diff --git a/openssl-ibmca.changes b/openssl-ibmca.changes index 580beac..fca31be 100644 --- a/openssl-ibmca.changes +++ b/openssl-ibmca.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Oct 30 08:35:12 UTC 2024 - Nikolay Gueorguiev + +- Adapted the openssl-ibmca package for the openssl-1_1 removal(bsc#1232570) +- Removed obsolete patch + * openssl1-rename-libica-files.patch + ------------------------------------------------------------------- Tue Oct 29 11:08:46 UTC 2024 - Nikolay Gueorguiev diff --git a/openssl-ibmca.spec b/openssl-ibmca.spec index 5654e57..abd03b0 100644 --- a/openssl-ibmca.spec +++ b/openssl-ibmca.spec @@ -36,12 +36,6 @@ Name: openssl-ibmca-engine Name: openssl-ibmca-provider %endif -%if "%{flavor}" == "openssl1_1" -%global sslengcnf %{_sysconfdir}/ssl/engines1.1.d -%global sslengdef %{_sysconfdir}/ssl/engdef1.1.d -Name: openssl1_1-ibmca -%endif - Version: 2.4.1 Release: 0 Summary: The IBMCA OpenSSL dynamic engine @@ -56,29 +50,15 @@ BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool ### -%if "%{flavor}" != "openssl1_1" BuildRequires: libica-devel >= 4.0.0 BuildRequires: libica-tools >= 4.0.0 BuildRequires: libopenssl-3-devel BuildRequires: libopenssl3 Requires: libica4 >= 4.0.0 Requires: libopenssl3 -%else -BuildRequires: libica-openssl1_1-devel -BuildRequires: libica-openssl1_1-tools -BuildRequires: libopenssl-1_1-devel -BuildRequires: libopenssl1_1 -BuildRequires: openssl -Requires: libica4-openssl1_1 -Requires: libopenssl1_1 -%endif ### ExclusiveArch: s390x -%if "%{flavor}" == "openssl1_1" -Patch001: openssl1-rename-libica-files.patch -%endif - ### Patch10: openssl-ibmca-01-engine-Enable-external-AES-GCM-IV-when-libica-is-in-FIPS-mode.patch Patch11: openssl-ibmca-02-test-provider-Do-not-link-against-libica-use-dlopen-instead.patch @@ -116,11 +96,6 @@ export CPPFLAGS="%{optflags}" --libdir=%{modulesdir} %endif -%if "%{flavor}" == "openssl1_1" -%configure \ - --libdir=%{enginesdir} -%endif - %make_build %install @@ -132,10 +107,6 @@ sed -i -e "/^dynamic_path/s, = .*/, = %{enginesdir}/," src/engine/openssl.cnf.sa %make_install -%if "%{flavor}" == "openssl1_1" -rm -f %{buildroot}/%{enginesdir}/ibmca-provider.* -%endif - %if "%{flavor}" == "" mkdir -p %{buildroot}/%{enginesdir} mv %{buildroot}/%{modulesdir}/ibmca.* %{buildroot}/%{enginesdir}/ @@ -209,10 +180,5 @@ fi %{enginesdir}/ibmca.* %{_mandir}/man5/ibmca.5%{?ext_man} %endif -%if "%{flavor}" == "openssl1_1" - %doc src/engine/openssl.cnf.sample - %{enginesdir}/ibmca.* - %{_mandir}/man5/ibmca.5%{?ext_man} -%endif %changelog diff --git a/openssl1-rename-libica-files.patch b/openssl1-rename-libica-files.patch deleted file mode 100644 index ba42cb6..0000000 --- a/openssl1-rename-libica-files.patch +++ /dev/null @@ -1,65 +0,0 @@ ---- openssl-ibmca-2.4.1/configure.ac 2023-09-21 08:52:43.000000000 +0200 -+++ changed/configure.ac 2024-04-17 10:13:02.267582864 +0200 -@@ -69,7 +69,7 @@ - # Checks for header files. - AC_CHECK_HEADERS([arpa/inet.h fcntl.h malloc.h netdb.h netinet/in.h stddef.h stdlib.h \ - string.h strings.h sys/ioctl.h sys/param.h sys/socket.h sys/time.h unistd.h]) --AC_CHECK_HEADER([ica_api.h], [], AC_MSG_ERROR([*** libica-devel >= 3.6.0 is required ***])) -+AC_CHECK_HEADER([ica_api.h], [], AC_MSG_ERROR([*** libica-openssl1_1-devel >= 3.6.0 is required ***])) - - - # Checks for typedefs, structures, and compiler characteristics. -@@ -81,15 +81,15 @@ - # Checks for library functions. - AC_CHECK_FUNCS([gethostbyaddr gethostbyname memset strcasecmp strncasecmp strstr malloc]) - AC_CHECK_DECLS([ICA_FLAG_DHW,DES_ECB], [], -- AC_MSG_ERROR([*** libica-devel >= 3.6.0 are required ***]), -+ AC_MSG_ERROR([*** libica-openssl1_1-devel >= 3.6.0 are required ***]), - [#include ]) - AC_CHECK_DECLS([OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION], - [openssl_implicit_rejection="yes"], [openssl_implicit_rejection="no"], - [#include ]) - AM_CONDITIONAL([OPENSSL_IMPLICIT_REJECTION], [test "x$openssl_implicit_rejection" = xyes]) - --AC_ARG_WITH([libica-cex], -- [AS_HELP_STRING([--with-libica-cex],[Use libica-cex as default library for the IBMCA engine])], -+AC_ARG_WITH([libica-openssl1_1-cex], -+ [AS_HELP_STRING([--with-libica-openssl1_1-cex],[Use libica-openssl1_1-cex as default library for the IBMCA engine])], - [usecexonly=${withval}], - []) - -@@ -99,11 +99,11 @@ - [libicaversion=4]) - - if test "x$usecexonly" = xyes; then -- defaultlib="libica-cex.so.$libicaversion" -- ica="ica-cex" -+ defaultlib="libica-openssl1_1-cex.so.$libicaversion" -+ ica="ica-openssl1_1-cex" - else -- defaultlib="libica.so.$libicaversion" -- ica="ica" -+ defaultlib="libica-openssl1_1.so.$libicaversion" -+ ica="ica-openssl1_1" - fi - # In cex-only mode, testing the ciphers does not make any sense since - # they will fall back to OpenSSL without the engine. So remove these -@@ -135,7 +135,7 @@ - - - AC_DEFINE_UNQUOTED([LIBICA_SHARED_LIB],["$defaultlib"]) --AC_SUBST([ICA],["$ica"]) -+AC_SUBST([ICA],["$ica-openssl1_1"]) - - AC_CHECK_PROG([openssl_var],[openssl],[yes],[no]) - if test "x$openssl_var" != xyes; then -@@ -169,7 +169,7 @@ - echo " default library: $defaultlib" - echo "IBMCA provider: $enable_provider" - if test "x$useproviderfulllibica" = xyes; then -- echo " libica library: libica" -+ echo " libica library: libica-openssl1_1" - else -- echo " libica library: libica-cex" -+ echo " libica library: libica-openssl1_1-cex" - fi