsc#966139)
- Updated AUTHORS, INSTALL, and README (bsc#942839)
- %post and %postun added to properly update openssl.cnf (bsc#942839)
- Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138)
- Remove dependency on fillup anf insserv; the package provides
neither sysconfig file nor sysvinit script
- Remove depreciated AUTHORS section
- Use %configure macro
- Add openssl-ibmca-configure.patch
- the openssl engines moved to /%_lib/engines bnc#905480
- Forced requirement of libica-2_3_0 (bnc#890824)
- openssl-des-ede.patch: fixed a crash during benchmark (bnc#879922)
- openssl-pkey.patch: defer HMAC signing to pkey framework, fixes
fips self-test during EC key creation (bnc#879922)
- spec file cleaned up a bit
- openssl-ibmca-sha256-digest-length.patch: SHA256: Fixed message
digest length definition in sha256 template (bnc#868275)
- update to 1.2.0
- removed patches:
ibmca-configure.patch
ibmca-segfault.fix.patch
ibmca-sw-fix.patch
openssl-ibmca-1.0.0.rc2-memset-fix.patch
- make it exclusivearch for s390/s390x as the required libica
is only available for s390/s390x
- Made required libica-2_1_0 s390 specific
- Added x86_64 to ExclusiveArch as %ix86 doesn't do it
- Removed libica requirement - allowing build process to find it
- Added COPYING to %files
- Requiring libica 2.1.0 or greater
- enable ppc64le
- fix build (add autoconf automake libtool to BuildRequires)
- disable libtool --finish call
- own engines directory
- package baselibs.conf
- obsolete old -XXbit packages (bnc#437293)
- added baselibs.conf file to build xxbit packages
for multilib support
- added fixes by IBM (bug #243801):
ibmca-segfault.fix: rewrite ibmca_mod_expto remove improper use of BIGNUM
object
ibmca-sw-fix: rewrite ibmca_mod_exp_crtto remove improper use of BIGNUM
object
openssl-ibmca-1.0.0.rc2-memset-fix.patch: fix memory initialization problem
- updated README (bug #185508)
- Fixed configure.in to build correctly
- Fixed spec file
- Initial version from Mike Halcrow
OBS-URL: https://build.opensuse.org/request/show/1165422
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=63
2024-04-05 08:41:44 +02:00
|
|
|
|
Accepting request 1166481 from home:ngueorguiev:branches:security:tls
- Re-implemented flavors (openssl3, engine, provider) (bsc#1221627)
+------------+---------------------------------+--------------------------+
| Flavor | Package name | Note |
+------------+---------------------------------+--------------------------+
| '' | openssl-ibmca | openssl1 flavor |
| engine | openssl3-ibmca-engine | Only engine |
| provider | openssl3-ibmca-provider | Only provider |
| openssl3 | openssl3-ibmca | Both engine and provider |
+------------+---------------------------------+--------------------------+
- Changing/editing 'dynamic_path' after the installation on the target system
* From /usr/lib64/ossl-modules to /usr/lib64/engines-3 in
/usr/share/doc/packages/openssl3-ibmca/ibmca-engine-opensslconfig
for openssl3 flavor
- Amended the .spec file (bsc#1221627)
* Removed the flavors
* Removed 'muiltibuild' environment
* Removed the 'provider' logic
- Updated the .spec file (bsc#1218933, bsc#1221627)
* Amended the .spec file to use modulesdir variable
- Implemented _multibuild environment (openssl1, engine, provider)
- Added a flag and logic for provider in the .spec file
* When provider is set to 1, it 'configures' the provider
* When provider is set to 0, it 'configures' the engine
- Removed an obsolete patch (implemented in the version 2.4.1)
* openssl-ibmca-engine-noregister.patch
- Upgrade to version 2.4.1 (jsc#PED-5422)
* Provider: Change the default log directory to /tmp
* Bug fixes
- Updated the .spec file, amended to use libica4 instead of libica
* Requires: libica4 >= 4
- Updated the .spec file
* uses a flag openssl3 (1 or 0) to include or not the openssl3 libraries
- Updated the .spec file as follow:
* BuildRequires: libica-devel >= 4.0.0
* BuildRequires: libica-tools >= 4.0.0
- Added dependency on libica4 (bsc#1209038)
* BuildRequires and Requires statements in .spec file for libica4
- Applies a patch (bsc#1210359)
* openssl-ibmca-engine-noregister.patch
- Updated the '#dynamic_path' line, as it was before, with the comment '#'.
- Upgraded openssl-ibmca to version 2.4.0 (bsc#1210059)
* openssl-ibmca 2.4.0
- Provider: Adjustments for OpenSSL versions 3.1 and 3.2
- Provider: Support RSA blinding
- Provider: Constant-time fixes for RSA PKCS#1 v1.5 and OAEP padding
- Provider: Support "implicit rejection" option for RSA PKCS#1 v1.5 padding
- Provider: Adjustments in OpenSSL config generator and example configs
- Engine: EC: Cache ICA key in EC_KEY object (performance improvement)
- Engine: Enable RSA blinding
- Updated .spec file removed '#' from the line containing
'sed -e 's/^dynamic_path/#dynamic_path/' (bsc#1209038)
- Added in %files
* /usr/lib64/engines-3/ibmca-provider.la
* /usr/lib64/engines-3/ibmca-provider.so
- Upgraded to version 2.3.1 (jsc#PED-597)
* openssl-ibmca 2.3.1
- Adjustments for libica 4.1.0
* openssl-ibmca 2.3.0
- First version including the provider
- Fix for engine build without OpenSSL 3.0 sources
* openssl-ibmca 2.2.3
- Fix PKEY segfault with OpenSSL 3.0
* openssl-ibmca 2.2.2
- Fix tests with OpenSSL 3.0
- Build against libica 4.0
- Removed a Requires for libica from the specfile.
- Removed the obsolete baselibs.conf file
- Completely revamped the postinstall scriptlet so that it doesn't
need to know or care about how many lines are in either
/etc/ssl/openssl.cnf, or the sample file at
/usr/share/doc/packages/openssl-ibmca/openssl.cnf.sample
We're now using the ".include" directive for the openssl.cnf
file, and only modifying that file the minimum necessary to
implement the change. (bsc#1004463)
- Upgraded to version 2.2.1 (jsc#SLE-18333)
* openssl-ibmca 2.2.1
Bug fixes
* openssl-ibmca 2.2.0
Implement fallbacks based on OpenSSL
Disable software fallbacks from libica
Allow to specify default library (libica vs. libica-cex) to use
Provide "libica" engine ctrl to switch library at load time
Update README.md
Remove libica link dependency
Generate sample configuration files from system configuration
Restructure registration global data
* openssl-ibmca 2.1.3
Bug fix
* openssl-ibmca 2.1.2
Bug fixes
- Modified spec file to
* Define a global variable enginesdir the same was as IBM does
instead of _ENGINE_DIR as we had been doing.
* Implemented %make_build macro according to spec-cleaner
* Changed the package description to match IBM's.
* Removed the redundant "autoreconf --force --install"
- Upgrade to version 2.1.1 (jsc#SLE-13709)
* Bug fixes
- Upgrade to version 2.1.0 (jsc#SLE-7852, jsc#SLE-7882)
Add MSA9 CPACF support for X25519, X448, Ed25519 and Ed448
- Upgraded to version 2.0.3 (jsc#SLE-6123, jsc#SLE-6424)
* openssl-ibmca 2.0.3
Add MSA9 CPACF support for ECDSA sign/verify
- Dropped obsolete openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
- Changed the ExclusiveArch directive to include s390x only.
- The code in e_ibmca.c does a dlopen for libica.so.3, instead of
linking against the shared library. As a result, if the package
containing libica.so.3 isn't installed, problems occur. Added
a "Requires: libica3" to the spec file to fix this. (bsc#1142286)
- Made a couple of changes to the spec file based on the output
from spec-cleaner.
- Added openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
An Apache HTTP Server was set up with mod_ssl and the openssl
ibmca engine using libica and a CEX6A card. Whenever a worker
process is cleaned up a segmentation fault occurs.
(bsc#1138517)
- Upgraded to version 2.0.2 (Fate#325688)
* openssl-ibmca 2.0.2
Fix doing rsa-me, altough rsa-crt would be possible.
- Upgraded to version 2.0.1 (Fate#325688)
* openssl-ibmca 2.0.1
Dont fail when a libica symbol cannot be resolved.
- Made multiple changes to the spec file based on spec-cleaner output.
- Upgraded to version 2.0.0 (Fate#325688)
* openssl-ibmca 2.0.0
Add ECC support.
Add check and distcheck make-targets.
Project cleanup, code was broken into multiple files and coding style cleanup.
Improvements to compat macros for openssl.
Don't disable libica sw fallbacks.
Fix dlclose logic.
* openssl-ibmca 1.4.1
Fix structure size for aes-256-ecb/cbc/cfb/ofb
Update man page
Switch to ibmca.so filename to allow standalone use
Switch off Libica fallback mode if available
Make sure ibmca_init only runs once
Provide simple macro for DEBUG_PRINTF possibility
Cleanup and slight rework of function set_supported_meths
- Did some cleanup to the spec file, based on spec-cleanup.
- Removed the following obsolete patches:
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Added the following patches for bsc#1097463
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Upgraded to version 1.4.0
* Re-license to Apache License v2.0
* Fix aes_gcm initialization.
* Update man page.
* Add macros for OpenSSL 0.9.8 compat.
* Remove AC_FUNC_MALLOC from configure.ac
* Add compat macro for OpenSSL 1.0.1e-fips.
* Setting 'foreign' strictness for automake.
* Add AES-GCM support.
* Rework EVP_aes macros.
* Remove dependency of old local OpenSSL headers.
* Fix engine initialization to set function pointers only once.
* Remove blank COPYING and NEWS files.
* Remove INSTALL and move its content to README.md
* Update README.md file to make use of markdown.
* Rename README file to README.md to use markdown
* Add CONTRIBUTING guidelines.
* Adding coding style documentation.
* Enable EVP_MD_FLAG_FIPS flag for SHA-*.
* Initialize rsa_keygen in RSA_METHOD for openssl < 1.1.0
* Fix SHA512 EVP digest struct to use
EVP_MD_FLAG_PKEY_METHOD_SIGNATURE when using OpenSSL 1.0
* Fix wrong parenthesis
* convert libica loading to dlopen() and friends
* Add support to DSO on new API of OpenSSL-1.1.0
- Removed obsolete openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch
- Added BuildRequires for autoconf, automake, and libtool.
- Updated BuildRequires for libica-devel to be >= 3.1.1
- Now that the openSSL engines directory is versioned:
* Modified the spec file to query the libcrypto package
for which directory to install the engine into.
* Removed openssl-ibmca-fix-enginepath.patch. Replaced it
with a sed command so that it will provide the correct
versioned engines directory
- Removed openssl-ibmca-configure.patch. It doesn't seem to
be needed any longer.
- Added openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch (bsc#1032113)
- Added libica-tools to the BuildRequires due to repackaging of libica.
- Renamed BuildRequires from libica2-devel to libica-devel for the
same reason.
- Tweaked a comment to get rid of an rpmlint warning message.
- fixed ssl configuration merging (bsc#1004463)
- openssl-ibmca-fix-enginepath.patch: fix the engine path
- Use macro for configure (fate#319941)
- Use url for source
- Enable parallel building
- Cleanup spec file with spec-cleaner
- Upgraded to version 1.3.0 (fate#319941)
- Updated openssl-ibmca-configure.patch to apply cleanly
- Removed obsolete patches
- openssl-ibmca-README.patch
- openssl-ibmca-sha256-digest-length.patch
- openssl-pkey.patch
- openssl-des-ede.patch
- Did some spec file cleanup.
- Fixed %post script to update library path (the only dynamic part
of the ibmca configuration) every time the package is installed.
(bsc#966139)
- Updated AUTHORS, INSTALL, and README (bsc#942839)
- %post and %postun added to properly update openssl.cnf (bsc#942839)
- Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138)
- Remove dependency on fillup anf insserv; the package provides
neither sysconfig file nor sysvinit script
- Remove depreciated AUTHORS section
- Use %configure macro
- Add openssl-ibmca-configure.patch
- the openssl engines moved to /%_lib/engines bnc#905480
- Forced requirement of libica-2_3_0 (bnc#890824)
- openssl-des-ede.patch: fixed a crash during benchmark (bnc#879922)
- openssl-pkey.patch: defer HMAC signing to pkey framework, fixes
fips self-test during EC key creation (bnc#879922)
- spec file cleaned up a bit
- openssl-ibmca-sha256-digest-length.patch: SHA256: Fixed message
digest length definition in sha256 template (bnc#868275)
- update to 1.2.0
- removed patches:
ibmca-configure.patch
ibmca-segfault.fix.patch
ibmca-sw-fix.patch
openssl-ibmca-1.0.0.rc2-memset-fix.patch
- make it exclusivearch for s390/s390x as the required libica
is only available for s390/s390x
- Made required libica-2_1_0 s390 specific
- Added x86_64 to ExclusiveArch as %ix86 doesn't do it
- Removed libica requirement - allowing build process to find it
- Added COPYING to %files
- Requiring libica 2.1.0 or greater
- enable ppc64le
- fix build (add autoconf automake libtool to BuildRequires)
- disable libtool --finish call
- own engines directory
- package baselibs.conf
- obsolete old -XXbit packages (bnc#437293)
- added baselibs.conf file to build xxbit packages
for multilib support
- added fixes by IBM (bug #243801):
ibmca-segfault.fix: rewrite ibmca_mod_expto remove improper use of BIGNUM
object
ibmca-sw-fix: rewrite ibmca_mod_exp_crtto remove improper use of BIGNUM
object
openssl-ibmca-1.0.0.rc2-memset-fix.patch: fix memory initialization problem
- updated README (bug #185508)
- Fixed configure.in to build correctly
- Fixed spec file
- Initial version from Mike Halcrow
OBS-URL: https://build.opensuse.org/request/show/1166481
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=64
2024-04-09 18:08:01 +02:00
|
|
|
- Re-implemented flavors (openssl3, engine, provider) (bsc#1221627)
|
|
|
|
|
+------------+---------------------------------+--------------------------+
|
|
|
|
|
| Flavor | Package name | Note |
|
|
|
|
|
+------------+---------------------------------+--------------------------+
|
|
|
|
|
| '' | openssl-ibmca | openssl1 flavor |
|
|
|
|
|
| engine | openssl3-ibmca-engine | Only engine |
|
|
|
|
|
| provider | openssl3-ibmca-provider | Only provider |
|
|
|
|
|
| openssl3 | openssl3-ibmca | Both engine and provider |
|
|
|
|
|
+------------+---------------------------------+--------------------------+
|
Accepting request 1165422 from home:ngueorguiev:branches:security:tls
- Changing/editing 'dynamic_path' after the installation on the target system
* From /usr/lib64/ossl-modules to /usr/lib64/engines-3 in
/usr/share/doc/packages/openssl-ibmca/ibmca-engine-opensslconfig
- Amended the .spec file (bsc#1221627)
* Removed the flavors
* Removed 'muiltibuild' environment
* Removed the 'provider' logic
- Updated the .spec file (bsc#1218933, bsc#1221627)
* Amended the .spec file to use modulesdir variable
- Implemented _multibuild environment (openssl1, engine, provider)
- Added a flag and logic for provider in the .spec file
* When provider is set to 1, it 'configures' the provider
* When provider is set to 0, it 'configures' the engine
- Removed an obsolete patch (implemented in the version 2.4.1)
* openssl-ibmca-engine-noregister.patch
- Upgrade to version 2.4.1 (jsc#PED-5422)
* Provider: Change the default log directory to /tmp
* Bug fixes
- Updated the .spec file, amended to use libica4 instead of libica
* Requires: libica4 >= 4
- Updated the .spec file
* uses a flag openssl3 (1 or 0) to include or not the openssl3 libraries
- Updated the .spec file as follow:
* BuildRequires: libica-devel >= 4.0.0
* BuildRequires: libica-tools >= 4.0.0
- Added dependency on libica4 (bsc#1209038)
* BuildRequires and Requires statements in .spec file for libica4
- Applies a patch (bsc#1210359)
* openssl-ibmca-engine-noregister.patch
- Updated the '#dynamic_path' line, as it was before, with the comment '#'.
- Upgraded openssl-ibmca to version 2.4.0 (bsc#1210059)
* openssl-ibmca 2.4.0
- Provider: Adjustments for OpenSSL versions 3.1 and 3.2
- Provider: Support RSA blinding
- Provider: Constant-time fixes for RSA PKCS#1 v1.5 and OAEP padding
- Provider: Support "implicit rejection" option for RSA PKCS#1 v1.5 padding
- Provider: Adjustments in OpenSSL config generator and example configs
- Engine: EC: Cache ICA key in EC_KEY object (performance improvement)
- Engine: Enable RSA blinding
- Updated .spec file removed '#' from the line containing
'sed -e 's/^dynamic_path/#dynamic_path/' (bsc#1209038)
- Added in %files
* /usr/lib64/engines-3/ibmca-provider.la
* /usr/lib64/engines-3/ibmca-provider.so
- Upgraded to version 2.3.1 (jsc#PED-597)
* openssl-ibmca 2.3.1
- Adjustments for libica 4.1.0
* openssl-ibmca 2.3.0
- First version including the provider
- Fix for engine build without OpenSSL 3.0 sources
* openssl-ibmca 2.2.3
- Fix PKEY segfault with OpenSSL 3.0
* openssl-ibmca 2.2.2
- Fix tests with OpenSSL 3.0
- Build against libica 4.0
- Removed a Requires for libica from the specfile.
- Removed the obsolete baselibs.conf file
- Completely revamped the postinstall scriptlet so that it doesn't
need to know or care about how many lines are in either
/etc/ssl/openssl.cnf, or the sample file at
/usr/share/doc/packages/openssl-ibmca/openssl.cnf.sample
We're now using the ".include" directive for the openssl.cnf
file, and only modifying that file the minimum necessary to
implement the change. (bsc#1004463)
- Upgraded to version 2.2.1 (jsc#SLE-18333)
* openssl-ibmca 2.2.1
Bug fixes
* openssl-ibmca 2.2.0
Implement fallbacks based on OpenSSL
Disable software fallbacks from libica
Allow to specify default library (libica vs. libica-cex) to use
Provide "libica" engine ctrl to switch library at load time
Update README.md
Remove libica link dependency
Generate sample configuration files from system configuration
Restructure registration global data
* openssl-ibmca 2.1.3
Bug fix
* openssl-ibmca 2.1.2
Bug fixes
- Modified spec file to
* Define a global variable enginesdir the same was as IBM does
instead of _ENGINE_DIR as we had been doing.
* Implemented %make_build macro according to spec-cleaner
* Changed the package description to match IBM's.
* Removed the redundant "autoreconf --force --install"
- Upgrade to version 2.1.1 (jsc#SLE-13709)
* Bug fixes
- Upgrade to version 2.1.0 (jsc#SLE-7852, jsc#SLE-7882)
Add MSA9 CPACF support for X25519, X448, Ed25519 and Ed448
- Upgraded to version 2.0.3 (jsc#SLE-6123, jsc#SLE-6424)
* openssl-ibmca 2.0.3
Add MSA9 CPACF support for ECDSA sign/verify
- Dropped obsolete openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
- Changed the ExclusiveArch directive to include s390x only.
- The code in e_ibmca.c does a dlopen for libica.so.3, instead of
linking against the shared library. As a result, if the package
containing libica.so.3 isn't installed, problems occur. Added
a "Requires: libica3" to the spec file to fix this. (bsc#1142286)
- Made a couple of changes to the spec file based on the output
from spec-cleaner.
- Added openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
An Apache HTTP Server was set up with mod_ssl and the openssl
ibmca engine using libica and a CEX6A card. Whenever a worker
process is cleaned up a segmentation fault occurs.
(bsc#1138517)
- Upgraded to version 2.0.2 (Fate#325688)
* openssl-ibmca 2.0.2
Fix doing rsa-me, altough rsa-crt would be possible.
- Upgraded to version 2.0.1 (Fate#325688)
* openssl-ibmca 2.0.1
Dont fail when a libica symbol cannot be resolved.
- Made multiple changes to the spec file based on spec-cleaner output.
- Upgraded to version 2.0.0 (Fate#325688)
* openssl-ibmca 2.0.0
Add ECC support.
Add check and distcheck make-targets.
Project cleanup, code was broken into multiple files and coding style cleanup.
Improvements to compat macros for openssl.
Don't disable libica sw fallbacks.
Fix dlclose logic.
* openssl-ibmca 1.4.1
Fix structure size for aes-256-ecb/cbc/cfb/ofb
Update man page
Switch to ibmca.so filename to allow standalone use
Switch off Libica fallback mode if available
Make sure ibmca_init only runs once
Provide simple macro for DEBUG_PRINTF possibility
Cleanup and slight rework of function set_supported_meths
- Did some cleanup to the spec file, based on spec-cleanup.
- Removed the following obsolete patches:
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Added the following patches for bsc#1097463
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Upgraded to version 1.4.0
* Re-license to Apache License v2.0
* Fix aes_gcm initialization.
* Update man page.
* Add macros for OpenSSL 0.9.8 compat.
* Remove AC_FUNC_MALLOC from configure.ac
* Add compat macro for OpenSSL 1.0.1e-fips.
* Setting 'foreign' strictness for automake.
* Add AES-GCM support.
* Rework EVP_aes macros.
* Remove dependency of old local OpenSSL headers.
* Fix engine initialization to set function pointers only once.
* Remove blank COPYING and NEWS files.
* Remove INSTALL and move its content to README.md
* Update README.md file to make use of markdown.
* Rename README file to README.md to use markdown
* Add CONTRIBUTING guidelines.
* Adding coding style documentation.
* Enable EVP_MD_FLAG_FIPS flag for SHA-*.
* Initialize rsa_keygen in RSA_METHOD for openssl < 1.1.0
* Fix SHA512 EVP digest struct to use
EVP_MD_FLAG_PKEY_METHOD_SIGNATURE when using OpenSSL 1.0
* Fix wrong parenthesis
* convert libica loading to dlopen() and friends
* Add support to DSO on new API of OpenSSL-1.1.0
- Removed obsolete openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch
- Added BuildRequires for autoconf, automake, and libtool.
- Updated BuildRequires for libica-devel to be >= 3.1.1
- Now that the openSSL engines directory is versioned:
* Modified the spec file to query the libcrypto package
for which directory to install the engine into.
* Removed openssl-ibmca-fix-enginepath.patch. Replaced it
with a sed command so that it will provide the correct
versioned engines directory
- Removed openssl-ibmca-configure.patch. It doesn't seem to
be needed any longer.
- Added openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch (bsc#1032113)
- Added libica-tools to the BuildRequires due to repackaging of libica.
- Renamed BuildRequires from libica2-devel to libica-devel for the
same reason.
- Tweaked a comment to get rid of an rpmlint warning message.
- fixed ssl configuration merging (bsc#1004463)
- openssl-ibmca-fix-enginepath.patch: fix the engine path
- Use macro for configure (fate#319941)
- Use url for source
- Enable parallel building
- Cleanup spec file with spec-cleaner
- Upgraded to version 1.3.0 (fate#319941)
- Updated openssl-ibmca-configure.patch to apply cleanly
- Removed obsolete patches
- openssl-ibmca-README.patch
- openssl-ibmca-sha256-digest-length.patch
- openssl-pkey.patch
- openssl-des-ede.patch
- Did some spec file cleanup.
- Fixed %post script to update library path (the only dynamic part
of the ibmca configuration) every time the package is installed.
(bsc#966139)
- Updated AUTHORS, INSTALL, and README (bsc#942839)
- %post and %postun added to properly update openssl.cnf (bsc#942839)
- Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138)
- Remove dependency on fillup anf insserv; the package provides
neither sysconfig file nor sysvinit script
- Remove depreciated AUTHORS section
- Use %configure macro
- Add openssl-ibmca-configure.patch
- the openssl engines moved to /%_lib/engines bnc#905480
- Forced requirement of libica-2_3_0 (bnc#890824)
- openssl-des-ede.patch: fixed a crash during benchmark (bnc#879922)
- openssl-pkey.patch: defer HMAC signing to pkey framework, fixes
fips self-test during EC key creation (bnc#879922)
- spec file cleaned up a bit
- openssl-ibmca-sha256-digest-length.patch: SHA256: Fixed message
digest length definition in sha256 template (bnc#868275)
- update to 1.2.0
- removed patches:
ibmca-configure.patch
ibmca-segfault.fix.patch
ibmca-sw-fix.patch
openssl-ibmca-1.0.0.rc2-memset-fix.patch
- make it exclusivearch for s390/s390x as the required libica
is only available for s390/s390x
- Made required libica-2_1_0 s390 specific
- Added x86_64 to ExclusiveArch as %ix86 doesn't do it
- Removed libica requirement - allowing build process to find it
- Added COPYING to %files
- Requiring libica 2.1.0 or greater
- enable ppc64le
- fix build (add autoconf automake libtool to BuildRequires)
- disable libtool --finish call
- own engines directory
- package baselibs.conf
- obsolete old -XXbit packages (bnc#437293)
- added baselibs.conf file to build xxbit packages
for multilib support
- added fixes by IBM (bug #243801):
ibmca-segfault.fix: rewrite ibmca_mod_expto remove improper use of BIGNUM
object
ibmca-sw-fix: rewrite ibmca_mod_exp_crtto remove improper use of BIGNUM
object
openssl-ibmca-1.0.0.rc2-memset-fix.patch: fix memory initialization problem
- updated README (bug #185508)
- Fixed configure.in to build correctly
- Fixed spec file
- Initial version from Mike Halcrow
OBS-URL: https://build.opensuse.org/request/show/1165422
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=63
2024-04-05 08:41:44 +02:00
|
|
|
- Changing/editing 'dynamic_path' after the installation on the target system
|
|
|
|
|
* From /usr/lib64/ossl-modules to /usr/lib64/engines-3 in
|
Accepting request 1166481 from home:ngueorguiev:branches:security:tls
- Re-implemented flavors (openssl3, engine, provider) (bsc#1221627)
+------------+---------------------------------+--------------------------+
| Flavor | Package name | Note |
+------------+---------------------------------+--------------------------+
| '' | openssl-ibmca | openssl1 flavor |
| engine | openssl3-ibmca-engine | Only engine |
| provider | openssl3-ibmca-provider | Only provider |
| openssl3 | openssl3-ibmca | Both engine and provider |
+------------+---------------------------------+--------------------------+
- Changing/editing 'dynamic_path' after the installation on the target system
* From /usr/lib64/ossl-modules to /usr/lib64/engines-3 in
/usr/share/doc/packages/openssl3-ibmca/ibmca-engine-opensslconfig
for openssl3 flavor
- Amended the .spec file (bsc#1221627)
* Removed the flavors
* Removed 'muiltibuild' environment
* Removed the 'provider' logic
- Updated the .spec file (bsc#1218933, bsc#1221627)
* Amended the .spec file to use modulesdir variable
- Implemented _multibuild environment (openssl1, engine, provider)
- Added a flag and logic for provider in the .spec file
* When provider is set to 1, it 'configures' the provider
* When provider is set to 0, it 'configures' the engine
- Removed an obsolete patch (implemented in the version 2.4.1)
* openssl-ibmca-engine-noregister.patch
- Upgrade to version 2.4.1 (jsc#PED-5422)
* Provider: Change the default log directory to /tmp
* Bug fixes
- Updated the .spec file, amended to use libica4 instead of libica
* Requires: libica4 >= 4
- Updated the .spec file
* uses a flag openssl3 (1 or 0) to include or not the openssl3 libraries
- Updated the .spec file as follow:
* BuildRequires: libica-devel >= 4.0.0
* BuildRequires: libica-tools >= 4.0.0
- Added dependency on libica4 (bsc#1209038)
* BuildRequires and Requires statements in .spec file for libica4
- Applies a patch (bsc#1210359)
* openssl-ibmca-engine-noregister.patch
- Updated the '#dynamic_path' line, as it was before, with the comment '#'.
- Upgraded openssl-ibmca to version 2.4.0 (bsc#1210059)
* openssl-ibmca 2.4.0
- Provider: Adjustments for OpenSSL versions 3.1 and 3.2
- Provider: Support RSA blinding
- Provider: Constant-time fixes for RSA PKCS#1 v1.5 and OAEP padding
- Provider: Support "implicit rejection" option for RSA PKCS#1 v1.5 padding
- Provider: Adjustments in OpenSSL config generator and example configs
- Engine: EC: Cache ICA key in EC_KEY object (performance improvement)
- Engine: Enable RSA blinding
- Updated .spec file removed '#' from the line containing
'sed -e 's/^dynamic_path/#dynamic_path/' (bsc#1209038)
- Added in %files
* /usr/lib64/engines-3/ibmca-provider.la
* /usr/lib64/engines-3/ibmca-provider.so
- Upgraded to version 2.3.1 (jsc#PED-597)
* openssl-ibmca 2.3.1
- Adjustments for libica 4.1.0
* openssl-ibmca 2.3.0
- First version including the provider
- Fix for engine build without OpenSSL 3.0 sources
* openssl-ibmca 2.2.3
- Fix PKEY segfault with OpenSSL 3.0
* openssl-ibmca 2.2.2
- Fix tests with OpenSSL 3.0
- Build against libica 4.0
- Removed a Requires for libica from the specfile.
- Removed the obsolete baselibs.conf file
- Completely revamped the postinstall scriptlet so that it doesn't
need to know or care about how many lines are in either
/etc/ssl/openssl.cnf, or the sample file at
/usr/share/doc/packages/openssl-ibmca/openssl.cnf.sample
We're now using the ".include" directive for the openssl.cnf
file, and only modifying that file the minimum necessary to
implement the change. (bsc#1004463)
- Upgraded to version 2.2.1 (jsc#SLE-18333)
* openssl-ibmca 2.2.1
Bug fixes
* openssl-ibmca 2.2.0
Implement fallbacks based on OpenSSL
Disable software fallbacks from libica
Allow to specify default library (libica vs. libica-cex) to use
Provide "libica" engine ctrl to switch library at load time
Update README.md
Remove libica link dependency
Generate sample configuration files from system configuration
Restructure registration global data
* openssl-ibmca 2.1.3
Bug fix
* openssl-ibmca 2.1.2
Bug fixes
- Modified spec file to
* Define a global variable enginesdir the same was as IBM does
instead of _ENGINE_DIR as we had been doing.
* Implemented %make_build macro according to spec-cleaner
* Changed the package description to match IBM's.
* Removed the redundant "autoreconf --force --install"
- Upgrade to version 2.1.1 (jsc#SLE-13709)
* Bug fixes
- Upgrade to version 2.1.0 (jsc#SLE-7852, jsc#SLE-7882)
Add MSA9 CPACF support for X25519, X448, Ed25519 and Ed448
- Upgraded to version 2.0.3 (jsc#SLE-6123, jsc#SLE-6424)
* openssl-ibmca 2.0.3
Add MSA9 CPACF support for ECDSA sign/verify
- Dropped obsolete openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
- Changed the ExclusiveArch directive to include s390x only.
- The code in e_ibmca.c does a dlopen for libica.so.3, instead of
linking against the shared library. As a result, if the package
containing libica.so.3 isn't installed, problems occur. Added
a "Requires: libica3" to the spec file to fix this. (bsc#1142286)
- Made a couple of changes to the spec file based on the output
from spec-cleaner.
- Added openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
An Apache HTTP Server was set up with mod_ssl and the openssl
ibmca engine using libica and a CEX6A card. Whenever a worker
process is cleaned up a segmentation fault occurs.
(bsc#1138517)
- Upgraded to version 2.0.2 (Fate#325688)
* openssl-ibmca 2.0.2
Fix doing rsa-me, altough rsa-crt would be possible.
- Upgraded to version 2.0.1 (Fate#325688)
* openssl-ibmca 2.0.1
Dont fail when a libica symbol cannot be resolved.
- Made multiple changes to the spec file based on spec-cleaner output.
- Upgraded to version 2.0.0 (Fate#325688)
* openssl-ibmca 2.0.0
Add ECC support.
Add check and distcheck make-targets.
Project cleanup, code was broken into multiple files and coding style cleanup.
Improvements to compat macros for openssl.
Don't disable libica sw fallbacks.
Fix dlclose logic.
* openssl-ibmca 1.4.1
Fix structure size for aes-256-ecb/cbc/cfb/ofb
Update man page
Switch to ibmca.so filename to allow standalone use
Switch off Libica fallback mode if available
Make sure ibmca_init only runs once
Provide simple macro for DEBUG_PRINTF possibility
Cleanup and slight rework of function set_supported_meths
- Did some cleanup to the spec file, based on spec-cleanup.
- Removed the following obsolete patches:
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Added the following patches for bsc#1097463
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Upgraded to version 1.4.0
* Re-license to Apache License v2.0
* Fix aes_gcm initialization.
* Update man page.
* Add macros for OpenSSL 0.9.8 compat.
* Remove AC_FUNC_MALLOC from configure.ac
* Add compat macro for OpenSSL 1.0.1e-fips.
* Setting 'foreign' strictness for automake.
* Add AES-GCM support.
* Rework EVP_aes macros.
* Remove dependency of old local OpenSSL headers.
* Fix engine initialization to set function pointers only once.
* Remove blank COPYING and NEWS files.
* Remove INSTALL and move its content to README.md
* Update README.md file to make use of markdown.
* Rename README file to README.md to use markdown
* Add CONTRIBUTING guidelines.
* Adding coding style documentation.
* Enable EVP_MD_FLAG_FIPS flag for SHA-*.
* Initialize rsa_keygen in RSA_METHOD for openssl < 1.1.0
* Fix SHA512 EVP digest struct to use
EVP_MD_FLAG_PKEY_METHOD_SIGNATURE when using OpenSSL 1.0
* Fix wrong parenthesis
* convert libica loading to dlopen() and friends
* Add support to DSO on new API of OpenSSL-1.1.0
- Removed obsolete openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch
- Added BuildRequires for autoconf, automake, and libtool.
- Updated BuildRequires for libica-devel to be >= 3.1.1
- Now that the openSSL engines directory is versioned:
* Modified the spec file to query the libcrypto package
for which directory to install the engine into.
* Removed openssl-ibmca-fix-enginepath.patch. Replaced it
with a sed command so that it will provide the correct
versioned engines directory
- Removed openssl-ibmca-configure.patch. It doesn't seem to
be needed any longer.
- Added openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch (bsc#1032113)
- Added libica-tools to the BuildRequires due to repackaging of libica.
- Renamed BuildRequires from libica2-devel to libica-devel for the
same reason.
- Tweaked a comment to get rid of an rpmlint warning message.
- fixed ssl configuration merging (bsc#1004463)
- openssl-ibmca-fix-enginepath.patch: fix the engine path
- Use macro for configure (fate#319941)
- Use url for source
- Enable parallel building
- Cleanup spec file with spec-cleaner
- Upgraded to version 1.3.0 (fate#319941)
- Updated openssl-ibmca-configure.patch to apply cleanly
- Removed obsolete patches
- openssl-ibmca-README.patch
- openssl-ibmca-sha256-digest-length.patch
- openssl-pkey.patch
- openssl-des-ede.patch
- Did some spec file cleanup.
- Fixed %post script to update library path (the only dynamic part
of the ibmca configuration) every time the package is installed.
(bsc#966139)
- Updated AUTHORS, INSTALL, and README (bsc#942839)
- %post and %postun added to properly update openssl.cnf (bsc#942839)
- Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138)
- Remove dependency on fillup anf insserv; the package provides
neither sysconfig file nor sysvinit script
- Remove depreciated AUTHORS section
- Use %configure macro
- Add openssl-ibmca-configure.patch
- the openssl engines moved to /%_lib/engines bnc#905480
- Forced requirement of libica-2_3_0 (bnc#890824)
- openssl-des-ede.patch: fixed a crash during benchmark (bnc#879922)
- openssl-pkey.patch: defer HMAC signing to pkey framework, fixes
fips self-test during EC key creation (bnc#879922)
- spec file cleaned up a bit
- openssl-ibmca-sha256-digest-length.patch: SHA256: Fixed message
digest length definition in sha256 template (bnc#868275)
- update to 1.2.0
- removed patches:
ibmca-configure.patch
ibmca-segfault.fix.patch
ibmca-sw-fix.patch
openssl-ibmca-1.0.0.rc2-memset-fix.patch
- make it exclusivearch for s390/s390x as the required libica
is only available for s390/s390x
- Made required libica-2_1_0 s390 specific
- Added x86_64 to ExclusiveArch as %ix86 doesn't do it
- Removed libica requirement - allowing build process to find it
- Added COPYING to %files
- Requiring libica 2.1.0 or greater
- enable ppc64le
- fix build (add autoconf automake libtool to BuildRequires)
- disable libtool --finish call
- own engines directory
- package baselibs.conf
- obsolete old -XXbit packages (bnc#437293)
- added baselibs.conf file to build xxbit packages
for multilib support
- added fixes by IBM (bug #243801):
ibmca-segfault.fix: rewrite ibmca_mod_expto remove improper use of BIGNUM
object
ibmca-sw-fix: rewrite ibmca_mod_exp_crtto remove improper use of BIGNUM
object
openssl-ibmca-1.0.0.rc2-memset-fix.patch: fix memory initialization problem
- updated README (bug #185508)
- Fixed configure.in to build correctly
- Fixed spec file
- Initial version from Mike Halcrow
OBS-URL: https://build.opensuse.org/request/show/1166481
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=64
2024-04-09 18:08:01 +02:00
|
|
|
/usr/share/doc/packages/openssl3-ibmca/ibmca-engine-opensslconfig
|
|
|
|
|
for openssl3 flavor
|
Accepting request 1165422 from home:ngueorguiev:branches:security:tls
- Changing/editing 'dynamic_path' after the installation on the target system
* From /usr/lib64/ossl-modules to /usr/lib64/engines-3 in
/usr/share/doc/packages/openssl-ibmca/ibmca-engine-opensslconfig
- Amended the .spec file (bsc#1221627)
* Removed the flavors
* Removed 'muiltibuild' environment
* Removed the 'provider' logic
- Updated the .spec file (bsc#1218933, bsc#1221627)
* Amended the .spec file to use modulesdir variable
- Implemented _multibuild environment (openssl1, engine, provider)
- Added a flag and logic for provider in the .spec file
* When provider is set to 1, it 'configures' the provider
* When provider is set to 0, it 'configures' the engine
- Removed an obsolete patch (implemented in the version 2.4.1)
* openssl-ibmca-engine-noregister.patch
- Upgrade to version 2.4.1 (jsc#PED-5422)
* Provider: Change the default log directory to /tmp
* Bug fixes
- Updated the .spec file, amended to use libica4 instead of libica
* Requires: libica4 >= 4
- Updated the .spec file
* uses a flag openssl3 (1 or 0) to include or not the openssl3 libraries
- Updated the .spec file as follow:
* BuildRequires: libica-devel >= 4.0.0
* BuildRequires: libica-tools >= 4.0.0
- Added dependency on libica4 (bsc#1209038)
* BuildRequires and Requires statements in .spec file for libica4
- Applies a patch (bsc#1210359)
* openssl-ibmca-engine-noregister.patch
- Updated the '#dynamic_path' line, as it was before, with the comment '#'.
- Upgraded openssl-ibmca to version 2.4.0 (bsc#1210059)
* openssl-ibmca 2.4.0
- Provider: Adjustments for OpenSSL versions 3.1 and 3.2
- Provider: Support RSA blinding
- Provider: Constant-time fixes for RSA PKCS#1 v1.5 and OAEP padding
- Provider: Support "implicit rejection" option for RSA PKCS#1 v1.5 padding
- Provider: Adjustments in OpenSSL config generator and example configs
- Engine: EC: Cache ICA key in EC_KEY object (performance improvement)
- Engine: Enable RSA blinding
- Updated .spec file removed '#' from the line containing
'sed -e 's/^dynamic_path/#dynamic_path/' (bsc#1209038)
- Added in %files
* /usr/lib64/engines-3/ibmca-provider.la
* /usr/lib64/engines-3/ibmca-provider.so
- Upgraded to version 2.3.1 (jsc#PED-597)
* openssl-ibmca 2.3.1
- Adjustments for libica 4.1.0
* openssl-ibmca 2.3.0
- First version including the provider
- Fix for engine build without OpenSSL 3.0 sources
* openssl-ibmca 2.2.3
- Fix PKEY segfault with OpenSSL 3.0
* openssl-ibmca 2.2.2
- Fix tests with OpenSSL 3.0
- Build against libica 4.0
- Removed a Requires for libica from the specfile.
- Removed the obsolete baselibs.conf file
- Completely revamped the postinstall scriptlet so that it doesn't
need to know or care about how many lines are in either
/etc/ssl/openssl.cnf, or the sample file at
/usr/share/doc/packages/openssl-ibmca/openssl.cnf.sample
We're now using the ".include" directive for the openssl.cnf
file, and only modifying that file the minimum necessary to
implement the change. (bsc#1004463)
- Upgraded to version 2.2.1 (jsc#SLE-18333)
* openssl-ibmca 2.2.1
Bug fixes
* openssl-ibmca 2.2.0
Implement fallbacks based on OpenSSL
Disable software fallbacks from libica
Allow to specify default library (libica vs. libica-cex) to use
Provide "libica" engine ctrl to switch library at load time
Update README.md
Remove libica link dependency
Generate sample configuration files from system configuration
Restructure registration global data
* openssl-ibmca 2.1.3
Bug fix
* openssl-ibmca 2.1.2
Bug fixes
- Modified spec file to
* Define a global variable enginesdir the same was as IBM does
instead of _ENGINE_DIR as we had been doing.
* Implemented %make_build macro according to spec-cleaner
* Changed the package description to match IBM's.
* Removed the redundant "autoreconf --force --install"
- Upgrade to version 2.1.1 (jsc#SLE-13709)
* Bug fixes
- Upgrade to version 2.1.0 (jsc#SLE-7852, jsc#SLE-7882)
Add MSA9 CPACF support for X25519, X448, Ed25519 and Ed448
- Upgraded to version 2.0.3 (jsc#SLE-6123, jsc#SLE-6424)
* openssl-ibmca 2.0.3
Add MSA9 CPACF support for ECDSA sign/verify
- Dropped obsolete openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
- Changed the ExclusiveArch directive to include s390x only.
- The code in e_ibmca.c does a dlopen for libica.so.3, instead of
linking against the shared library. As a result, if the package
containing libica.so.3 isn't installed, problems occur. Added
a "Requires: libica3" to the spec file to fix this. (bsc#1142286)
- Made a couple of changes to the spec file based on the output
from spec-cleaner.
- Added openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
An Apache HTTP Server was set up with mod_ssl and the openssl
ibmca engine using libica and a CEX6A card. Whenever a worker
process is cleaned up a segmentation fault occurs.
(bsc#1138517)
- Upgraded to version 2.0.2 (Fate#325688)
* openssl-ibmca 2.0.2
Fix doing rsa-me, altough rsa-crt would be possible.
- Upgraded to version 2.0.1 (Fate#325688)
* openssl-ibmca 2.0.1
Dont fail when a libica symbol cannot be resolved.
- Made multiple changes to the spec file based on spec-cleaner output.
- Upgraded to version 2.0.0 (Fate#325688)
* openssl-ibmca 2.0.0
Add ECC support.
Add check and distcheck make-targets.
Project cleanup, code was broken into multiple files and coding style cleanup.
Improvements to compat macros for openssl.
Don't disable libica sw fallbacks.
Fix dlclose logic.
* openssl-ibmca 1.4.1
Fix structure size for aes-256-ecb/cbc/cfb/ofb
Update man page
Switch to ibmca.so filename to allow standalone use
Switch off Libica fallback mode if available
Make sure ibmca_init only runs once
Provide simple macro for DEBUG_PRINTF possibility
Cleanup and slight rework of function set_supported_meths
- Did some cleanup to the spec file, based on spec-cleanup.
- Removed the following obsolete patches:
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Added the following patches for bsc#1097463
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Upgraded to version 1.4.0
* Re-license to Apache License v2.0
* Fix aes_gcm initialization.
* Update man page.
* Add macros for OpenSSL 0.9.8 compat.
* Remove AC_FUNC_MALLOC from configure.ac
* Add compat macro for OpenSSL 1.0.1e-fips.
* Setting 'foreign' strictness for automake.
* Add AES-GCM support.
* Rework EVP_aes macros.
* Remove dependency of old local OpenSSL headers.
* Fix engine initialization to set function pointers only once.
* Remove blank COPYING and NEWS files.
* Remove INSTALL and move its content to README.md
* Update README.md file to make use of markdown.
* Rename README file to README.md to use markdown
* Add CONTRIBUTING guidelines.
* Adding coding style documentation.
* Enable EVP_MD_FLAG_FIPS flag for SHA-*.
* Initialize rsa_keygen in RSA_METHOD for openssl < 1.1.0
* Fix SHA512 EVP digest struct to use
EVP_MD_FLAG_PKEY_METHOD_SIGNATURE when using OpenSSL 1.0
* Fix wrong parenthesis
* convert libica loading to dlopen() and friends
* Add support to DSO on new API of OpenSSL-1.1.0
- Removed obsolete openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch
- Added BuildRequires for autoconf, automake, and libtool.
- Updated BuildRequires for libica-devel to be >= 3.1.1
- Now that the openSSL engines directory is versioned:
* Modified the spec file to query the libcrypto package
for which directory to install the engine into.
* Removed openssl-ibmca-fix-enginepath.patch. Replaced it
with a sed command so that it will provide the correct
versioned engines directory
- Removed openssl-ibmca-configure.patch. It doesn't seem to
be needed any longer.
- Added openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch (bsc#1032113)
- Added libica-tools to the BuildRequires due to repackaging of libica.
- Renamed BuildRequires from libica2-devel to libica-devel for the
same reason.
- Tweaked a comment to get rid of an rpmlint warning message.
- fixed ssl configuration merging (bsc#1004463)
- openssl-ibmca-fix-enginepath.patch: fix the engine path
- Use macro for configure (fate#319941)
- Use url for source
- Enable parallel building
- Cleanup spec file with spec-cleaner
- Upgraded to version 1.3.0 (fate#319941)
- Updated openssl-ibmca-configure.patch to apply cleanly
- Removed obsolete patches
- openssl-ibmca-README.patch
- openssl-ibmca-sha256-digest-length.patch
- openssl-pkey.patch
- openssl-des-ede.patch
- Did some spec file cleanup.
- Fixed %post script to update library path (the only dynamic part
of the ibmca configuration) every time the package is installed.
(bsc#966139)
- Updated AUTHORS, INSTALL, and README (bsc#942839)
- %post and %postun added to properly update openssl.cnf (bsc#942839)
- Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138)
- Remove dependency on fillup anf insserv; the package provides
neither sysconfig file nor sysvinit script
- Remove depreciated AUTHORS section
- Use %configure macro
- Add openssl-ibmca-configure.patch
- the openssl engines moved to /%_lib/engines bnc#905480
- Forced requirement of libica-2_3_0 (bnc#890824)
- openssl-des-ede.patch: fixed a crash during benchmark (bnc#879922)
- openssl-pkey.patch: defer HMAC signing to pkey framework, fixes
fips self-test during EC key creation (bnc#879922)
- spec file cleaned up a bit
- openssl-ibmca-sha256-digest-length.patch: SHA256: Fixed message
digest length definition in sha256 template (bnc#868275)
- update to 1.2.0
- removed patches:
ibmca-configure.patch
ibmca-segfault.fix.patch
ibmca-sw-fix.patch
openssl-ibmca-1.0.0.rc2-memset-fix.patch
- make it exclusivearch for s390/s390x as the required libica
is only available for s390/s390x
- Made required libica-2_1_0 s390 specific
- Added x86_64 to ExclusiveArch as %ix86 doesn't do it
- Removed libica requirement - allowing build process to find it
- Added COPYING to %files
- Requiring libica 2.1.0 or greater
- enable ppc64le
- fix build (add autoconf automake libtool to BuildRequires)
- disable libtool --finish call
- own engines directory
- package baselibs.conf
- obsolete old -XXbit packages (bnc#437293)
- added baselibs.conf file to build xxbit packages
for multilib support
- added fixes by IBM (bug #243801):
ibmca-segfault.fix: rewrite ibmca_mod_expto remove improper use of BIGNUM
object
ibmca-sw-fix: rewrite ibmca_mod_exp_crtto remove improper use of BIGNUM
object
openssl-ibmca-1.0.0.rc2-memset-fix.patch: fix memory initialization problem
- updated README (bug #185508)
- Fixed configure.in to build correctly
- Fixed spec file
- Initial version from Mike Halcrow
OBS-URL: https://build.opensuse.org/request/show/1165422
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=63
2024-04-05 08:41:44 +02:00
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Apr 4 07:02:23 UTC 2024 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
|
2024-04-04 07:23:49 +02:00
|
|
|
|
|
|
|
|
- Amended the .spec file (bsc#1221627)
|
|
|
|
|
* Removed the flavors
|
Accepting request 1164500 from home:ngueorguiev:branches:security:tls
- Amended the .spec file (bsc#1221627)
* Removed the flavors
* Removed 'muiltibuild' environment
* Removed the 'provider' logic
- Updated the .spec file (bsc#1218933, bsc#1221627)
* Amended the .spec file to use modulesdir variable
- Implemented _multibuild environment (openssl1, engine, provider)
- Added a flag and logic for provider in the .spec file
* When provider is set to 1, it 'configures' the provider
* When provider is set to 0, it 'configures' the engine
- Removed an obsolete patch (implemented in the version 2.4.1)
* openssl-ibmca-engine-noregister.patch
- Upgrade to version 2.4.1 (jsc#PED-5422)
* Provider: Change the default log directory to /tmp
* Bug fixes
- Updated the .spec file, amended to use libica4 instead of libica
* Requires: libica4 >= 4
- Updated the .spec file
* uses a flag openssl3 (1 or 0) to include or not the openssl3 libraries
- Updated the .spec file as follow:
* BuildRequires: libica-devel >= 4.0.0
* BuildRequires: libica-tools >= 4.0.0
- Added dependency on libica4 (bsc#1209038)
* BuildRequires and Requires statements in .spec file for libica4
- Applies a patch (bsc#1210359)
* openssl-ibmca-engine-noregister.patch
- Updated the '#dynamic_path' line, as it was before, with the comment '#'.
- Upgraded openssl-ibmca to version 2.4.0 (bsc#1210059)
* openssl-ibmca 2.4.0
- Provider: Adjustments for OpenSSL versions 3.1 and 3.2
- Provider: Support RSA blinding
- Provider: Constant-time fixes for RSA PKCS#1 v1.5 and OAEP padding
- Provider: Support "implicit rejection" option for RSA PKCS#1 v1.5 padding
- Provider: Adjustments in OpenSSL config generator and example configs
- Engine: EC: Cache ICA key in EC_KEY object (performance improvement)
- Engine: Enable RSA blinding
- Updated .spec file removed '#' from the line containing
'sed -e 's/^dynamic_path/#dynamic_path/' (bsc#1209038)
- Added in %files
* /usr/lib64/engines-3/ibmca-provider.la
* /usr/lib64/engines-3/ibmca-provider.so
- Upgraded to version 2.3.1 (jsc#PED-597)
* openssl-ibmca 2.3.1
- Adjustments for libica 4.1.0
* openssl-ibmca 2.3.0
- First version including the provider
- Fix for engine build without OpenSSL 3.0 sources
* openssl-ibmca 2.2.3
- Fix PKEY segfault with OpenSSL 3.0
* openssl-ibmca 2.2.2
- Fix tests with OpenSSL 3.0
- Build against libica 4.0
- Removed a Requires for libica from the specfile.
- Removed the obsolete baselibs.conf file
- Completely revamped the postinstall scriptlet so that it doesn't
need to know or care about how many lines are in either
/etc/ssl/openssl.cnf, or the sample file at
/usr/share/doc/packages/openssl-ibmca/openssl.cnf.sample
We're now using the ".include" directive for the openssl.cnf
file, and only modifying that file the minimum necessary to
implement the change. (bsc#1004463)
- Upgraded to version 2.2.1 (jsc#SLE-18333)
* openssl-ibmca 2.2.1
Bug fixes
* openssl-ibmca 2.2.0
Implement fallbacks based on OpenSSL
Disable software fallbacks from libica
Allow to specify default library (libica vs. libica-cex) to use
Provide "libica" engine ctrl to switch library at load time
Update README.md
Remove libica link dependency
Generate sample configuration files from system configuration
Restructure registration global data
* openssl-ibmca 2.1.3
Bug fix
* openssl-ibmca 2.1.2
Bug fixes
- Modified spec file to
* Define a global variable enginesdir the same was as IBM does
instead of _ENGINE_DIR as we had been doing.
* Implemented %make_build macro according to spec-cleaner
* Changed the package description to match IBM's.
* Removed the redundant "autoreconf --force --install"
- Upgrade to version 2.1.1 (jsc#SLE-13709)
* Bug fixes
- Upgrade to version 2.1.0 (jsc#SLE-7852, jsc#SLE-7882)
Add MSA9 CPACF support for X25519, X448, Ed25519 and Ed448
- Upgraded to version 2.0.3 (jsc#SLE-6123, jsc#SLE-6424)
* openssl-ibmca 2.0.3
Add MSA9 CPACF support for ECDSA sign/verify
- Dropped obsolete openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
- Changed the ExclusiveArch directive to include s390x only.
- The code in e_ibmca.c does a dlopen for libica.so.3, instead of
linking against the shared library. As a result, if the package
containing libica.so.3 isn't installed, problems occur. Added
a "Requires: libica3" to the spec file to fix this. (bsc#1142286)
- Made a couple of changes to the spec file based on the output
from spec-cleaner.
- Added openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
An Apache HTTP Server was set up with mod_ssl and the openssl
ibmca engine using libica and a CEX6A card. Whenever a worker
process is cleaned up a segmentation fault occurs.
(bsc#1138517)
- Upgraded to version 2.0.2 (Fate#325688)
* openssl-ibmca 2.0.2
Fix doing rsa-me, altough rsa-crt would be possible.
- Upgraded to version 2.0.1 (Fate#325688)
* openssl-ibmca 2.0.1
Dont fail when a libica symbol cannot be resolved.
- Made multiple changes to the spec file based on spec-cleaner output.
- Upgraded to version 2.0.0 (Fate#325688)
* openssl-ibmca 2.0.0
Add ECC support.
Add check and distcheck make-targets.
Project cleanup, code was broken into multiple files and coding style cleanup.
Improvements to compat macros for openssl.
Don't disable libica sw fallbacks.
Fix dlclose logic.
* openssl-ibmca 1.4.1
Fix structure size for aes-256-ecb/cbc/cfb/ofb
Update man page
Switch to ibmca.so filename to allow standalone use
Switch off Libica fallback mode if available
Make sure ibmca_init only runs once
Provide simple macro for DEBUG_PRINTF possibility
Cleanup and slight rework of function set_supported_meths
- Did some cleanup to the spec file, based on spec-cleanup.
- Removed the following obsolete patches:
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Added the following patches for bsc#1097463
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Upgraded to version 1.4.0
* Re-license to Apache License v2.0
* Fix aes_gcm initialization.
* Update man page.
* Add macros for OpenSSL 0.9.8 compat.
* Remove AC_FUNC_MALLOC from configure.ac
* Add compat macro for OpenSSL 1.0.1e-fips.
* Setting 'foreign' strictness for automake.
* Add AES-GCM support.
* Rework EVP_aes macros.
* Remove dependency of old local OpenSSL headers.
* Fix engine initialization to set function pointers only once.
* Remove blank COPYING and NEWS files.
* Remove INSTALL and move its content to README.md
* Update README.md file to make use of markdown.
* Rename README file to README.md to use markdown
* Add CONTRIBUTING guidelines.
* Adding coding style documentation.
* Enable EVP_MD_FLAG_FIPS flag for SHA-*.
* Initialize rsa_keygen in RSA_METHOD for openssl < 1.1.0
* Fix SHA512 EVP digest struct to use
EVP_MD_FLAG_PKEY_METHOD_SIGNATURE when using OpenSSL 1.0
* Fix wrong parenthesis
* convert libica loading to dlopen() and friends
* Add support to DSO on new API of OpenSSL-1.1.0
- Removed obsolete openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch
- Added BuildRequires for autoconf, automake, and libtool.
- Updated BuildRequires for libica-devel to be >= 3.1.1
- Now that the openSSL engines directory is versioned:
* Modified the spec file to query the libcrypto package
for which directory to install the engine into.
* Removed openssl-ibmca-fix-enginepath.patch. Replaced it
with a sed command so that it will provide the correct
versioned engines directory
- Removed openssl-ibmca-configure.patch. It doesn't seem to
be needed any longer.
- Added openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch (bsc#1032113)
- Added libica-tools to the BuildRequires due to repackaging of libica.
- Renamed BuildRequires from libica2-devel to libica-devel for the
same reason.
- Tweaked a comment to get rid of an rpmlint warning message.
- fixed ssl configuration merging (bsc#1004463)
- openssl-ibmca-fix-enginepath.patch: fix the engine path
- Use macro for configure (fate#319941)
- Use url for source
- Enable parallel building
- Cleanup spec file with spec-cleaner
- Upgraded to version 1.3.0 (fate#319941)
- Updated openssl-ibmca-configure.patch to apply cleanly
- Removed obsolete patches
- openssl-ibmca-README.patch
- openssl-ibmca-sha256-digest-length.patch
- openssl-pkey.patch
- openssl-des-ede.patch
- Did some spec file cleanup.
- Fixed %post script to update library path (the only dynamic part
of the ibmca configuration) every time the package is installed.
(bsc#966139)
- Updated AUTHORS, INSTALL, and README (bsc#942839)
- %post and %postun added to properly update openssl.cnf (bsc#942839)
- Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138)
- Remove dependency on fillup anf insserv; the package provides
neither sysconfig file nor sysvinit script
- Remove depreciated AUTHORS section
- Use %configure macro
- Add openssl-ibmca-configure.patch
- the openssl engines moved to /%_lib/engines bnc#905480
- Forced requirement of libica-2_3_0 (bnc#890824)
- openssl-des-ede.patch: fixed a crash during benchmark (bnc#879922)
- openssl-pkey.patch: defer HMAC signing to pkey framework, fixes
fips self-test during EC key creation (bnc#879922)
- spec file cleaned up a bit
- openssl-ibmca-sha256-digest-length.patch: SHA256: Fixed message
digest length definition in sha256 template (bnc#868275)
- update to 1.2.0
- removed patches:
ibmca-configure.patch
ibmca-segfault.fix.patch
ibmca-sw-fix.patch
openssl-ibmca-1.0.0.rc2-memset-fix.patch
- make it exclusivearch for s390/s390x as the required libica
is only available for s390/s390x
- Made required libica-2_1_0 s390 specific
- Added x86_64 to ExclusiveArch as %ix86 doesn't do it
- Removed libica requirement - allowing build process to find it
- Added COPYING to %files
- Requiring libica 2.1.0 or greater
- enable ppc64le
- fix build (add autoconf automake libtool to BuildRequires)
- disable libtool --finish call
- own engines directory
- package baselibs.conf
- obsolete old -XXbit packages (bnc#437293)
- added baselibs.conf file to build xxbit packages
for multilib support
- added fixes by IBM (bug #243801):
ibmca-segfault.fix: rewrite ibmca_mod_expto remove improper use of BIGNUM
object
ibmca-sw-fix: rewrite ibmca_mod_exp_crtto remove improper use of BIGNUM
object
openssl-ibmca-1.0.0.rc2-memset-fix.patch: fix memory initialization problem
- updated README (bug #185508)
- Fixed configure.in to build correctly
- Fixed spec file
- Initial version from Mike Halcrow
OBS-URL: https://build.opensuse.org/request/show/1164500
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=61
2024-04-04 09:21:13 +02:00
|
|
|
* Removed 'muiltibuild' environment
|
|
|
|
|
* Removed the 'provider' logic
|
2024-04-04 07:23:49 +02:00
|
|
|
|
2024-03-18 20:33:34 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Mar 18 19:18:47 UTC 2024 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
|
|
|
|
|
|
|
|
|
|
- Updated the .spec file (bsc#1218933, bsc#1221627)
|
|
|
|
|
* Amended the .spec file to use modulesdir variable
|
|
|
|
|
- Implemented _multibuild environment (openssl1, engine, provider)
|
|
|
|
|
- Added a flag and logic for provider in the .spec file
|
|
|
|
|
* When provider is set to 1, it 'configures' the provider
|
|
|
|
|
* When provider is set to 0, it 'configures' the engine
|
|
|
|
|
|
2023-10-13 12:56:35 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Oct 13 10:39:42 UTC 2023 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
|
|
|
|
|
|
|
|
|
|
- Removed an obsolete patch (implemented in the version 2.4.1)
|
|
|
|
|
* openssl-ibmca-engine-noregister.patch
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Oct 6 06:35:00 UTC 2023 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
|
|
|
|
|
|
|
|
|
|
- Upgrade to version 2.4.1 (jsc#PED-5422)
|
|
|
|
|
* Provider: Change the default log directory to /tmp
|
|
|
|
|
* Bug fixes
|
|
|
|
|
|
2023-05-18 13:02:28 +02:00
|
|
|
-------------------------------------------------------------------
|
Accepting request 1088271 from home:ngueorguiev:branches:security:tls
- Updated the .spec file, amended to use libica4 instead of libica
* Requires: libica4 >= 4
- Updated the .spec file
* uses a flag openssl3 (1 or 0) to include or not the openssl3 libraries
- Updated the .spec file as follow:
* BuildRequires: libica-devel >= 4.0.0
* BuildRequires: libica-tools >= 4.0.0
- Added dependency on libica4 (bsc#1209038)
* BuildRequires and Requires statements in .spec file for libica4
- Applies a patch (bsc#1210359)
* openssl-ibmca-engine-noregister.patch
- Updated the '#dynamic_path' line, as it was before, with the comment '#'.
- Upgraded openssl-ibmca to version 2.4.0 (bsc#1210059)
* openssl-ibmca 2.4.0
- Provider: Adjustments for OpenSSL versions 3.1 and 3.2
- Provider: Support RSA blinding
- Provider: Constant-time fixes for RSA PKCS#1 v1.5 and OAEP padding
- Provider: Support "implicit rejection" option for RSA PKCS#1 v1.5 padding
- Provider: Adjustments in OpenSSL config generator and example configs
- Engine: EC: Cache ICA key in EC_KEY object (performance improvement)
- Engine: Enable RSA blinding
- Updated .spec file removed '#' from the line containing
'sed -e 's/^dynamic_path/#dynamic_path/' (bsc#1209038)
- Added in %files
* /usr/lib64/engines-3/ibmca-provider.la
* /usr/lib64/engines-3/ibmca-provider.so
- Upgraded to version 2.3.1 (jsc#PED-597)
* openssl-ibmca 2.3.1
- Adjustments for libica 4.1.0
* openssl-ibmca 2.3.0
- First version including the provider
- Fix for engine build without OpenSSL 3.0 sources
* openssl-ibmca 2.2.3
- Fix PKEY segfault with OpenSSL 3.0
* openssl-ibmca 2.2.2
- Fix tests with OpenSSL 3.0
- Build against libica 4.0
- Removed a Requires for libica from the specfile.
- Removed the obsolete baselibs.conf file
- Completely revamped the postinstall scriptlet so that it doesn't
need to know or care about how many lines are in either
/etc/ssl/openssl.cnf, or the sample file at
/usr/share/doc/packages/openssl-ibmca/openssl.cnf.sample
We're now using the ".include" directive for the openssl.cnf
file, and only modifying that file the minimum necessary to
implement the change. (bsc#1004463)
- Upgraded to version 2.2.1 (jsc#SLE-18333)
* openssl-ibmca 2.2.1
Bug fixes
* openssl-ibmca 2.2.0
Implement fallbacks based on OpenSSL
Disable software fallbacks from libica
Allow to specify default library (libica vs. libica-cex) to use
Provide "libica" engine ctrl to switch library at load time
Update README.md
Remove libica link dependency
Generate sample configuration files from system configuration
Restructure registration global data
* openssl-ibmca 2.1.3
Bug fix
* openssl-ibmca 2.1.2
Bug fixes
- Modified spec file to
* Define a global variable enginesdir the same was as IBM does
instead of _ENGINE_DIR as we had been doing.
* Implemented %make_build macro according to spec-cleaner
* Changed the package description to match IBM's.
* Removed the redundant "autoreconf --force --install"
- Upgrade to version 2.1.1 (jsc#SLE-13709)
* Bug fixes
- Upgrade to version 2.1.0 (jsc#SLE-7852, jsc#SLE-7882)
Add MSA9 CPACF support for X25519, X448, Ed25519 and Ed448
- Upgraded to version 2.0.3 (jsc#SLE-6123, jsc#SLE-6424)
* openssl-ibmca 2.0.3
Add MSA9 CPACF support for ECDSA sign/verify
- Dropped obsolete openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
- Changed the ExclusiveArch directive to include s390x only.
- The code in e_ibmca.c does a dlopen for libica.so.3, instead of
linking against the shared library. As a result, if the package
containing libica.so.3 isn't installed, problems occur. Added
a "Requires: libica3" to the spec file to fix this. (bsc#1142286)
- Made a couple of changes to the spec file based on the output
from spec-cleaner.
- Added openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
An Apache HTTP Server was set up with mod_ssl and the openssl
ibmca engine using libica and a CEX6A card. Whenever a worker
process is cleaned up a segmentation fault occurs.
(bsc#1138517)
- Upgraded to version 2.0.2 (Fate#325688)
* openssl-ibmca 2.0.2
Fix doing rsa-me, altough rsa-crt would be possible.
- Upgraded to version 2.0.1 (Fate#325688)
* openssl-ibmca 2.0.1
Dont fail when a libica symbol cannot be resolved.
- Made multiple changes to the spec file based on spec-cleaner output.
- Upgraded to version 2.0.0 (Fate#325688)
* openssl-ibmca 2.0.0
Add ECC support.
Add check and distcheck make-targets.
Project cleanup, code was broken into multiple files and coding style cleanup.
Improvements to compat macros for openssl.
Don't disable libica sw fallbacks.
Fix dlclose logic.
* openssl-ibmca 1.4.1
Fix structure size for aes-256-ecb/cbc/cfb/ofb
Update man page
Switch to ibmca.so filename to allow standalone use
Switch off Libica fallback mode if available
Make sure ibmca_init only runs once
Provide simple macro for DEBUG_PRINTF possibility
Cleanup and slight rework of function set_supported_meths
- Did some cleanup to the spec file, based on spec-cleanup.
- Removed the following obsolete patches:
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Added the following patches for bsc#1097463
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Upgraded to version 1.4.0
* Re-license to Apache License v2.0
* Fix aes_gcm initialization.
* Update man page.
* Add macros for OpenSSL 0.9.8 compat.
* Remove AC_FUNC_MALLOC from configure.ac
* Add compat macro for OpenSSL 1.0.1e-fips.
* Setting 'foreign' strictness for automake.
* Add AES-GCM support.
* Rework EVP_aes macros.
* Remove dependency of old local OpenSSL headers.
* Fix engine initialization to set function pointers only once.
* Remove blank COPYING and NEWS files.
* Remove INSTALL and move its content to README.md
* Update README.md file to make use of markdown.
* Rename README file to README.md to use markdown
* Add CONTRIBUTING guidelines.
* Adding coding style documentation.
* Enable EVP_MD_FLAG_FIPS flag for SHA-*.
* Initialize rsa_keygen in RSA_METHOD for openssl < 1.1.0
* Fix SHA512 EVP digest struct to use
EVP_MD_FLAG_PKEY_METHOD_SIGNATURE when using OpenSSL 1.0
* Fix wrong parenthesis
* convert libica loading to dlopen() and friends
* Add support to DSO on new API of OpenSSL-1.1.0
- Removed obsolete openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch
- Added BuildRequires for autoconf, automake, and libtool.
- Updated BuildRequires for libica-devel to be >= 3.1.1
- Now that the openSSL engines directory is versioned:
* Modified the spec file to query the libcrypto package
for which directory to install the engine into.
* Removed openssl-ibmca-fix-enginepath.patch. Replaced it
with a sed command so that it will provide the correct
versioned engines directory
- Removed openssl-ibmca-configure.patch. It doesn't seem to
be needed any longer.
- Added openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch (bsc#1032113)
- Added libica-tools to the BuildRequires due to repackaging of libica.
- Renamed BuildRequires from libica2-devel to libica-devel for the
same reason.
- Tweaked a comment to get rid of an rpmlint warning message.
- fixed ssl configuration merging (bsc#1004463)
- openssl-ibmca-fix-enginepath.patch: fix the engine path
- Use macro for configure (fate#319941)
- Use url for source
- Enable parallel building
- Cleanup spec file with spec-cleaner
- Upgraded to version 1.3.0 (fate#319941)
- Updated openssl-ibmca-configure.patch to apply cleanly
- Removed obsolete patches
- openssl-ibmca-README.patch
- openssl-ibmca-sha256-digest-length.patch
- openssl-pkey.patch
- openssl-des-ede.patch
- Did some spec file cleanup.
- Fixed %post script to update library path (the only dynamic part
of the ibmca configuration) every time the package is installed.
(bsc#966139)
- Updated AUTHORS, INSTALL, and README (bsc#942839)
- %post and %postun added to properly update openssl.cnf (bsc#942839)
- Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138)
- Remove dependency on fillup anf insserv; the package provides
neither sysconfig file nor sysvinit script
- Remove depreciated AUTHORS section
- Use %configure macro
- Add openssl-ibmca-configure.patch
- the openssl engines moved to /%_lib/engines bnc#905480
- Forced requirement of libica-2_3_0 (bnc#890824)
- openssl-des-ede.patch: fixed a crash during benchmark (bnc#879922)
- openssl-pkey.patch: defer HMAC signing to pkey framework, fixes
fips self-test during EC key creation (bnc#879922)
- spec file cleaned up a bit
- openssl-ibmca-sha256-digest-length.patch: SHA256: Fixed message
digest length definition in sha256 template (bnc#868275)
- update to 1.2.0
- removed patches:
ibmca-configure.patch
ibmca-segfault.fix.patch
ibmca-sw-fix.patch
openssl-ibmca-1.0.0.rc2-memset-fix.patch
- make it exclusivearch for s390/s390x as the required libica
is only available for s390/s390x
- Made required libica-2_1_0 s390 specific
- Added x86_64 to ExclusiveArch as %ix86 doesn't do it
- Removed libica requirement - allowing build process to find it
- Added COPYING to %files
- Requiring libica 2.1.0 or greater
- enable ppc64le
- fix build (add autoconf automake libtool to BuildRequires)
- disable libtool --finish call
- own engines directory
- package baselibs.conf
- obsolete old -XXbit packages (bnc#437293)
- added baselibs.conf file to build xxbit packages
for multilib support
- added fixes by IBM (bug #243801):
ibmca-segfault.fix: rewrite ibmca_mod_expto remove improper use of BIGNUM
object
ibmca-sw-fix: rewrite ibmca_mod_exp_crtto remove improper use of BIGNUM
object
openssl-ibmca-1.0.0.rc2-memset-fix.patch: fix memory initialization problem
- updated README (bug #185508)
- Fixed configure.in to build correctly
- Fixed spec file
- Initial version from Mike Halcrow
OBS-URL: https://build.opensuse.org/request/show/1088271
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=54
2023-05-22 09:24:10 +02:00
|
|
|
Mon May 22 07:20:32 UTC 2023 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
|
2023-05-18 13:02:28 +02:00
|
|
|
|
|
|
|
|
- Updated the .spec file, amended to use libica4 instead of libica
|
|
|
|
|
* Requires: libica4 >= 4
|
|
|
|
|
|
2023-05-02 09:54:47 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue May 2 07:49:24 UTC 2023 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
|
|
|
|
|
|
|
|
|
|
- Updated the .spec file
|
|
|
|
|
* uses a flag openssl3 (1 or 0) to include or not the openssl3 libraries
|
|
|
|
|
|
2023-04-26 09:39:43 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Apr 25 12:47:39 UTC 2023 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
|
|
|
|
|
|
|
|
|
|
- Updated the .spec file as follow:
|
|
|
|
|
* BuildRequires: libica-devel >= 4.0.0
|
|
|
|
|
* BuildRequires: libica-tools >= 4.0.0
|
|
|
|
|
|
2023-04-24 11:37:08 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Apr 24 09:23:09 UTC 2023 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
|
|
|
|
|
|
|
|
|
|
- Added dependency on libica4 (bsc#1209038)
|
|
|
|
|
* BuildRequires and Requires statements in .spec file for libica4
|
|
|
|
|
|
2023-04-19 13:08:00 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Apr 19 10:52:06 UTC 2023 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
|
|
|
|
|
|
|
|
|
|
- Applies a patch (bsc#1210359)
|
|
|
|
|
* openssl-ibmca-engine-noregister.patch
|
|
|
|
|
- Updated the '#dynamic_path' line, as it was before, with the comment '#'.
|
|
|
|
|
|
2023-04-04 10:12:08 +02:00
|
|
|
-------------------------------------------------------------------
|
Accepting request 1077682 from home:ngueorguiev:branches:security:tls
- Upgraded openssl-ibmca to version 2.4.0(bsc#1210059)
* openssl-ibmca 2.4.0
- Provider: Adjustments for OpenSSL versions 3.1 and 3.2
- Provider: Support RSA blinding
- Provider: Constant-time fixes for RSA PKCS#1 v1.5 and OAEP padding
- Provider: Support "implicit rejection" option for RSA PKCS#1 v1.5 padding
- Provider: Adjustments in OpenSSL config generator and example configs
- Engine: EC: Cache ICA key in EC_KEY object (performance improvement)
- Engine: Enable RSA blinding
- Updated .spec file removed '#' from the line containing
'sed -e 's/^dynamic_path/#dynamic_path/' (bsc#1209038)
- Added in %files
* /usr/lib64/engines-3/ibmca-provider.la
* /usr/lib64/engines-3/ibmca-provider.so
- Upgraded to version 2.3.1 (jsc#PED-597)
* openssl-ibmca 2.3.1
- Adjustments for libica 4.1.0
* openssl-ibmca 2.3.0
- First version including the provider
- Fix for engine build without OpenSSL 3.0 sources
* openssl-ibmca 2.2.3
- Fix PKEY segfault with OpenSSL 3.0
* openssl-ibmca 2.2.2
- Fix tests with OpenSSL 3.0
- Build against libica 4.0
- Removed a Requires for libica from the specfile.
- Removed the obsolete baselibs.conf file
- Completely revamped the postinstall scriptlet so that it doesn't
need to know or care about how many lines are in either
/etc/ssl/openssl.cnf, or the sample file at
/usr/share/doc/packages/openssl-ibmca/openssl.cnf.sample
We're now using the ".include" directive for the openssl.cnf
file, and only modifying that file the minimum necessary to
implement the change. (bsc#1004463)
- Upgraded to version 2.2.1 (jsc#SLE-18333)
* openssl-ibmca 2.2.1
Bug fixes
* openssl-ibmca 2.2.0
Implement fallbacks based on OpenSSL
Disable software fallbacks from libica
Allow to specify default library (libica vs. libica-cex) to use
Provide "libica" engine ctrl to switch library at load time
Update README.md
Remove libica link dependency
Generate sample configuration files from system configuration
Restructure registration global data
* openssl-ibmca 2.1.3
Bug fix
* openssl-ibmca 2.1.2
Bug fixes
- Modified spec file to
* Define a global variable enginesdir the same was as IBM does
instead of _ENGINE_DIR as we had been doing.
* Implemented %make_build macro according to spec-cleaner
* Changed the package description to match IBM's.
* Removed the redundant "autoreconf --force --install"
- Upgrade to version 2.1.1 (jsc#SLE-13709)
* Bug fixes
- Upgrade to version 2.1.0 (jsc#SLE-7852, jsc#SLE-7882)
Add MSA9 CPACF support for X25519, X448, Ed25519 and Ed448
- Upgraded to version 2.0.3 (jsc#SLE-6123, jsc#SLE-6424)
* openssl-ibmca 2.0.3
Add MSA9 CPACF support for ECDSA sign/verify
- Dropped obsolete openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
- Changed the ExclusiveArch directive to include s390x only.
- The code in e_ibmca.c does a dlopen for libica.so.3, instead of
linking against the shared library. As a result, if the package
containing libica.so.3 isn't installed, problems occur. Added
a "Requires: libica3" to the spec file to fix this. (bsc#1142286)
- Made a couple of changes to the spec file based on the output
from spec-cleaner.
- Added openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
An Apache HTTP Server was set up with mod_ssl and the openssl
ibmca engine using libica and a CEX6A card. Whenever a worker
process is cleaned up a segmentation fault occurs.
(bsc#1138517)
- Upgraded to version 2.0.2 (Fate#325688)
* openssl-ibmca 2.0.2
Fix doing rsa-me, altough rsa-crt would be possible.
- Upgraded to version 2.0.1 (Fate#325688)
* openssl-ibmca 2.0.1
Dont fail when a libica symbol cannot be resolved.
- Made multiple changes to the spec file based on spec-cleaner output.
- Upgraded to version 2.0.0 (Fate#325688)
* openssl-ibmca 2.0.0
Add ECC support.
Add check and distcheck make-targets.
Project cleanup, code was broken into multiple files and coding style cleanup.
Improvements to compat macros for openssl.
Don't disable libica sw fallbacks.
Fix dlclose logic.
* openssl-ibmca 1.4.1
Fix structure size for aes-256-ecb/cbc/cfb/ofb
Update man page
Switch to ibmca.so filename to allow standalone use
Switch off Libica fallback mode if available
Make sure ibmca_init only runs once
Provide simple macro for DEBUG_PRINTF possibility
Cleanup and slight rework of function set_supported_meths
- Did some cleanup to the spec file, based on spec-cleanup.
- Removed the following obsolete patches:
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Added the following patches for bsc#1097463
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Upgraded to version 1.4.0
* Re-license to Apache License v2.0
* Fix aes_gcm initialization.
* Update man page.
* Add macros for OpenSSL 0.9.8 compat.
* Remove AC_FUNC_MALLOC from configure.ac
* Add compat macro for OpenSSL 1.0.1e-fips.
* Setting 'foreign' strictness for automake.
* Add AES-GCM support.
* Rework EVP_aes macros.
* Remove dependency of old local OpenSSL headers.
* Fix engine initialization to set function pointers only once.
* Remove blank COPYING and NEWS files.
* Remove INSTALL and move its content to README.md
* Update README.md file to make use of markdown.
* Rename README file to README.md to use markdown
* Add CONTRIBUTING guidelines.
* Adding coding style documentation.
* Enable EVP_MD_FLAG_FIPS flag for SHA-*.
* Initialize rsa_keygen in RSA_METHOD for openssl < 1.1.0
* Fix SHA512 EVP digest struct to use
EVP_MD_FLAG_PKEY_METHOD_SIGNATURE when using OpenSSL 1.0
* Fix wrong parenthesis
* convert libica loading to dlopen() and friends
* Add support to DSO on new API of OpenSSL-1.1.0
- Removed obsolete openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch
- Added BuildRequires for autoconf, automake, and libtool.
- Updated BuildRequires for libica-devel to be >= 3.1.1
- Now that the openSSL engines directory is versioned:
* Modified the spec file to query the libcrypto package
for which directory to install the engine into.
* Removed openssl-ibmca-fix-enginepath.patch. Replaced it
with a sed command so that it will provide the correct
versioned engines directory
- Removed openssl-ibmca-configure.patch. It doesn't seem to
be needed any longer.
- Added openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch (bsc#1032113)
- Added libica-tools to the BuildRequires due to repackaging of libica.
- Renamed BuildRequires from libica2-devel to libica-devel for the
same reason.
- Tweaked a comment to get rid of an rpmlint warning message.
- fixed ssl configuration merging (bsc#1004463)
- openssl-ibmca-fix-enginepath.patch: fix the engine path
- Use macro for configure (fate#319941)
- Use url for source
- Enable parallel building
- Cleanup spec file with spec-cleaner
- Upgraded to version 1.3.0 (fate#319941)
- Updated openssl-ibmca-configure.patch to apply cleanly
- Removed obsolete patches
- openssl-ibmca-README.patch
- openssl-ibmca-sha256-digest-length.patch
- openssl-pkey.patch
- openssl-des-ede.patch
- Did some spec file cleanup.
- Fixed %post script to update library path (the only dynamic part
of the ibmca configuration) every time the package is installed.
(bsc#966139)
- Updated AUTHORS, INSTALL, and README (bsc#942839)
- %post and %postun added to properly update openssl.cnf (bsc#942839)
- Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138)
- Remove dependency on fillup anf insserv; the package provides
neither sysconfig file nor sysvinit script
- Remove depreciated AUTHORS section
- Use %configure macro
- Add openssl-ibmca-configure.patch
- the openssl engines moved to /%_lib/engines bnc#905480
- Forced requirement of libica-2_3_0 (bnc#890824)
- openssl-des-ede.patch: fixed a crash during benchmark (bnc#879922)
- openssl-pkey.patch: defer HMAC signing to pkey framework, fixes
fips self-test during EC key creation (bnc#879922)
- spec file cleaned up a bit
- openssl-ibmca-sha256-digest-length.patch: SHA256: Fixed message
digest length definition in sha256 template (bnc#868275)
- update to 1.2.0
- removed patches:
ibmca-configure.patch
ibmca-segfault.fix.patch
ibmca-sw-fix.patch
openssl-ibmca-1.0.0.rc2-memset-fix.patch
- make it exclusivearch for s390/s390x as the required libica
is only available for s390/s390x
- Made required libica-2_1_0 s390 specific
- Added x86_64 to ExclusiveArch as %ix86 doesn't do it
- Removed libica requirement - allowing build process to find it
- Added COPYING to %files
- Requiring libica 2.1.0 or greater
- enable ppc64le
- fix build (add autoconf automake libtool to BuildRequires)
- disable libtool --finish call
- own engines directory
- package baselibs.conf
- obsolete old -XXbit packages (bnc#437293)
- added baselibs.conf file to build xxbit packages
for multilib support
- added fixes by IBM (bug #243801):
ibmca-segfault.fix: rewrite ibmca_mod_expto remove improper use of BIGNUM
object
ibmca-sw-fix: rewrite ibmca_mod_exp_crtto remove improper use of BIGNUM
object
openssl-ibmca-1.0.0.rc2-memset-fix.patch: fix memory initialization problem
- updated README (bug #185508)
- Fixed configure.in to build correctly
- Fixed spec file
- Initial version from Mike Halcrow
OBS-URL: https://build.opensuse.org/request/show/1077682
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=40
2023-04-06 10:28:45 +02:00
|
|
|
Thu Apr 6 08:14:25 UTC 2023 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
|
2023-04-04 10:12:08 +02:00
|
|
|
|
Accepting request 1083236 from home:ngueorguiev:branches:security:tls
- Updated the .spec file as follow:
* BuildRequires: libica-devel >= 4.0.0
* BuildRequires: libica-tools >= 4.0.0
- Added dependency on libica4 (bsc#1209038)
* BuildRequires and Requires statements in .spec file for libica4
- Applies a patch (bsc#1210359)
* openssl-ibmca-engine-noregister.patch
- Updated the '#dynamic_path' line, as it was before, with the comment '#'.
- Upgraded openssl-ibmca to version 2.4.0 (bsc#1210059)
* openssl-ibmca 2.4.0
- Provider: Adjustments for OpenSSL versions 3.1 and 3.2
- Provider: Support RSA blinding
- Provider: Constant-time fixes for RSA PKCS#1 v1.5 and OAEP padding
- Provider: Support "implicit rejection" option for RSA PKCS#1 v1.5 padding
- Provider: Adjustments in OpenSSL config generator and example configs
- Engine: EC: Cache ICA key in EC_KEY object (performance improvement)
- Engine: Enable RSA blinding
- Updated .spec file removed '#' from the line containing
'sed -e 's/^dynamic_path/#dynamic_path/' (bsc#1209038)
- Added in %files
* /usr/lib64/engines-3/ibmca-provider.la
* /usr/lib64/engines-3/ibmca-provider.so
- Upgraded to version 2.3.1 (jsc#PED-597)
* openssl-ibmca 2.3.1
- Adjustments for libica 4.1.0
* openssl-ibmca 2.3.0
- First version including the provider
- Fix for engine build without OpenSSL 3.0 sources
* openssl-ibmca 2.2.3
- Fix PKEY segfault with OpenSSL 3.0
* openssl-ibmca 2.2.2
- Fix tests with OpenSSL 3.0
- Build against libica 4.0
- Removed a Requires for libica from the specfile.
- Removed the obsolete baselibs.conf file
- Completely revamped the postinstall scriptlet so that it doesn't
need to know or care about how many lines are in either
/etc/ssl/openssl.cnf, or the sample file at
/usr/share/doc/packages/openssl-ibmca/openssl.cnf.sample
We're now using the ".include" directive for the openssl.cnf
file, and only modifying that file the minimum necessary to
implement the change. (bsc#1004463)
- Upgraded to version 2.2.1 (jsc#SLE-18333)
* openssl-ibmca 2.2.1
Bug fixes
* openssl-ibmca 2.2.0
Implement fallbacks based on OpenSSL
Disable software fallbacks from libica
Allow to specify default library (libica vs. libica-cex) to use
Provide "libica" engine ctrl to switch library at load time
Update README.md
Remove libica link dependency
Generate sample configuration files from system configuration
Restructure registration global data
* openssl-ibmca 2.1.3
Bug fix
* openssl-ibmca 2.1.2
Bug fixes
- Modified spec file to
* Define a global variable enginesdir the same was as IBM does
instead of _ENGINE_DIR as we had been doing.
* Implemented %make_build macro according to spec-cleaner
* Changed the package description to match IBM's.
* Removed the redundant "autoreconf --force --install"
- Upgrade to version 2.1.1 (jsc#SLE-13709)
* Bug fixes
- Upgrade to version 2.1.0 (jsc#SLE-7852, jsc#SLE-7882)
Add MSA9 CPACF support for X25519, X448, Ed25519 and Ed448
- Upgraded to version 2.0.3 (jsc#SLE-6123, jsc#SLE-6424)
* openssl-ibmca 2.0.3
Add MSA9 CPACF support for ECDSA sign/verify
- Dropped obsolete openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
- Changed the ExclusiveArch directive to include s390x only.
- The code in e_ibmca.c does a dlopen for libica.so.3, instead of
linking against the shared library. As a result, if the package
containing libica.so.3 isn't installed, problems occur. Added
a "Requires: libica3" to the spec file to fix this. (bsc#1142286)
- Made a couple of changes to the spec file based on the output
from spec-cleaner.
- Added openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
An Apache HTTP Server was set up with mod_ssl and the openssl
ibmca engine using libica and a CEX6A card. Whenever a worker
process is cleaned up a segmentation fault occurs.
(bsc#1138517)
- Upgraded to version 2.0.2 (Fate#325688)
* openssl-ibmca 2.0.2
Fix doing rsa-me, altough rsa-crt would be possible.
- Upgraded to version 2.0.1 (Fate#325688)
* openssl-ibmca 2.0.1
Dont fail when a libica symbol cannot be resolved.
- Made multiple changes to the spec file based on spec-cleaner output.
- Upgraded to version 2.0.0 (Fate#325688)
* openssl-ibmca 2.0.0
Add ECC support.
Add check and distcheck make-targets.
Project cleanup, code was broken into multiple files and coding style cleanup.
Improvements to compat macros for openssl.
Don't disable libica sw fallbacks.
Fix dlclose logic.
* openssl-ibmca 1.4.1
Fix structure size for aes-256-ecb/cbc/cfb/ofb
Update man page
Switch to ibmca.so filename to allow standalone use
Switch off Libica fallback mode if available
Make sure ibmca_init only runs once
Provide simple macro for DEBUG_PRINTF possibility
Cleanup and slight rework of function set_supported_meths
- Did some cleanup to the spec file, based on spec-cleanup.
- Removed the following obsolete patches:
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Added the following patches for bsc#1097463
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Upgraded to version 1.4.0
* Re-license to Apache License v2.0
* Fix aes_gcm initialization.
* Update man page.
* Add macros for OpenSSL 0.9.8 compat.
* Remove AC_FUNC_MALLOC from configure.ac
* Add compat macro for OpenSSL 1.0.1e-fips.
* Setting 'foreign' strictness for automake.
* Add AES-GCM support.
* Rework EVP_aes macros.
* Remove dependency of old local OpenSSL headers.
* Fix engine initialization to set function pointers only once.
* Remove blank COPYING and NEWS files.
* Remove INSTALL and move its content to README.md
* Update README.md file to make use of markdown.
* Rename README file to README.md to use markdown
* Add CONTRIBUTING guidelines.
* Adding coding style documentation.
* Enable EVP_MD_FLAG_FIPS flag for SHA-*.
* Initialize rsa_keygen in RSA_METHOD for openssl < 1.1.0
* Fix SHA512 EVP digest struct to use
EVP_MD_FLAG_PKEY_METHOD_SIGNATURE when using OpenSSL 1.0
* Fix wrong parenthesis
* convert libica loading to dlopen() and friends
* Add support to DSO on new API of OpenSSL-1.1.0
- Removed obsolete openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch
- Added BuildRequires for autoconf, automake, and libtool.
- Updated BuildRequires for libica-devel to be >= 3.1.1
- Now that the openSSL engines directory is versioned:
* Modified the spec file to query the libcrypto package
for which directory to install the engine into.
* Removed openssl-ibmca-fix-enginepath.patch. Replaced it
with a sed command so that it will provide the correct
versioned engines directory
- Removed openssl-ibmca-configure.patch. It doesn't seem to
be needed any longer.
- Added openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch (bsc#1032113)
- Added libica-tools to the BuildRequires due to repackaging of libica.
- Renamed BuildRequires from libica2-devel to libica-devel for the
same reason.
- Tweaked a comment to get rid of an rpmlint warning message.
- fixed ssl configuration merging (bsc#1004463)
- openssl-ibmca-fix-enginepath.patch: fix the engine path
- Use macro for configure (fate#319941)
- Use url for source
- Enable parallel building
- Cleanup spec file with spec-cleaner
- Upgraded to version 1.3.0 (fate#319941)
- Updated openssl-ibmca-configure.patch to apply cleanly
- Removed obsolete patches
- openssl-ibmca-README.patch
- openssl-ibmca-sha256-digest-length.patch
- openssl-pkey.patch
- openssl-des-ede.patch
- Did some spec file cleanup.
- Fixed %post script to update library path (the only dynamic part
of the ibmca configuration) every time the package is installed.
(bsc#966139)
- Updated AUTHORS, INSTALL, and README (bsc#942839)
- %post and %postun added to properly update openssl.cnf (bsc#942839)
- Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138)
- Remove dependency on fillup anf insserv; the package provides
neither sysconfig file nor sysvinit script
- Remove depreciated AUTHORS section
- Use %configure macro
- Add openssl-ibmca-configure.patch
- the openssl engines moved to /%_lib/engines bnc#905480
- Forced requirement of libica-2_3_0 (bnc#890824)
- openssl-des-ede.patch: fixed a crash during benchmark (bnc#879922)
- openssl-pkey.patch: defer HMAC signing to pkey framework, fixes
fips self-test during EC key creation (bnc#879922)
- spec file cleaned up a bit
- openssl-ibmca-sha256-digest-length.patch: SHA256: Fixed message
digest length definition in sha256 template (bnc#868275)
- update to 1.2.0
- removed patches:
ibmca-configure.patch
ibmca-segfault.fix.patch
ibmca-sw-fix.patch
openssl-ibmca-1.0.0.rc2-memset-fix.patch
- make it exclusivearch for s390/s390x as the required libica
is only available for s390/s390x
- Made required libica-2_1_0 s390 specific
- Added x86_64 to ExclusiveArch as %ix86 doesn't do it
- Removed libica requirement - allowing build process to find it
- Added COPYING to %files
- Requiring libica 2.1.0 or greater
- enable ppc64le
- fix build (add autoconf automake libtool to BuildRequires)
- disable libtool --finish call
- own engines directory
- package baselibs.conf
- obsolete old -XXbit packages (bnc#437293)
- added baselibs.conf file to build xxbit packages
for multilib support
- added fixes by IBM (bug #243801):
ibmca-segfault.fix: rewrite ibmca_mod_expto remove improper use of BIGNUM
object
ibmca-sw-fix: rewrite ibmca_mod_exp_crtto remove improper use of BIGNUM
object
openssl-ibmca-1.0.0.rc2-memset-fix.patch: fix memory initialization problem
- updated README (bug #185508)
- Fixed configure.in to build correctly
- Fixed spec file
- Initial version from Mike Halcrow
OBS-URL: https://build.opensuse.org/request/show/1083236
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=48
2023-04-27 11:54:16 +02:00
|
|
|
- Upgraded openssl-ibmca to version 2.4.0 (bsc#1210059)
|
Accepting request 1077682 from home:ngueorguiev:branches:security:tls
- Upgraded openssl-ibmca to version 2.4.0(bsc#1210059)
* openssl-ibmca 2.4.0
- Provider: Adjustments for OpenSSL versions 3.1 and 3.2
- Provider: Support RSA blinding
- Provider: Constant-time fixes for RSA PKCS#1 v1.5 and OAEP padding
- Provider: Support "implicit rejection" option for RSA PKCS#1 v1.5 padding
- Provider: Adjustments in OpenSSL config generator and example configs
- Engine: EC: Cache ICA key in EC_KEY object (performance improvement)
- Engine: Enable RSA blinding
- Updated .spec file removed '#' from the line containing
'sed -e 's/^dynamic_path/#dynamic_path/' (bsc#1209038)
- Added in %files
* /usr/lib64/engines-3/ibmca-provider.la
* /usr/lib64/engines-3/ibmca-provider.so
- Upgraded to version 2.3.1 (jsc#PED-597)
* openssl-ibmca 2.3.1
- Adjustments for libica 4.1.0
* openssl-ibmca 2.3.0
- First version including the provider
- Fix for engine build without OpenSSL 3.0 sources
* openssl-ibmca 2.2.3
- Fix PKEY segfault with OpenSSL 3.0
* openssl-ibmca 2.2.2
- Fix tests with OpenSSL 3.0
- Build against libica 4.0
- Removed a Requires for libica from the specfile.
- Removed the obsolete baselibs.conf file
- Completely revamped the postinstall scriptlet so that it doesn't
need to know or care about how many lines are in either
/etc/ssl/openssl.cnf, or the sample file at
/usr/share/doc/packages/openssl-ibmca/openssl.cnf.sample
We're now using the ".include" directive for the openssl.cnf
file, and only modifying that file the minimum necessary to
implement the change. (bsc#1004463)
- Upgraded to version 2.2.1 (jsc#SLE-18333)
* openssl-ibmca 2.2.1
Bug fixes
* openssl-ibmca 2.2.0
Implement fallbacks based on OpenSSL
Disable software fallbacks from libica
Allow to specify default library (libica vs. libica-cex) to use
Provide "libica" engine ctrl to switch library at load time
Update README.md
Remove libica link dependency
Generate sample configuration files from system configuration
Restructure registration global data
* openssl-ibmca 2.1.3
Bug fix
* openssl-ibmca 2.1.2
Bug fixes
- Modified spec file to
* Define a global variable enginesdir the same was as IBM does
instead of _ENGINE_DIR as we had been doing.
* Implemented %make_build macro according to spec-cleaner
* Changed the package description to match IBM's.
* Removed the redundant "autoreconf --force --install"
- Upgrade to version 2.1.1 (jsc#SLE-13709)
* Bug fixes
- Upgrade to version 2.1.0 (jsc#SLE-7852, jsc#SLE-7882)
Add MSA9 CPACF support for X25519, X448, Ed25519 and Ed448
- Upgraded to version 2.0.3 (jsc#SLE-6123, jsc#SLE-6424)
* openssl-ibmca 2.0.3
Add MSA9 CPACF support for ECDSA sign/verify
- Dropped obsolete openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
- Changed the ExclusiveArch directive to include s390x only.
- The code in e_ibmca.c does a dlopen for libica.so.3, instead of
linking against the shared library. As a result, if the package
containing libica.so.3 isn't installed, problems occur. Added
a "Requires: libica3" to the spec file to fix this. (bsc#1142286)
- Made a couple of changes to the spec file based on the output
from spec-cleaner.
- Added openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
An Apache HTTP Server was set up with mod_ssl and the openssl
ibmca engine using libica and a CEX6A card. Whenever a worker
process is cleaned up a segmentation fault occurs.
(bsc#1138517)
- Upgraded to version 2.0.2 (Fate#325688)
* openssl-ibmca 2.0.2
Fix doing rsa-me, altough rsa-crt would be possible.
- Upgraded to version 2.0.1 (Fate#325688)
* openssl-ibmca 2.0.1
Dont fail when a libica symbol cannot be resolved.
- Made multiple changes to the spec file based on spec-cleaner output.
- Upgraded to version 2.0.0 (Fate#325688)
* openssl-ibmca 2.0.0
Add ECC support.
Add check and distcheck make-targets.
Project cleanup, code was broken into multiple files and coding style cleanup.
Improvements to compat macros for openssl.
Don't disable libica sw fallbacks.
Fix dlclose logic.
* openssl-ibmca 1.4.1
Fix structure size for aes-256-ecb/cbc/cfb/ofb
Update man page
Switch to ibmca.so filename to allow standalone use
Switch off Libica fallback mode if available
Make sure ibmca_init only runs once
Provide simple macro for DEBUG_PRINTF possibility
Cleanup and slight rework of function set_supported_meths
- Did some cleanup to the spec file, based on spec-cleanup.
- Removed the following obsolete patches:
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Added the following patches for bsc#1097463
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Upgraded to version 1.4.0
* Re-license to Apache License v2.0
* Fix aes_gcm initialization.
* Update man page.
* Add macros for OpenSSL 0.9.8 compat.
* Remove AC_FUNC_MALLOC from configure.ac
* Add compat macro for OpenSSL 1.0.1e-fips.
* Setting 'foreign' strictness for automake.
* Add AES-GCM support.
* Rework EVP_aes macros.
* Remove dependency of old local OpenSSL headers.
* Fix engine initialization to set function pointers only once.
* Remove blank COPYING and NEWS files.
* Remove INSTALL and move its content to README.md
* Update README.md file to make use of markdown.
* Rename README file to README.md to use markdown
* Add CONTRIBUTING guidelines.
* Adding coding style documentation.
* Enable EVP_MD_FLAG_FIPS flag for SHA-*.
* Initialize rsa_keygen in RSA_METHOD for openssl < 1.1.0
* Fix SHA512 EVP digest struct to use
EVP_MD_FLAG_PKEY_METHOD_SIGNATURE when using OpenSSL 1.0
* Fix wrong parenthesis
* convert libica loading to dlopen() and friends
* Add support to DSO on new API of OpenSSL-1.1.0
- Removed obsolete openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch
- Added BuildRequires for autoconf, automake, and libtool.
- Updated BuildRequires for libica-devel to be >= 3.1.1
- Now that the openSSL engines directory is versioned:
* Modified the spec file to query the libcrypto package
for which directory to install the engine into.
* Removed openssl-ibmca-fix-enginepath.patch. Replaced it
with a sed command so that it will provide the correct
versioned engines directory
- Removed openssl-ibmca-configure.patch. It doesn't seem to
be needed any longer.
- Added openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch (bsc#1032113)
- Added libica-tools to the BuildRequires due to repackaging of libica.
- Renamed BuildRequires from libica2-devel to libica-devel for the
same reason.
- Tweaked a comment to get rid of an rpmlint warning message.
- fixed ssl configuration merging (bsc#1004463)
- openssl-ibmca-fix-enginepath.patch: fix the engine path
- Use macro for configure (fate#319941)
- Use url for source
- Enable parallel building
- Cleanup spec file with spec-cleaner
- Upgraded to version 1.3.0 (fate#319941)
- Updated openssl-ibmca-configure.patch to apply cleanly
- Removed obsolete patches
- openssl-ibmca-README.patch
- openssl-ibmca-sha256-digest-length.patch
- openssl-pkey.patch
- openssl-des-ede.patch
- Did some spec file cleanup.
- Fixed %post script to update library path (the only dynamic part
of the ibmca configuration) every time the package is installed.
(bsc#966139)
- Updated AUTHORS, INSTALL, and README (bsc#942839)
- %post and %postun added to properly update openssl.cnf (bsc#942839)
- Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138)
- Remove dependency on fillup anf insserv; the package provides
neither sysconfig file nor sysvinit script
- Remove depreciated AUTHORS section
- Use %configure macro
- Add openssl-ibmca-configure.patch
- the openssl engines moved to /%_lib/engines bnc#905480
- Forced requirement of libica-2_3_0 (bnc#890824)
- openssl-des-ede.patch: fixed a crash during benchmark (bnc#879922)
- openssl-pkey.patch: defer HMAC signing to pkey framework, fixes
fips self-test during EC key creation (bnc#879922)
- spec file cleaned up a bit
- openssl-ibmca-sha256-digest-length.patch: SHA256: Fixed message
digest length definition in sha256 template (bnc#868275)
- update to 1.2.0
- removed patches:
ibmca-configure.patch
ibmca-segfault.fix.patch
ibmca-sw-fix.patch
openssl-ibmca-1.0.0.rc2-memset-fix.patch
- make it exclusivearch for s390/s390x as the required libica
is only available for s390/s390x
- Made required libica-2_1_0 s390 specific
- Added x86_64 to ExclusiveArch as %ix86 doesn't do it
- Removed libica requirement - allowing build process to find it
- Added COPYING to %files
- Requiring libica 2.1.0 or greater
- enable ppc64le
- fix build (add autoconf automake libtool to BuildRequires)
- disable libtool --finish call
- own engines directory
- package baselibs.conf
- obsolete old -XXbit packages (bnc#437293)
- added baselibs.conf file to build xxbit packages
for multilib support
- added fixes by IBM (bug #243801):
ibmca-segfault.fix: rewrite ibmca_mod_expto remove improper use of BIGNUM
object
ibmca-sw-fix: rewrite ibmca_mod_exp_crtto remove improper use of BIGNUM
object
openssl-ibmca-1.0.0.rc2-memset-fix.patch: fix memory initialization problem
- updated README (bug #185508)
- Fixed configure.in to build correctly
- Fixed spec file
- Initial version from Mike Halcrow
OBS-URL: https://build.opensuse.org/request/show/1077682
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=40
2023-04-06 10:28:45 +02:00
|
|
|
* openssl-ibmca 2.4.0
|
|
|
|
|
- Provider: Adjustments for OpenSSL versions 3.1 and 3.2
|
|
|
|
|
- Provider: Support RSA blinding
|
|
|
|
|
- Provider: Constant-time fixes for RSA PKCS#1 v1.5 and OAEP padding
|
|
|
|
|
- Provider: Support "implicit rejection" option for RSA PKCS#1 v1.5 padding
|
|
|
|
|
- Provider: Adjustments in OpenSSL config generator and example configs
|
|
|
|
|
- Engine: EC: Cache ICA key in EC_KEY object (performance improvement)
|
|
|
|
|
- Engine: Enable RSA blinding
|
2023-04-04 10:12:08 +02:00
|
|
|
|
2023-03-14 12:41:40 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Mar 14 11:35:44 UTC 2023 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
|
|
|
|
|
|
|
|
|
|
- Updated .spec file removed '#' from the line containing
|
|
|
|
|
'sed -e 's/^dynamic_path/#dynamic_path/' (bsc#1209038)
|
|
|
|
|
- Added in %files
|
|
|
|
|
* /usr/lib64/engines-3/ibmca-provider.la
|
|
|
|
|
* /usr/lib64/engines-3/ibmca-provider.so
|
|
|
|
|
|
2022-10-05 18:22:33 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Oct 4 19:33:57 UTC 2022 - Mark Post <mpost@suse.com>
|
|
|
|
|
|
|
|
|
|
- Upgraded to version 2.3.1 (jsc#PED-597)
|
|
|
|
|
* openssl-ibmca 2.3.1
|
|
|
|
|
- Adjustments for libica 4.1.0
|
|
|
|
|
* openssl-ibmca 2.3.0
|
|
|
|
|
- First version including the provider
|
|
|
|
|
- Fix for engine build without OpenSSL 3.0 sources
|
|
|
|
|
* openssl-ibmca 2.2.3
|
|
|
|
|
- Fix PKEY segfault with OpenSSL 3.0
|
|
|
|
|
* openssl-ibmca 2.2.2
|
|
|
|
|
- Fix tests with OpenSSL 3.0
|
|
|
|
|
- Build against libica 4.0
|
|
|
|
|
- Removed a Requires for libica from the specfile.
|
|
|
|
|
- Removed the obsolete baselibs.conf file
|
|
|
|
|
|
Accepting request 962257 from home:markkp:branches:security:tls
- Completely revamped the postinstall scriptlet so that it doesn't
need to know or care about how many lines are in either
/etc/ssl/openssl.cnf, or the sample file at
/usr/share/doc/packages/openssl-ibmca/openssl.cnf.sample
We're now using the ".include" directive for the openssl.cnf
file, and only modifying that file the minimum necessary to
implement the change. (bsc#1004463)
- Upgraded to version 2.2.1 (jsc#SLE-18333)
* openssl-ibmca 2.2.1
Bug fixes
* openssl-ibmca 2.2.0
Implement fallbacks based on OpenSSL
Disable software fallbacks from libica
Allow to specify default library (libica vs. libica-cex) to use
Provide "libica" engine ctrl to switch library at load time
Update README.md
Remove libica link dependency
Generate sample configuration files from system configuration
Restructure registration global data
* openssl-ibmca 2.1.3
Bug fix
* openssl-ibmca 2.1.2
Bug fixes
- Modified spec file to
* Define a global variable enginesdir the same was as IBM does
instead of _ENGINE_DIR as we had been doing.
* Implemented %make_build macro according to spec-cleaner
* Changed the package description to match IBM's.
* Removed the redundant "autoreconf --force --install"
- Upgrade to version 2.1.1 (jsc#SLE-13709)
* Bug fixes
- Upgrade to version 2.1.0 (jsc#SLE-7852, jsc#SLE-7882)
Add MSA9 CPACF support for X25519, X448, Ed25519 and Ed448
- Upgraded to version 2.0.3 (jsc#SLE-6123, jsc#SLE-6424)
* openssl-ibmca 2.0.3
Add MSA9 CPACF support for ECDSA sign/verify
- Dropped obsolete openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
- Changed the ExclusiveArch directive to include s390x only.
- The code in e_ibmca.c does a dlopen for libica.so.3, instead of
linking against the shared library. As a result, if the package
containing libica.so.3 isn't installed, problems occur. Added
a "Requires: libica3" to the spec file to fix this. (bsc#1142286)
- Made a couple of changes to the spec file based on the output
from spec-cleaner.
- Added openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
An Apache HTTP Server was set up with mod_ssl and the openssl
ibmca engine using libica and a CEX6A card. Whenever a worker
process is cleaned up a segmentation fault occurs.
(bsc#1138517)
- Upgraded to version 2.0.2 (Fate#325688)
* openssl-ibmca 2.0.2
Fix doing rsa-me, altough rsa-crt would be possible.
- Upgraded to version 2.0.1 (Fate#325688)
* openssl-ibmca 2.0.1
Dont fail when a libica symbol cannot be resolved.
- Made multiple changes to the spec file based on spec-cleaner output.
- Upgraded to version 2.0.0 (Fate#325688)
* openssl-ibmca 2.0.0
Add ECC support.
Add check and distcheck make-targets.
Project cleanup, code was broken into multiple files and coding style cleanup.
Improvements to compat macros for openssl.
Don't disable libica sw fallbacks.
Fix dlclose logic.
* openssl-ibmca 1.4.1
Fix structure size for aes-256-ecb/cbc/cfb/ofb
Update man page
Switch to ibmca.so filename to allow standalone use
Switch off Libica fallback mode if available
Make sure ibmca_init only runs once
Provide simple macro for DEBUG_PRINTF possibility
Cleanup and slight rework of function set_supported_meths
- Did some cleanup to the spec file, based on spec-cleanup.
- Removed the following obsolete patches:
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Added the following patches for bsc#1097463
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Upgraded to version 1.4.0
* Re-license to Apache License v2.0
* Fix aes_gcm initialization.
* Update man page.
* Add macros for OpenSSL 0.9.8 compat.
* Remove AC_FUNC_MALLOC from configure.ac
* Add compat macro for OpenSSL 1.0.1e-fips.
* Setting 'foreign' strictness for automake.
* Add AES-GCM support.
* Rework EVP_aes macros.
* Remove dependency of old local OpenSSL headers.
* Fix engine initialization to set function pointers only once.
* Remove blank COPYING and NEWS files.
* Remove INSTALL and move its content to README.md
* Update README.md file to make use of markdown.
* Rename README file to README.md to use markdown
* Add CONTRIBUTING guidelines.
* Adding coding style documentation.
* Enable EVP_MD_FLAG_FIPS flag for SHA-*.
* Initialize rsa_keygen in RSA_METHOD for openssl < 1.1.0
* Fix SHA512 EVP digest struct to use
EVP_MD_FLAG_PKEY_METHOD_SIGNATURE when using OpenSSL 1.0
* Fix wrong parenthesis
* convert libica loading to dlopen() and friends
* Add support to DSO on new API of OpenSSL-1.1.0
- Removed obsolete openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch
- Added BuildRequires for autoconf, automake, and libtool.
- Updated BuildRequires for libica-devel to be >= 3.1.1
- Now that the openSSL engines directory is versioned:
* Modified the spec file to query the libcrypto package
for which directory to install the engine into.
* Removed openssl-ibmca-fix-enginepath.patch. Replaced it
with a sed command so that it will provide the correct
versioned engines directory
- Removed openssl-ibmca-configure.patch. It doesn't seem to
be needed any longer.
- Added openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch (bsc#1032113)
- Added libica-tools to the BuildRequires due to repackaging of libica.
- Renamed BuildRequires from libica2-devel to libica-devel for the
same reason.
- Tweaked a comment to get rid of an rpmlint warning message.
- fixed ssl configuration merging (bsc#1004463)
- openssl-ibmca-fix-enginepath.patch: fix the engine path
- Use macro for configure (fate#319941)
- Use url for source
- Enable parallel building
- Cleanup spec file with spec-cleaner
- Upgraded to version 1.3.0 (fate#319941)
- Updated openssl-ibmca-configure.patch to apply cleanly
- Removed obsolete patches
- openssl-ibmca-README.patch
- openssl-ibmca-sha256-digest-length.patch
- openssl-pkey.patch
- openssl-des-ede.patch
- Did some spec file cleanup.
- Fixed %post script to update library path (the only dynamic part
of the ibmca configuration) every time the package is installed.
(bsc#966139)
- Updated AUTHORS, INSTALL, and README (bsc#942839)
- %post and %postun added to properly update openssl.cnf (bsc#942839)
- Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138)
- Remove dependency on fillup anf insserv; the package provides
neither sysconfig file nor sysvinit script
- Remove depreciated AUTHORS section
- Use %configure macro
- Add openssl-ibmca-configure.patch
- the openssl engines moved to /%_lib/engines bnc#905480
- Forced requirement of libica-2_3_0 (bnc#890824)
- openssl-des-ede.patch: fixed a crash during benchmark (bnc#879922)
- openssl-pkey.patch: defer HMAC signing to pkey framework, fixes
fips self-test during EC key creation (bnc#879922)
- spec file cleaned up a bit
- openssl-ibmca-sha256-digest-length.patch: SHA256: Fixed message
digest length definition in sha256 template (bnc#868275)
- update to 1.2.0
- removed patches:
ibmca-configure.patch
ibmca-segfault.fix.patch
ibmca-sw-fix.patch
openssl-ibmca-1.0.0.rc2-memset-fix.patch
- make it exclusivearch for s390/s390x as the required libica
is only available for s390/s390x
- Made required libica-2_1_0 s390 specific
- Added x86_64 to ExclusiveArch as %ix86 doesn't do it
- Removed libica requirement - allowing build process to find it
- Added COPYING to %files
- Requiring libica 2.1.0 or greater
- enable ppc64le
- fix build (add autoconf automake libtool to BuildRequires)
- disable libtool --finish call
- own engines directory
- package baselibs.conf
- obsolete old -XXbit packages (bnc#437293)
- added baselibs.conf file to build xxbit packages
for multilib support
- added fixes by IBM (bug #243801):
ibmca-segfault.fix: rewrite ibmca_mod_expto remove improper use of BIGNUM
object
ibmca-sw-fix: rewrite ibmca_mod_exp_crtto remove improper use of BIGNUM
object
openssl-ibmca-1.0.0.rc2-memset-fix.patch: fix memory initialization problem
- updated README (bug #185508)
- Fixed configure.in to build correctly
- Fixed spec file
- Initial version from Mike Halcrow
OBS-URL: https://build.opensuse.org/request/show/962257
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=32
2022-03-16 18:58:14 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Mar 15 22:00:05 UTC 2022 - Mark Post <mpost@suse.com>
|
|
|
|
|
|
|
|
|
|
- Completely revamped the postinstall scriptlet so that it doesn't
|
|
|
|
|
need to know or care about how many lines are in either
|
|
|
|
|
/etc/ssl/openssl.cnf, or the sample file at
|
|
|
|
|
/usr/share/doc/packages/openssl-ibmca/openssl.cnf.sample
|
|
|
|
|
We're now using the ".include" directive for the openssl.cnf
|
|
|
|
|
file, and only modifying that file the minimum necessary to
|
|
|
|
|
implement the change. (bsc#1004463)
|
|
|
|
|
|
2021-09-17 21:51:08 +02:00
|
|
|
-------------------------------------------------------------------
|
2021-09-17 22:01:53 +02:00
|
|
|
Fri Sep 17 19:32:37 UTC 2021 - Mark Post <mpost@suse.com>
|
2021-09-17 21:51:08 +02:00
|
|
|
|
2021-09-17 21:56:34 +02:00
|
|
|
- Upgraded to version 2.2.1 (jsc#SLE-18333)
|
2021-09-17 21:51:08 +02:00
|
|
|
* openssl-ibmca 2.2.1
|
|
|
|
|
Bug fixes
|
|
|
|
|
* openssl-ibmca 2.2.0
|
|
|
|
|
Implement fallbacks based on OpenSSL
|
|
|
|
|
Disable software fallbacks from libica
|
|
|
|
|
Allow to specify default library (libica vs. libica-cex) to use
|
|
|
|
|
Provide "libica" engine ctrl to switch library at load time
|
|
|
|
|
Update README.md
|
|
|
|
|
Remove libica link dependency
|
|
|
|
|
Generate sample configuration files from system configuration
|
|
|
|
|
Restructure registration global data
|
|
|
|
|
* openssl-ibmca 2.1.3
|
|
|
|
|
Bug fix
|
|
|
|
|
* openssl-ibmca 2.1.2
|
|
|
|
|
Bug fixes
|
|
|
|
|
- Modified spec file to
|
Accepting request 962257 from home:markkp:branches:security:tls
- Completely revamped the postinstall scriptlet so that it doesn't
need to know or care about how many lines are in either
/etc/ssl/openssl.cnf, or the sample file at
/usr/share/doc/packages/openssl-ibmca/openssl.cnf.sample
We're now using the ".include" directive for the openssl.cnf
file, and only modifying that file the minimum necessary to
implement the change. (bsc#1004463)
- Upgraded to version 2.2.1 (jsc#SLE-18333)
* openssl-ibmca 2.2.1
Bug fixes
* openssl-ibmca 2.2.0
Implement fallbacks based on OpenSSL
Disable software fallbacks from libica
Allow to specify default library (libica vs. libica-cex) to use
Provide "libica" engine ctrl to switch library at load time
Update README.md
Remove libica link dependency
Generate sample configuration files from system configuration
Restructure registration global data
* openssl-ibmca 2.1.3
Bug fix
* openssl-ibmca 2.1.2
Bug fixes
- Modified spec file to
* Define a global variable enginesdir the same was as IBM does
instead of _ENGINE_DIR as we had been doing.
* Implemented %make_build macro according to spec-cleaner
* Changed the package description to match IBM's.
* Removed the redundant "autoreconf --force --install"
- Upgrade to version 2.1.1 (jsc#SLE-13709)
* Bug fixes
- Upgrade to version 2.1.0 (jsc#SLE-7852, jsc#SLE-7882)
Add MSA9 CPACF support for X25519, X448, Ed25519 and Ed448
- Upgraded to version 2.0.3 (jsc#SLE-6123, jsc#SLE-6424)
* openssl-ibmca 2.0.3
Add MSA9 CPACF support for ECDSA sign/verify
- Dropped obsolete openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
- Changed the ExclusiveArch directive to include s390x only.
- The code in e_ibmca.c does a dlopen for libica.so.3, instead of
linking against the shared library. As a result, if the package
containing libica.so.3 isn't installed, problems occur. Added
a "Requires: libica3" to the spec file to fix this. (bsc#1142286)
- Made a couple of changes to the spec file based on the output
from spec-cleaner.
- Added openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
An Apache HTTP Server was set up with mod_ssl and the openssl
ibmca engine using libica and a CEX6A card. Whenever a worker
process is cleaned up a segmentation fault occurs.
(bsc#1138517)
- Upgraded to version 2.0.2 (Fate#325688)
* openssl-ibmca 2.0.2
Fix doing rsa-me, altough rsa-crt would be possible.
- Upgraded to version 2.0.1 (Fate#325688)
* openssl-ibmca 2.0.1
Dont fail when a libica symbol cannot be resolved.
- Made multiple changes to the spec file based on spec-cleaner output.
- Upgraded to version 2.0.0 (Fate#325688)
* openssl-ibmca 2.0.0
Add ECC support.
Add check and distcheck make-targets.
Project cleanup, code was broken into multiple files and coding style cleanup.
Improvements to compat macros for openssl.
Don't disable libica sw fallbacks.
Fix dlclose logic.
* openssl-ibmca 1.4.1
Fix structure size for aes-256-ecb/cbc/cfb/ofb
Update man page
Switch to ibmca.so filename to allow standalone use
Switch off Libica fallback mode if available
Make sure ibmca_init only runs once
Provide simple macro for DEBUG_PRINTF possibility
Cleanup and slight rework of function set_supported_meths
- Did some cleanup to the spec file, based on spec-cleanup.
- Removed the following obsolete patches:
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Added the following patches for bsc#1097463
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Upgraded to version 1.4.0
* Re-license to Apache License v2.0
* Fix aes_gcm initialization.
* Update man page.
* Add macros for OpenSSL 0.9.8 compat.
* Remove AC_FUNC_MALLOC from configure.ac
* Add compat macro for OpenSSL 1.0.1e-fips.
* Setting 'foreign' strictness for automake.
* Add AES-GCM support.
* Rework EVP_aes macros.
* Remove dependency of old local OpenSSL headers.
* Fix engine initialization to set function pointers only once.
* Remove blank COPYING and NEWS files.
* Remove INSTALL and move its content to README.md
* Update README.md file to make use of markdown.
* Rename README file to README.md to use markdown
* Add CONTRIBUTING guidelines.
* Adding coding style documentation.
* Enable EVP_MD_FLAG_FIPS flag for SHA-*.
* Initialize rsa_keygen in RSA_METHOD for openssl < 1.1.0
* Fix SHA512 EVP digest struct to use
EVP_MD_FLAG_PKEY_METHOD_SIGNATURE when using OpenSSL 1.0
* Fix wrong parenthesis
* convert libica loading to dlopen() and friends
* Add support to DSO on new API of OpenSSL-1.1.0
- Removed obsolete openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch
- Added BuildRequires for autoconf, automake, and libtool.
- Updated BuildRequires for libica-devel to be >= 3.1.1
- Now that the openSSL engines directory is versioned:
* Modified the spec file to query the libcrypto package
for which directory to install the engine into.
* Removed openssl-ibmca-fix-enginepath.patch. Replaced it
with a sed command so that it will provide the correct
versioned engines directory
- Removed openssl-ibmca-configure.patch. It doesn't seem to
be needed any longer.
- Added openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch (bsc#1032113)
- Added libica-tools to the BuildRequires due to repackaging of libica.
- Renamed BuildRequires from libica2-devel to libica-devel for the
same reason.
- Tweaked a comment to get rid of an rpmlint warning message.
- fixed ssl configuration merging (bsc#1004463)
- openssl-ibmca-fix-enginepath.patch: fix the engine path
- Use macro for configure (fate#319941)
- Use url for source
- Enable parallel building
- Cleanup spec file with spec-cleaner
- Upgraded to version 1.3.0 (fate#319941)
- Updated openssl-ibmca-configure.patch to apply cleanly
- Removed obsolete patches
- openssl-ibmca-README.patch
- openssl-ibmca-sha256-digest-length.patch
- openssl-pkey.patch
- openssl-des-ede.patch
- Did some spec file cleanup.
- Fixed %post script to update library path (the only dynamic part
of the ibmca configuration) every time the package is installed.
(bsc#966139)
- Updated AUTHORS, INSTALL, and README (bsc#942839)
- %post and %postun added to properly update openssl.cnf (bsc#942839)
- Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138)
- Remove dependency on fillup anf insserv; the package provides
neither sysconfig file nor sysvinit script
- Remove depreciated AUTHORS section
- Use %configure macro
- Add openssl-ibmca-configure.patch
- the openssl engines moved to /%_lib/engines bnc#905480
- Forced requirement of libica-2_3_0 (bnc#890824)
- openssl-des-ede.patch: fixed a crash during benchmark (bnc#879922)
- openssl-pkey.patch: defer HMAC signing to pkey framework, fixes
fips self-test during EC key creation (bnc#879922)
- spec file cleaned up a bit
- openssl-ibmca-sha256-digest-length.patch: SHA256: Fixed message
digest length definition in sha256 template (bnc#868275)
- update to 1.2.0
- removed patches:
ibmca-configure.patch
ibmca-segfault.fix.patch
ibmca-sw-fix.patch
openssl-ibmca-1.0.0.rc2-memset-fix.patch
- make it exclusivearch for s390/s390x as the required libica
is only available for s390/s390x
- Made required libica-2_1_0 s390 specific
- Added x86_64 to ExclusiveArch as %ix86 doesn't do it
- Removed libica requirement - allowing build process to find it
- Added COPYING to %files
- Requiring libica 2.1.0 or greater
- enable ppc64le
- fix build (add autoconf automake libtool to BuildRequires)
- disable libtool --finish call
- own engines directory
- package baselibs.conf
- obsolete old -XXbit packages (bnc#437293)
- added baselibs.conf file to build xxbit packages
for multilib support
- added fixes by IBM (bug #243801):
ibmca-segfault.fix: rewrite ibmca_mod_expto remove improper use of BIGNUM
object
ibmca-sw-fix: rewrite ibmca_mod_exp_crtto remove improper use of BIGNUM
object
openssl-ibmca-1.0.0.rc2-memset-fix.patch: fix memory initialization problem
- updated README (bug #185508)
- Fixed configure.in to build correctly
- Fixed spec file
- Initial version from Mike Halcrow
OBS-URL: https://build.opensuse.org/request/show/962257
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=32
2022-03-16 18:58:14 +01:00
|
|
|
* Define a global variable enginesdir the same was as IBM does
|
2021-09-17 21:51:08 +02:00
|
|
|
instead of _ENGINE_DIR as we had been doing.
|
|
|
|
|
* Implemented %make_build macro according to spec-cleaner
|
|
|
|
|
* Changed the package description to match IBM's.
|
|
|
|
|
* Removed the redundant "autoreconf --force --install"
|
|
|
|
|
|
Accepting request 835921 from home:markkp:branches:security:tls
- Upgrade to version 2.1.1 (jsc#SLE-14468)
* Bug fixes
- Upgrade to version 2.1.0 (jsc#SLE-7852, jsc#SLE-7882)
Add MSA9 CPACF support for X25519, X448, Ed25519 and Ed448
- Upgraded to version 2.0.3 (jsc#SLE-6123, jsc#SLE-6424)
* openssl-ibmca 2.0.3
Add MSA9 CPACF support for ECDSA sign/verify
- Dropped obsolete openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
- Changed the ExclusiveArch directive to include s390x only.
- The code in e_ibmca.c does a dlopen for libica.so.3, instead of
linking against the shared library. As a result, if the package
containing libica.so.3 isn't installed, problems occur. Added
a "Requires: libica3" to the spec file to fix this. (bsc#1142286)
- Made a couple of changes to the spec file based on the output
from spec-cleaner.
- Added openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
An Apache HTTP Server was set up with mod_ssl and the openssl
ibmca engine using libica and a CEX6A card. Whenever a worker
process is cleaned up a segmentation fault occurs.
(bsc#1138517)
- Upgraded to version 2.0.2 (Fate#325688)
* openssl-ibmca 2.0.2
Fix doing rsa-me, altough rsa-crt would be possible.
- Upgraded to version 2.0.1 (Fate#325688)
* openssl-ibmca 2.0.1
Dont fail when a libica symbol cannot be resolved.
- Made multiple changes to the spec file based on spec-cleaner output.
- Upgraded to version 2.0.0 (Fate#325688)
* openssl-ibmca 2.0.0
Add ECC support.
Add check and distcheck make-targets.
Project cleanup, code was broken into multiple files and coding style cleanup.
Improvements to compat macros for openssl.
Don't disable libica sw fallbacks.
Fix dlclose logic.
* openssl-ibmca 1.4.1
Fix structure size for aes-256-ecb/cbc/cfb/ofb
Update man page
Switch to ibmca.so filename to allow standalone use
Switch off Libica fallback mode if available
Make sure ibmca_init only runs once
Provide simple macro for DEBUG_PRINTF possibility
Cleanup and slight rework of function set_supported_meths
- Did some cleanup to the spec file, based on spec-cleanup.
- Removed the following obsolete patches:
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Added the following patches for bsc#1097463
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Upgraded to version 1.4.0
* Re-license to Apache License v2.0
* Fix aes_gcm initialization.
* Update man page.
* Add macros for OpenSSL 0.9.8 compat.
* Remove AC_FUNC_MALLOC from configure.ac
* Add compat macro for OpenSSL 1.0.1e-fips.
* Setting 'foreign' strictness for automake.
* Add AES-GCM support.
* Rework EVP_aes macros.
* Remove dependency of old local OpenSSL headers.
* Fix engine initialization to set function pointers only once.
* Remove blank COPYING and NEWS files.
* Remove INSTALL and move its content to README.md
* Update README.md file to make use of markdown.
* Rename README file to README.md to use markdown
* Add CONTRIBUTING guidelines.
* Adding coding style documentation.
* Enable EVP_MD_FLAG_FIPS flag for SHA-*.
* Initialize rsa_keygen in RSA_METHOD for openssl < 1.1.0
* Fix SHA512 EVP digest struct to use
EVP_MD_FLAG_PKEY_METHOD_SIGNATURE when using OpenSSL 1.0
* Fix wrong parenthesis
* convert libica loading to dlopen() and friends
* Add support to DSO on new API of OpenSSL-1.1.0
- Removed obsolete openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch
- Added BuildRequires for autoconf, automake, and libtool.
- Updated BuildRequires for libica-devel to be >= 3.1.1
- Now that the openSSL engines directory is versioned:
* Modified the spec file to query the libcrypto package
for which directory to install the engine into.
* Removed openssl-ibmca-fix-enginepath.patch. Replaced it
with a sed command so that it will provide the correct
versioned engines directory
- Removed openssl-ibmca-configure.patch. It doesn't seem to
be needed any longer.
- Added openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch (bsc#1032113)
- Added libica-tools to the BuildRequires due to repackaging of libica.
- Renamed BuildRequires from libica2-devel to libica-devel for the
same reason.
- Tweaked a comment to get rid of an rpmlint warning message.
- fixed ssl configuration merging (bsc#1004463)
- openssl-ibmca-fix-enginepath.patch: fix the engine path
- Use macro for configure (fate#319941)
- Use url for source
- Enable parallel building
- Cleanup spec file with spec-cleaner
- Upgraded to version 1.3.0 (fate#319941)
- Updated openssl-ibmca-configure.patch to apply cleanly
- Removed obsolete patches
- openssl-ibmca-README.patch
- openssl-ibmca-sha256-digest-length.patch
- openssl-pkey.patch
- openssl-des-ede.patch
- Did some spec file cleanup.
- Fixed %post script to update library path (the only dynamic part
of the ibmca configuration) every time the package is installed.
(bsc#966139)
- Updated AUTHORS, INSTALL, and README (bsc#942839)
- %post and %postun added to properly update openssl.cnf (bsc#942839)
- Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138)
- Remove dependency on fillup anf insserv; the package provides
neither sysconfig file nor sysvinit script
- Remove depreciated AUTHORS section
- Use %configure macro
- Add openssl-ibmca-configure.patch
- the openssl engines moved to /%_lib/engines bnc#905480
- Forced requirement of libica-2_3_0 (bnc#890824)
- openssl-des-ede.patch: fixed a crash during benchmark (bnc#879922)
- openssl-pkey.patch: defer HMAC signing to pkey framework, fixes
fips self-test during EC key creation (bnc#879922)
- spec file cleaned up a bit
- openssl-ibmca-sha256-digest-length.patch: SHA256: Fixed message
digest length definition in sha256 template (bnc#868275)
- update to 1.2.0
- removed patches:
ibmca-configure.patch
ibmca-segfault.fix.patch
ibmca-sw-fix.patch
openssl-ibmca-1.0.0.rc2-memset-fix.patch
- make it exclusivearch for s390/s390x as the required libica
is only available for s390/s390x
- Made required libica-2_1_0 s390 specific
- Added x86_64 to ExclusiveArch as %ix86 doesn't do it
- Removed libica requirement - allowing build process to find it
- Added COPYING to %files
- Requiring libica 2.1.0 or greater
- enable ppc64le
- fix build (add autoconf automake libtool to BuildRequires)
- disable libtool --finish call
- own engines directory
- package baselibs.conf
- obsolete old -XXbit packages (bnc#437293)
- added baselibs.conf file to build xxbit packages
for multilib support
- added fixes by IBM (bug #243801):
ibmca-segfault.fix: rewrite ibmca_mod_expto remove improper use of BIGNUM
object
ibmca-sw-fix: rewrite ibmca_mod_exp_crtto remove improper use of BIGNUM
object
openssl-ibmca-1.0.0.rc2-memset-fix.patch: fix memory initialization problem
- updated README (bug #185508)
- Fixed configure.in to build correctly
- Fixed spec file
- Initial version from Mike Halcrow
OBS-URL: https://build.opensuse.org/request/show/835921
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=22
2020-09-21 22:06:08 +02:00
|
|
|
-------------------------------------------------------------------
|
2021-09-17 22:01:53 +02:00
|
|
|
Wed Sep 16 20:06:12 UTC 2020 - Mark Post <mpost@suse.com>
|
Accepting request 835921 from home:markkp:branches:security:tls
- Upgrade to version 2.1.1 (jsc#SLE-14468)
* Bug fixes
- Upgrade to version 2.1.0 (jsc#SLE-7852, jsc#SLE-7882)
Add MSA9 CPACF support for X25519, X448, Ed25519 and Ed448
- Upgraded to version 2.0.3 (jsc#SLE-6123, jsc#SLE-6424)
* openssl-ibmca 2.0.3
Add MSA9 CPACF support for ECDSA sign/verify
- Dropped obsolete openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
- Changed the ExclusiveArch directive to include s390x only.
- The code in e_ibmca.c does a dlopen for libica.so.3, instead of
linking against the shared library. As a result, if the package
containing libica.so.3 isn't installed, problems occur. Added
a "Requires: libica3" to the spec file to fix this. (bsc#1142286)
- Made a couple of changes to the spec file based on the output
from spec-cleaner.
- Added openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
An Apache HTTP Server was set up with mod_ssl and the openssl
ibmca engine using libica and a CEX6A card. Whenever a worker
process is cleaned up a segmentation fault occurs.
(bsc#1138517)
- Upgraded to version 2.0.2 (Fate#325688)
* openssl-ibmca 2.0.2
Fix doing rsa-me, altough rsa-crt would be possible.
- Upgraded to version 2.0.1 (Fate#325688)
* openssl-ibmca 2.0.1
Dont fail when a libica symbol cannot be resolved.
- Made multiple changes to the spec file based on spec-cleaner output.
- Upgraded to version 2.0.0 (Fate#325688)
* openssl-ibmca 2.0.0
Add ECC support.
Add check and distcheck make-targets.
Project cleanup, code was broken into multiple files and coding style cleanup.
Improvements to compat macros for openssl.
Don't disable libica sw fallbacks.
Fix dlclose logic.
* openssl-ibmca 1.4.1
Fix structure size for aes-256-ecb/cbc/cfb/ofb
Update man page
Switch to ibmca.so filename to allow standalone use
Switch off Libica fallback mode if available
Make sure ibmca_init only runs once
Provide simple macro for DEBUG_PRINTF possibility
Cleanup and slight rework of function set_supported_meths
- Did some cleanup to the spec file, based on spec-cleanup.
- Removed the following obsolete patches:
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Added the following patches for bsc#1097463
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Upgraded to version 1.4.0
* Re-license to Apache License v2.0
* Fix aes_gcm initialization.
* Update man page.
* Add macros for OpenSSL 0.9.8 compat.
* Remove AC_FUNC_MALLOC from configure.ac
* Add compat macro for OpenSSL 1.0.1e-fips.
* Setting 'foreign' strictness for automake.
* Add AES-GCM support.
* Rework EVP_aes macros.
* Remove dependency of old local OpenSSL headers.
* Fix engine initialization to set function pointers only once.
* Remove blank COPYING and NEWS files.
* Remove INSTALL and move its content to README.md
* Update README.md file to make use of markdown.
* Rename README file to README.md to use markdown
* Add CONTRIBUTING guidelines.
* Adding coding style documentation.
* Enable EVP_MD_FLAG_FIPS flag for SHA-*.
* Initialize rsa_keygen in RSA_METHOD for openssl < 1.1.0
* Fix SHA512 EVP digest struct to use
EVP_MD_FLAG_PKEY_METHOD_SIGNATURE when using OpenSSL 1.0
* Fix wrong parenthesis
* convert libica loading to dlopen() and friends
* Add support to DSO on new API of OpenSSL-1.1.0
- Removed obsolete openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch
- Added BuildRequires for autoconf, automake, and libtool.
- Updated BuildRequires for libica-devel to be >= 3.1.1
- Now that the openSSL engines directory is versioned:
* Modified the spec file to query the libcrypto package
for which directory to install the engine into.
* Removed openssl-ibmca-fix-enginepath.patch. Replaced it
with a sed command so that it will provide the correct
versioned engines directory
- Removed openssl-ibmca-configure.patch. It doesn't seem to
be needed any longer.
- Added openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch (bsc#1032113)
- Added libica-tools to the BuildRequires due to repackaging of libica.
- Renamed BuildRequires from libica2-devel to libica-devel for the
same reason.
- Tweaked a comment to get rid of an rpmlint warning message.
- fixed ssl configuration merging (bsc#1004463)
- openssl-ibmca-fix-enginepath.patch: fix the engine path
- Use macro for configure (fate#319941)
- Use url for source
- Enable parallel building
- Cleanup spec file with spec-cleaner
- Upgraded to version 1.3.0 (fate#319941)
- Updated openssl-ibmca-configure.patch to apply cleanly
- Removed obsolete patches
- openssl-ibmca-README.patch
- openssl-ibmca-sha256-digest-length.patch
- openssl-pkey.patch
- openssl-des-ede.patch
- Did some spec file cleanup.
- Fixed %post script to update library path (the only dynamic part
of the ibmca configuration) every time the package is installed.
(bsc#966139)
- Updated AUTHORS, INSTALL, and README (bsc#942839)
- %post and %postun added to properly update openssl.cnf (bsc#942839)
- Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138)
- Remove dependency on fillup anf insserv; the package provides
neither sysconfig file nor sysvinit script
- Remove depreciated AUTHORS section
- Use %configure macro
- Add openssl-ibmca-configure.patch
- the openssl engines moved to /%_lib/engines bnc#905480
- Forced requirement of libica-2_3_0 (bnc#890824)
- openssl-des-ede.patch: fixed a crash during benchmark (bnc#879922)
- openssl-pkey.patch: defer HMAC signing to pkey framework, fixes
fips self-test during EC key creation (bnc#879922)
- spec file cleaned up a bit
- openssl-ibmca-sha256-digest-length.patch: SHA256: Fixed message
digest length definition in sha256 template (bnc#868275)
- update to 1.2.0
- removed patches:
ibmca-configure.patch
ibmca-segfault.fix.patch
ibmca-sw-fix.patch
openssl-ibmca-1.0.0.rc2-memset-fix.patch
- make it exclusivearch for s390/s390x as the required libica
is only available for s390/s390x
- Made required libica-2_1_0 s390 specific
- Added x86_64 to ExclusiveArch as %ix86 doesn't do it
- Removed libica requirement - allowing build process to find it
- Added COPYING to %files
- Requiring libica 2.1.0 or greater
- enable ppc64le
- fix build (add autoconf automake libtool to BuildRequires)
- disable libtool --finish call
- own engines directory
- package baselibs.conf
- obsolete old -XXbit packages (bnc#437293)
- added baselibs.conf file to build xxbit packages
for multilib support
- added fixes by IBM (bug #243801):
ibmca-segfault.fix: rewrite ibmca_mod_expto remove improper use of BIGNUM
object
ibmca-sw-fix: rewrite ibmca_mod_exp_crtto remove improper use of BIGNUM
object
openssl-ibmca-1.0.0.rc2-memset-fix.patch: fix memory initialization problem
- updated README (bug #185508)
- Fixed configure.in to build correctly
- Fixed spec file
- Initial version from Mike Halcrow
OBS-URL: https://build.opensuse.org/request/show/835921
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=22
2020-09-21 22:06:08 +02:00
|
|
|
|
2020-09-23 23:24:00 +02:00
|
|
|
- Upgrade to version 2.1.1 (jsc#SLE-13709)
|
Accepting request 835921 from home:markkp:branches:security:tls
- Upgrade to version 2.1.1 (jsc#SLE-14468)
* Bug fixes
- Upgrade to version 2.1.0 (jsc#SLE-7852, jsc#SLE-7882)
Add MSA9 CPACF support for X25519, X448, Ed25519 and Ed448
- Upgraded to version 2.0.3 (jsc#SLE-6123, jsc#SLE-6424)
* openssl-ibmca 2.0.3
Add MSA9 CPACF support for ECDSA sign/verify
- Dropped obsolete openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
- Changed the ExclusiveArch directive to include s390x only.
- The code in e_ibmca.c does a dlopen for libica.so.3, instead of
linking against the shared library. As a result, if the package
containing libica.so.3 isn't installed, problems occur. Added
a "Requires: libica3" to the spec file to fix this. (bsc#1142286)
- Made a couple of changes to the spec file based on the output
from spec-cleaner.
- Added openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
An Apache HTTP Server was set up with mod_ssl and the openssl
ibmca engine using libica and a CEX6A card. Whenever a worker
process is cleaned up a segmentation fault occurs.
(bsc#1138517)
- Upgraded to version 2.0.2 (Fate#325688)
* openssl-ibmca 2.0.2
Fix doing rsa-me, altough rsa-crt would be possible.
- Upgraded to version 2.0.1 (Fate#325688)
* openssl-ibmca 2.0.1
Dont fail when a libica symbol cannot be resolved.
- Made multiple changes to the spec file based on spec-cleaner output.
- Upgraded to version 2.0.0 (Fate#325688)
* openssl-ibmca 2.0.0
Add ECC support.
Add check and distcheck make-targets.
Project cleanup, code was broken into multiple files and coding style cleanup.
Improvements to compat macros for openssl.
Don't disable libica sw fallbacks.
Fix dlclose logic.
* openssl-ibmca 1.4.1
Fix structure size for aes-256-ecb/cbc/cfb/ofb
Update man page
Switch to ibmca.so filename to allow standalone use
Switch off Libica fallback mode if available
Make sure ibmca_init only runs once
Provide simple macro for DEBUG_PRINTF possibility
Cleanup and slight rework of function set_supported_meths
- Did some cleanup to the spec file, based on spec-cleanup.
- Removed the following obsolete patches:
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Added the following patches for bsc#1097463
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Upgraded to version 1.4.0
* Re-license to Apache License v2.0
* Fix aes_gcm initialization.
* Update man page.
* Add macros for OpenSSL 0.9.8 compat.
* Remove AC_FUNC_MALLOC from configure.ac
* Add compat macro for OpenSSL 1.0.1e-fips.
* Setting 'foreign' strictness for automake.
* Add AES-GCM support.
* Rework EVP_aes macros.
* Remove dependency of old local OpenSSL headers.
* Fix engine initialization to set function pointers only once.
* Remove blank COPYING and NEWS files.
* Remove INSTALL and move its content to README.md
* Update README.md file to make use of markdown.
* Rename README file to README.md to use markdown
* Add CONTRIBUTING guidelines.
* Adding coding style documentation.
* Enable EVP_MD_FLAG_FIPS flag for SHA-*.
* Initialize rsa_keygen in RSA_METHOD for openssl < 1.1.0
* Fix SHA512 EVP digest struct to use
EVP_MD_FLAG_PKEY_METHOD_SIGNATURE when using OpenSSL 1.0
* Fix wrong parenthesis
* convert libica loading to dlopen() and friends
* Add support to DSO on new API of OpenSSL-1.1.0
- Removed obsolete openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch
- Added BuildRequires for autoconf, automake, and libtool.
- Updated BuildRequires for libica-devel to be >= 3.1.1
- Now that the openSSL engines directory is versioned:
* Modified the spec file to query the libcrypto package
for which directory to install the engine into.
* Removed openssl-ibmca-fix-enginepath.patch. Replaced it
with a sed command so that it will provide the correct
versioned engines directory
- Removed openssl-ibmca-configure.patch. It doesn't seem to
be needed any longer.
- Added openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch (bsc#1032113)
- Added libica-tools to the BuildRequires due to repackaging of libica.
- Renamed BuildRequires from libica2-devel to libica-devel for the
same reason.
- Tweaked a comment to get rid of an rpmlint warning message.
- fixed ssl configuration merging (bsc#1004463)
- openssl-ibmca-fix-enginepath.patch: fix the engine path
- Use macro for configure (fate#319941)
- Use url for source
- Enable parallel building
- Cleanup spec file with spec-cleaner
- Upgraded to version 1.3.0 (fate#319941)
- Updated openssl-ibmca-configure.patch to apply cleanly
- Removed obsolete patches
- openssl-ibmca-README.patch
- openssl-ibmca-sha256-digest-length.patch
- openssl-pkey.patch
- openssl-des-ede.patch
- Did some spec file cleanup.
- Fixed %post script to update library path (the only dynamic part
of the ibmca configuration) every time the package is installed.
(bsc#966139)
- Updated AUTHORS, INSTALL, and README (bsc#942839)
- %post and %postun added to properly update openssl.cnf (bsc#942839)
- Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138)
- Remove dependency on fillup anf insserv; the package provides
neither sysconfig file nor sysvinit script
- Remove depreciated AUTHORS section
- Use %configure macro
- Add openssl-ibmca-configure.patch
- the openssl engines moved to /%_lib/engines bnc#905480
- Forced requirement of libica-2_3_0 (bnc#890824)
- openssl-des-ede.patch: fixed a crash during benchmark (bnc#879922)
- openssl-pkey.patch: defer HMAC signing to pkey framework, fixes
fips self-test during EC key creation (bnc#879922)
- spec file cleaned up a bit
- openssl-ibmca-sha256-digest-length.patch: SHA256: Fixed message
digest length definition in sha256 template (bnc#868275)
- update to 1.2.0
- removed patches:
ibmca-configure.patch
ibmca-segfault.fix.patch
ibmca-sw-fix.patch
openssl-ibmca-1.0.0.rc2-memset-fix.patch
- make it exclusivearch for s390/s390x as the required libica
is only available for s390/s390x
- Made required libica-2_1_0 s390 specific
- Added x86_64 to ExclusiveArch as %ix86 doesn't do it
- Removed libica requirement - allowing build process to find it
- Added COPYING to %files
- Requiring libica 2.1.0 or greater
- enable ppc64le
- fix build (add autoconf automake libtool to BuildRequires)
- disable libtool --finish call
- own engines directory
- package baselibs.conf
- obsolete old -XXbit packages (bnc#437293)
- added baselibs.conf file to build xxbit packages
for multilib support
- added fixes by IBM (bug #243801):
ibmca-segfault.fix: rewrite ibmca_mod_expto remove improper use of BIGNUM
object
ibmca-sw-fix: rewrite ibmca_mod_exp_crtto remove improper use of BIGNUM
object
openssl-ibmca-1.0.0.rc2-memset-fix.patch: fix memory initialization problem
- updated README (bug #185508)
- Fixed configure.in to build correctly
- Fixed spec file
- Initial version from Mike Halcrow
OBS-URL: https://build.opensuse.org/request/show/835921
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=22
2020-09-21 22:06:08 +02:00
|
|
|
* Bug fixes
|
|
|
|
|
|
2019-10-15 21:56:26 +02:00
|
|
|
-------------------------------------------------------------------
|
2021-09-17 22:01:53 +02:00
|
|
|
Tue Sep 10 22:22:49 UTC 2019 - Mark Post <mpost@suse.com>
|
2019-10-15 21:56:26 +02:00
|
|
|
|
|
|
|
|
- Upgrade to version 2.1.0 (jsc#SLE-7852, jsc#SLE-7882)
|
|
|
|
|
Add MSA9 CPACF support for X25519, X448, Ed25519 and Ed448
|
|
|
|
|
|
2019-09-07 00:24:57 +02:00
|
|
|
-------------------------------------------------------------------
|
2021-09-17 22:01:53 +02:00
|
|
|
Wed Aug 28 20:56:08 UTC 2019 - Mark Post <mpost@suse.com>
|
2019-09-07 00:24:57 +02:00
|
|
|
|
|
|
|
|
- Upgraded to version 2.0.3 (jsc#SLE-6123, jsc#SLE-6424)
|
|
|
|
|
* openssl-ibmca 2.0.3
|
|
|
|
|
Add MSA9 CPACF support for ECDSA sign/verify
|
|
|
|
|
- Dropped obsolete openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
|
|
|
|
|
- Changed the ExclusiveArch directive to include s390x only.
|
|
|
|
|
- The code in e_ibmca.c does a dlopen for libica.so.3, instead of
|
|
|
|
|
linking against the shared library. As a result, if the package
|
|
|
|
|
containing libica.so.3 isn't installed, problems occur. Added
|
|
|
|
|
a "Requires: libica3" to the spec file to fix this. (bsc#1142286)
|
|
|
|
|
- Made a couple of changes to the spec file based on the output
|
|
|
|
|
from spec-cleaner.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2021-09-17 22:01:53 +02:00
|
|
|
Fri Jun 28 18:10:29 UTC 2019 - Mark Post <mpost@suse.com>
|
2019-09-07 00:24:57 +02:00
|
|
|
|
|
|
|
|
- Added openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
|
|
|
|
|
An Apache HTTP Server was set up with mod_ssl and the openssl
|
|
|
|
|
ibmca engine using libica and a CEX6A card. Whenever a worker
|
|
|
|
|
process is cleaned up a segmentation fault occurs.
|
|
|
|
|
(bsc#1138517)
|
|
|
|
|
|
2018-11-27 19:05:19 +01:00
|
|
|
-------------------------------------------------------------------
|
2021-09-17 22:01:53 +02:00
|
|
|
Tue Nov 27 17:55:19 UTC 2018 - mpost@suse.com
|
2018-11-27 19:05:19 +01:00
|
|
|
|
|
|
|
|
- Upgraded to version 2.0.2 (Fate#325688)
|
|
|
|
|
* openssl-ibmca 2.0.2
|
|
|
|
|
Fix doing rsa-me, altough rsa-crt would be possible.
|
|
|
|
|
|
2018-11-21 00:36:22 +01:00
|
|
|
-------------------------------------------------------------------
|
2021-09-17 22:01:53 +02:00
|
|
|
Thu Nov 15 20:17:04 UTC 2018 - mpost@suse.com
|
2018-11-21 00:36:22 +01:00
|
|
|
|
|
|
|
|
- Upgraded to version 2.0.1 (Fate#325688)
|
|
|
|
|
* openssl-ibmca 2.0.1
|
|
|
|
|
Dont fail when a libica symbol cannot be resolved.
|
|
|
|
|
- Made multiple changes to the spec file based on spec-cleaner output.
|
|
|
|
|
|
2018-09-03 10:35:56 +02:00
|
|
|
-------------------------------------------------------------------
|
2021-09-17 22:01:53 +02:00
|
|
|
Wed Nov 14 20:18:07 UTC 2018 - mpost@suse.com
|
2018-09-03 10:35:56 +02:00
|
|
|
|
2018-11-14 21:37:20 +01:00
|
|
|
- Upgraded to version 2.0.0 (Fate#325688)
|
|
|
|
|
* openssl-ibmca 2.0.0
|
|
|
|
|
Add ECC support.
|
|
|
|
|
Add check and distcheck make-targets.
|
|
|
|
|
Project cleanup, code was broken into multiple files and coding style cleanup.
|
|
|
|
|
Improvements to compat macros for openssl.
|
|
|
|
|
Don't disable libica sw fallbacks.
|
|
|
|
|
Fix dlclose logic.
|
|
|
|
|
* openssl-ibmca 1.4.1
|
|
|
|
|
Fix structure size for aes-256-ecb/cbc/cfb/ofb
|
|
|
|
|
Update man page
|
|
|
|
|
Switch to ibmca.so filename to allow standalone use
|
|
|
|
|
Switch off Libica fallback mode if available
|
|
|
|
|
Make sure ibmca_init only runs once
|
|
|
|
|
Provide simple macro for DEBUG_PRINTF possibility
|
|
|
|
|
Cleanup and slight rework of function set_supported_meths
|
|
|
|
|
- Did some cleanup to the spec file, based on spec-cleanup.
|
2018-11-14 23:44:10 +01:00
|
|
|
- Removed the following obsolete patches:
|
|
|
|
|
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
|
|
|
|
|
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
|
|
|
|
|
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2021-09-17 22:01:53 +02:00
|
|
|
Fri Aug 31 19:37:39 UTC 2018 - mpost@suse.com
|
2018-11-14 23:44:10 +01:00
|
|
|
|
|
|
|
|
- Added the following patches for bsc#1097463
|
|
|
|
|
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
|
|
|
|
|
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
|
|
|
|
|
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
|
2018-09-03 10:35:56 +02:00
|
|
|
|
2017-10-02 16:53:42 +02:00
|
|
|
-------------------------------------------------------------------
|
2021-09-17 22:01:53 +02:00
|
|
|
Fri Sep 22 18:07:10 UTC 2017 - mpost@suse.com
|
2017-10-02 16:53:42 +02:00
|
|
|
|
|
|
|
|
- Upgraded to version 1.4.0
|
|
|
|
|
* Re-license to Apache License v2.0
|
|
|
|
|
* Fix aes_gcm initialization.
|
|
|
|
|
* Update man page.
|
|
|
|
|
* Add macros for OpenSSL 0.9.8 compat.
|
|
|
|
|
* Remove AC_FUNC_MALLOC from configure.ac
|
|
|
|
|
* Add compat macro for OpenSSL 1.0.1e-fips.
|
|
|
|
|
* Setting 'foreign' strictness for automake.
|
|
|
|
|
* Add AES-GCM support.
|
|
|
|
|
* Rework EVP_aes macros.
|
|
|
|
|
* Remove dependency of old local OpenSSL headers.
|
|
|
|
|
* Fix engine initialization to set function pointers only once.
|
|
|
|
|
* Remove blank COPYING and NEWS files.
|
|
|
|
|
* Remove INSTALL and move its content to README.md
|
|
|
|
|
* Update README.md file to make use of markdown.
|
|
|
|
|
* Rename README file to README.md to use markdown
|
|
|
|
|
* Add CONTRIBUTING guidelines.
|
|
|
|
|
* Adding coding style documentation.
|
|
|
|
|
* Enable EVP_MD_FLAG_FIPS flag for SHA-*.
|
|
|
|
|
* Initialize rsa_keygen in RSA_METHOD for openssl < 1.1.0
|
|
|
|
|
* Fix SHA512 EVP digest struct to use
|
|
|
|
|
EVP_MD_FLAG_PKEY_METHOD_SIGNATURE when using OpenSSL 1.0
|
|
|
|
|
* Fix wrong parenthesis
|
|
|
|
|
* convert libica loading to dlopen() and friends
|
|
|
|
|
* Add support to DSO on new API of OpenSSL-1.1.0
|
|
|
|
|
- Removed obsolete openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch
|
|
|
|
|
- Added BuildRequires for autoconf, automake, and libtool.
|
|
|
|
|
- Updated BuildRequires for libica-devel to be >= 3.1.1
|
|
|
|
|
|
2017-09-23 21:36:11 +02:00
|
|
|
-------------------------------------------------------------------
|
2021-09-17 22:01:53 +02:00
|
|
|
Fri Sep 22 07:50:52 UTC 2017 - mpost@suse.com
|
2017-09-23 21:36:11 +02:00
|
|
|
|
|
|
|
|
- Now that the openSSL engines directory is versioned:
|
|
|
|
|
* Modified the spec file to query the libcrypto package
|
|
|
|
|
for which directory to install the engine into.
|
Accepting request 835921 from home:markkp:branches:security:tls
- Upgrade to version 2.1.1 (jsc#SLE-14468)
* Bug fixes
- Upgrade to version 2.1.0 (jsc#SLE-7852, jsc#SLE-7882)
Add MSA9 CPACF support for X25519, X448, Ed25519 and Ed448
- Upgraded to version 2.0.3 (jsc#SLE-6123, jsc#SLE-6424)
* openssl-ibmca 2.0.3
Add MSA9 CPACF support for ECDSA sign/verify
- Dropped obsolete openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
- Changed the ExclusiveArch directive to include s390x only.
- The code in e_ibmca.c does a dlopen for libica.so.3, instead of
linking against the shared library. As a result, if the package
containing libica.so.3 isn't installed, problems occur. Added
a "Requires: libica3" to the spec file to fix this. (bsc#1142286)
- Made a couple of changes to the spec file based on the output
from spec-cleaner.
- Added openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
An Apache HTTP Server was set up with mod_ssl and the openssl
ibmca engine using libica and a CEX6A card. Whenever a worker
process is cleaned up a segmentation fault occurs.
(bsc#1138517)
- Upgraded to version 2.0.2 (Fate#325688)
* openssl-ibmca 2.0.2
Fix doing rsa-me, altough rsa-crt would be possible.
- Upgraded to version 2.0.1 (Fate#325688)
* openssl-ibmca 2.0.1
Dont fail when a libica symbol cannot be resolved.
- Made multiple changes to the spec file based on spec-cleaner output.
- Upgraded to version 2.0.0 (Fate#325688)
* openssl-ibmca 2.0.0
Add ECC support.
Add check and distcheck make-targets.
Project cleanup, code was broken into multiple files and coding style cleanup.
Improvements to compat macros for openssl.
Don't disable libica sw fallbacks.
Fix dlclose logic.
* openssl-ibmca 1.4.1
Fix structure size for aes-256-ecb/cbc/cfb/ofb
Update man page
Switch to ibmca.so filename to allow standalone use
Switch off Libica fallback mode if available
Make sure ibmca_init only runs once
Provide simple macro for DEBUG_PRINTF possibility
Cleanup and slight rework of function set_supported_meths
- Did some cleanup to the spec file, based on spec-cleanup.
- Removed the following obsolete patches:
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Added the following patches for bsc#1097463
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
- Upgraded to version 1.4.0
* Re-license to Apache License v2.0
* Fix aes_gcm initialization.
* Update man page.
* Add macros for OpenSSL 0.9.8 compat.
* Remove AC_FUNC_MALLOC from configure.ac
* Add compat macro for OpenSSL 1.0.1e-fips.
* Setting 'foreign' strictness for automake.
* Add AES-GCM support.
* Rework EVP_aes macros.
* Remove dependency of old local OpenSSL headers.
* Fix engine initialization to set function pointers only once.
* Remove blank COPYING and NEWS files.
* Remove INSTALL and move its content to README.md
* Update README.md file to make use of markdown.
* Rename README file to README.md to use markdown
* Add CONTRIBUTING guidelines.
* Adding coding style documentation.
* Enable EVP_MD_FLAG_FIPS flag for SHA-*.
* Initialize rsa_keygen in RSA_METHOD for openssl < 1.1.0
* Fix SHA512 EVP digest struct to use
EVP_MD_FLAG_PKEY_METHOD_SIGNATURE when using OpenSSL 1.0
* Fix wrong parenthesis
* convert libica loading to dlopen() and friends
* Add support to DSO on new API of OpenSSL-1.1.0
- Removed obsolete openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch
- Added BuildRequires for autoconf, automake, and libtool.
- Updated BuildRequires for libica-devel to be >= 3.1.1
- Now that the openSSL engines directory is versioned:
* Modified the spec file to query the libcrypto package
for which directory to install the engine into.
* Removed openssl-ibmca-fix-enginepath.patch. Replaced it
with a sed command so that it will provide the correct
versioned engines directory
- Removed openssl-ibmca-configure.patch. It doesn't seem to
be needed any longer.
- Added openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch (bsc#1032113)
- Added libica-tools to the BuildRequires due to repackaging of libica.
- Renamed BuildRequires from libica2-devel to libica-devel for the
same reason.
- Tweaked a comment to get rid of an rpmlint warning message.
- fixed ssl configuration merging (bsc#1004463)
- openssl-ibmca-fix-enginepath.patch: fix the engine path
- Use macro for configure (fate#319941)
- Use url for source
- Enable parallel building
- Cleanup spec file with spec-cleaner
- Upgraded to version 1.3.0 (fate#319941)
- Updated openssl-ibmca-configure.patch to apply cleanly
- Removed obsolete patches
- openssl-ibmca-README.patch
- openssl-ibmca-sha256-digest-length.patch
- openssl-pkey.patch
- openssl-des-ede.patch
- Did some spec file cleanup.
- Fixed %post script to update library path (the only dynamic part
of the ibmca configuration) every time the package is installed.
(bsc#966139)
- Updated AUTHORS, INSTALL, and README (bsc#942839)
- %post and %postun added to properly update openssl.cnf (bsc#942839)
- Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138)
- Remove dependency on fillup anf insserv; the package provides
neither sysconfig file nor sysvinit script
- Remove depreciated AUTHORS section
- Use %configure macro
- Add openssl-ibmca-configure.patch
- the openssl engines moved to /%_lib/engines bnc#905480
- Forced requirement of libica-2_3_0 (bnc#890824)
- openssl-des-ede.patch: fixed a crash during benchmark (bnc#879922)
- openssl-pkey.patch: defer HMAC signing to pkey framework, fixes
fips self-test during EC key creation (bnc#879922)
- spec file cleaned up a bit
- openssl-ibmca-sha256-digest-length.patch: SHA256: Fixed message
digest length definition in sha256 template (bnc#868275)
- update to 1.2.0
- removed patches:
ibmca-configure.patch
ibmca-segfault.fix.patch
ibmca-sw-fix.patch
openssl-ibmca-1.0.0.rc2-memset-fix.patch
- make it exclusivearch for s390/s390x as the required libica
is only available for s390/s390x
- Made required libica-2_1_0 s390 specific
- Added x86_64 to ExclusiveArch as %ix86 doesn't do it
- Removed libica requirement - allowing build process to find it
- Added COPYING to %files
- Requiring libica 2.1.0 or greater
- enable ppc64le
- fix build (add autoconf automake libtool to BuildRequires)
- disable libtool --finish call
- own engines directory
- package baselibs.conf
- obsolete old -XXbit packages (bnc#437293)
- added baselibs.conf file to build xxbit packages
for multilib support
- added fixes by IBM (bug #243801):
ibmca-segfault.fix: rewrite ibmca_mod_expto remove improper use of BIGNUM
object
ibmca-sw-fix: rewrite ibmca_mod_exp_crtto remove improper use of BIGNUM
object
openssl-ibmca-1.0.0.rc2-memset-fix.patch: fix memory initialization problem
- updated README (bug #185508)
- Fixed configure.in to build correctly
- Fixed spec file
- Initial version from Mike Halcrow
OBS-URL: https://build.opensuse.org/request/show/835921
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=22
2020-09-21 22:06:08 +02:00
|
|
|
* Removed openssl-ibmca-fix-enginepath.patch. Replaced it
|
2017-09-23 21:36:11 +02:00
|
|
|
with a sed command so that it will provide the correct
|
2019-10-15 23:14:48 +02:00
|
|
|
versioned engines directory
|
2017-09-23 21:36:11 +02:00
|
|
|
- Removed openssl-ibmca-configure.patch. It doesn't seem to
|
|
|
|
|
be needed any longer.
|
|
|
|
|
|
2017-04-14 13:41:49 +02:00
|
|
|
-------------------------------------------------------------------
|
2021-09-17 22:01:53 +02:00
|
|
|
Tue Apr 11 15:09:03 UTC 2017 - mpost@suse.com
|
2017-04-14 13:41:49 +02:00
|
|
|
|
|
|
|
|
- Added openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch (bsc#1032113)
|
|
|
|
|
- Added libica-tools to the BuildRequires due to repackaging of libica.
|
|
|
|
|
- Renamed BuildRequires from libica2-devel to libica-devel for the
|
|
|
|
|
same reason.
|
|
|
|
|
- Tweaked a comment to get rid of an rpmlint warning message.
|
|
|
|
|
|
2016-10-18 10:41:29 +02:00
|
|
|
-------------------------------------------------------------------
|
2021-09-17 22:01:53 +02:00
|
|
|
Thu Oct 13 09:36:50 UTC 2016 - meissner@suse.com
|
2016-10-18 10:41:29 +02:00
|
|
|
|
|
|
|
|
- fixed ssl configuration merging (bsc#1004463)
|
|
|
|
|
- openssl-ibmca-fix-enginepath.patch: fix the engine path
|
|
|
|
|
|
2016-04-28 16:54:31 +02:00
|
|
|
-------------------------------------------------------------------
|
2021-09-17 22:01:53 +02:00
|
|
|
Wed Apr 6 19:07:43 UTC 2016 - mpluskal@suse.com
|
2016-04-28 16:54:31 +02:00
|
|
|
|
2016-10-18 10:41:29 +02:00
|
|
|
- Use macro for configure (fate#319941)
|
2016-04-28 16:54:31 +02:00
|
|
|
- Use url for source
|
|
|
|
|
- Enable parallel building
|
|
|
|
|
- Cleanup spec file with spec-cleaner
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2021-09-17 22:01:53 +02:00
|
|
|
Thu Mar 31 21:20:34 UTC 2016 - mpost@suse.com
|
2016-04-28 16:54:31 +02:00
|
|
|
|
|
|
|
|
- Upgraded to version 1.3.0 (fate#319941)
|
|
|
|
|
- Updated openssl-ibmca-configure.patch to apply cleanly
|
|
|
|
|
- Removed obsolete patches
|
|
|
|
|
- openssl-ibmca-README.patch
|
|
|
|
|
- openssl-ibmca-sha256-digest-length.patch
|
|
|
|
|
- openssl-pkey.patch
|
|
|
|
|
- openssl-des-ede.patch
|
|
|
|
|
- Did some spec file cleanup.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2021-09-17 22:01:53 +02:00
|
|
|
Mon Mar 21 20:53:02 UTC 2016 - jjolly@suse.com
|
2016-04-28 16:54:31 +02:00
|
|
|
|
|
|
|
|
- Fixed %post script to update library path (the only dynamic part
|
|
|
|
|
of the ibmca configuration) every time the package is installed.
|
|
|
|
|
(bsc#966139)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2021-09-17 22:01:53 +02:00
|
|
|
Tue Oct 27 06:36:06 UTC 2015 - jjolly@suse.com
|
2016-04-28 16:54:31 +02:00
|
|
|
|
|
|
|
|
- Updated AUTHORS, INSTALL, and README (bsc#942839)
|
|
|
|
|
- %post and %postun added to properly update openssl.cnf (bsc#942839)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2021-09-17 22:01:53 +02:00
|
|
|
Tue Oct 27 03:46:00 UTC 2015 - jjolly@suse.com
|
2016-04-28 16:54:31 +02:00
|
|
|
|
|
|
|
|
- Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138)
|
|
|
|
|
|
2015-03-27 09:39:56 +01:00
|
|
|
-------------------------------------------------------------------
|
2021-09-17 22:01:53 +02:00
|
|
|
Sun Mar 8 17:15:03 UTC 2015 - p.drouand@gmail.com
|
2015-03-27 09:39:56 +01:00
|
|
|
|
|
|
|
|
- Remove dependency on fillup anf insserv; the package provides
|
|
|
|
|
neither sysconfig file nor sysvinit script
|
|
|
|
|
- Remove depreciated AUTHORS section
|
|
|
|
|
- Use %configure macro
|
|
|
|
|
- Add openssl-ibmca-configure.patch
|
|
|
|
|
|
2016-04-28 16:54:31 +02:00
|
|
|
-------------------------------------------------------------------
|
2021-09-17 22:01:53 +02:00
|
|
|
Wed Dec 3 09:22:24 UTC 2014 - meissner@suse.com
|
2016-04-28 16:54:31 +02:00
|
|
|
|
|
|
|
|
- the openssl engines moved to /%_lib/engines bnc#905480
|
|
|
|
|
|
2015-03-27 09:39:56 +01:00
|
|
|
-------------------------------------------------------------------
|
2021-09-17 22:01:53 +02:00
|
|
|
Thu Aug 14 13:03:44 UTC 2014 - jjolly@suse.com
|
2015-03-27 09:39:56 +01:00
|
|
|
|
|
|
|
|
- Forced requirement of libica-2_3_0 (bnc#890824)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2021-09-17 22:01:53 +02:00
|
|
|
Thu Jun 26 07:35:34 UTC 2014 - meissner@suse.com
|
2015-03-27 09:39:56 +01:00
|
|
|
|
|
|
|
|
- openssl-des-ede.patch: fixed a crash during benchmark (bnc#879922)
|
|
|
|
|
- openssl-pkey.patch: defer HMAC signing to pkey framework, fixes
|
|
|
|
|
fips self-test during EC key creation (bnc#879922)
|
|
|
|
|
- spec file cleaned up a bit
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2021-09-17 22:01:53 +02:00
|
|
|
Tue Mar 18 12:33:49 UTC 2014 - jjolly@suse.com
|
2015-03-27 09:39:56 +01:00
|
|
|
|
|
|
|
|
- openssl-ibmca-sha256-digest-length.patch: SHA256: Fixed message
|
|
|
|
|
digest length definition in sha256 template (bnc#868275)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2021-09-17 22:01:53 +02:00
|
|
|
Wed Mar 5 18:51:25 CET 2014 - ro@suse.de
|
2015-03-27 09:39:56 +01:00
|
|
|
|
|
|
|
|
- update to 1.2.0
|
|
|
|
|
- removed patches:
|
|
|
|
|
ibmca-configure.patch
|
|
|
|
|
ibmca-segfault.fix.patch
|
|
|
|
|
ibmca-sw-fix.patch
|
|
|
|
|
openssl-ibmca-1.0.0.rc2-memset-fix.patch
|
|
|
|
|
- make it exclusivearch for s390/s390x as the required libica
|
|
|
|
|
is only available for s390/s390x
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2021-09-17 22:01:53 +02:00
|
|
|
Wed Feb 19 14:02:44 UTC 2014 - jjolly@suse.com
|
2015-03-27 09:39:56 +01:00
|
|
|
|
|
|
|
|
- Made required libica-2_1_0 s390 specific
|
|
|
|
|
- Added x86_64 to ExclusiveArch as %ix86 doesn't do it
|
|
|
|
|
- Removed libica requirement - allowing build process to find it
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2021-09-17 22:01:53 +02:00
|
|
|
Wed Feb 19 06:10:42 UTC 2014 - jjolly@suse.com
|
2015-03-27 09:39:56 +01:00
|
|
|
|
|
|
|
|
- Added COPYING to %files
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2021-09-17 22:01:53 +02:00
|
|
|
Tue Feb 18 14:47:27 UTC 2014 - jjolly@suse.com
|
2015-03-27 09:39:56 +01:00
|
|
|
|
|
|
|
|
- Requiring libica 2.1.0 or greater
|
|
|
|
|
|
2013-12-13 11:59:53 +01:00
|
|
|
-------------------------------------------------------------------
|
2021-09-17 22:01:53 +02:00
|
|
|
Tue Dec 10 20:55:24 UTC 2013 - dvaleev@suse.com
|
2013-12-13 11:59:53 +01:00
|
|
|
|
|
|
|
|
- enable ppc64le
|
|
|
|
|
|
2012-03-26 11:04:01 +02:00
|
|
|
-------------------------------------------------------------------
|
2021-09-17 22:01:53 +02:00
|
|
|
Fri Mar 23 11:27:45 UTC 2012 - dvaleev@suse.com
|
2012-03-26 11:04:01 +02:00
|
|
|
|
|
|
|
|
- fix build (add autoconf automake libtool to BuildRequires)
|
|
|
|
|
|
2011-03-30 11:49:22 +02:00
|
|
|
-------------------------------------------------------------------
|
2021-09-17 22:01:53 +02:00
|
|
|
Thu Mar 24 17:19:11 UTC 2011 - coolo@novell.com
|
2011-03-30 11:49:22 +02:00
|
|
|
|
|
|
|
|
- disable libtool --finish call
|
|
|
|
|
|
2010-12-20 16:24:49 +01:00
|
|
|
-------------------------------------------------------------------
|
2021-09-17 22:01:53 +02:00
|
|
|
Fri Dec 17 10:56:05 UTC 2010 - coolo@novell.com
|
2010-12-20 16:24:49 +01:00
|
|
|
|
|
|
|
|
- own engines directory
|
|
|
|
|
|
2010-02-09 22:41:12 +01:00
|
|
|
-------------------------------------------------------------------
|
2021-09-17 22:01:53 +02:00
|
|
|
Mon Feb 1 12:13:29 UTC 2010 - jengelh@medozas.de
|
2010-02-09 22:41:12 +01:00
|
|
|
|
|
|
|
|
- package baselibs.conf
|
|
|
|
|
|
2009-01-09 01:43:14 +01:00
|
|
|
-------------------------------------------------------------------
|
2021-09-17 22:01:53 +02:00
|
|
|
Wed Jan 7 12:34:56 CET 2009 - olh@suse.de
|
2009-01-09 01:43:14 +01:00
|
|
|
|
|
|
|
|
- obsolete old -XXbit packages (bnc#437293)
|
|
|
|
|
|
2008-04-10 15:18:46 +02:00
|
|
|
-------------------------------------------------------------------
|
2021-09-17 22:01:53 +02:00
|
|
|
Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de
|
2008-04-10 15:18:46 +02:00
|
|
|
|
|
|
|
|
- added baselibs.conf file to build xxbit packages
|
|
|
|
|
for multilib support
|
|
|
|
|
|
2007-01-16 00:28:17 +01:00
|
|
|
-------------------------------------------------------------------
|
2021-09-17 22:01:53 +02:00
|
|
|
Tue Feb 13 12:51:00 CET 2007 - uli@suse.de
|
2007-02-13 14:31:49 +01:00
|
|
|
|
|
|
|
|
- added fixes by IBM (bug #243801):
|
|
|
|
|
ibmca-segfault.fix: rewrite ibmca_mod_expto remove improper use of BIGNUM
|
|
|
|
|
object
|
|
|
|
|
ibmca-sw-fix: rewrite ibmca_mod_exp_crtto remove improper use of BIGNUM
|
|
|
|
|
object
|
|
|
|
|
openssl-ibmca-1.0.0.rc2-memset-fix.patch: fix memory initialization problem
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2021-09-17 22:01:53 +02:00
|
|
|
Mon Jun 19 17:22:37 CEST 2006 - uli@suse.de
|
2007-01-16 00:28:17 +01:00
|
|
|
|
|
|
|
|
- updated README (bug #185508)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2021-09-17 22:01:53 +02:00
|
|
|
Tue Mar 28 14:27:32 CEST 2006 - hare@suse.de
|
2007-01-16 00:28:17 +01:00
|
|
|
|
|
|
|
|
- Fixed configure.in to build correctly
|
|
|
|
|
- Fixed spec file
|
|
|
|
|
- Initial version from Mike Halcrow
|
|
|
|
|
|
