Accepting request 729040 from home:markkp:branches:security:tls

Upgrade to 2.0.3 OBS-URL: https://build.opensuse.org/request/show/729040 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=11
2019-09-06 22:24:57 +00:00 · 2019-09-06 22:24:57 +00:00 · d48bdddc18
commit d48bdddc18
parent 271d8d12e2
5 changed files with 50 additions and 11 deletions
--- a/openssl-ibmca-2.0.2.tar.gz
+++ b/openssl-ibmca-2.0.2.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7239ad1cbecdb3daff40b5af5eb17e789c9ab262f87c8bcfc06bdd7980e66f85
-size 42661
--- a/openssl-ibmca-2.0.3.tar.gz
+++ b/openssl-ibmca-2.0.3.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:38222b84b7a79c5c48d5597af4dca4be429c68d1985421fe3e269e865ed4bf31
+size 42542
--- a/openssl-ibmca-fix-enginepath.patch
+++ b/openssl-ibmca-fix-enginepath.patch
@ -0,0 +1,13 @@
+Index: openssl-ibmca-1.3.0/src/openssl.cnf.sample
+===================================================================
+--- openssl-ibmca-1.3.0.orig/src/openssl.cnf.sample
+++ openssl-ibmca-1.3.0/src/openssl.cnf.sample
+@@ -23,7 +23,7 @@ ibmca = ibmca_section
+ # The openssl engine path for ibmca.so.
+ # Set the dynamic_path to where the ibmca.so engine
+ # resides on the system.
+-dynamic_path = /usr/local/lib/ibmca.so
+dynamic_path = /lib64/engines/ibmca.so
+ engine_id = ibmca
+ init = 1
+ 
--- a/openssl-ibmca.changes
+++ b/openssl-ibmca.changes
@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Wed Aug 28 20:56:08 UTC 2019 - Mark Post <mpost@suse.com>
+
+- Upgraded to version 2.0.3 (jsc#SLE-6123, jsc#SLE-6424)
+  * openssl-ibmca 2.0.3
+    Add MSA9 CPACF support for ECDSA sign/verify
+- Dropped obsolete openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
+- Changed the ExclusiveArch directive to include s390x only.
+- The code in e_ibmca.c does a dlopen for libica.so.3, instead of
+  linking against the shared library. As a result, if the package
+  containing libica.so.3 isn't installed, problems occur. Added
+  a "Requires: libica3" to the spec file to fix this. (bsc#1142286)
+- Made a couple of changes to the spec file based on the output
+  from spec-cleaner.
+
+-------------------------------------------------------------------
+Fri Jun 28 18:10:29 UTC 2019 - Mark Post <mpost@suse.com>
+
+- Added openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
+  An Apache HTTP Server was set up with mod_ssl and the openssl
+  ibmca engine using libica and a CEX6A card. Whenever a worker
+  process is cleaned up a segmentation fault occurs.
+  (bsc#1138517)
+
 -------------------------------------------------------------------
 Tue Nov 27 17:55:19 UTC 2018 - mpost@suse.com

--- a/openssl-ibmca.spec
+++ b/openssl-ibmca.spec
@ -1,7 +1,7 @@
 #
 # spec file for package openssl-ibmca
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018, 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -17,29 +17,32 @@


 Name:           openssl-ibmca
-Version:        2.0.2
+Version:        2.0.3
 Release:        0
 Summary:        The IBMCA OpenSSL dynamic engine
-License:        Apache-2.0
+License:        IPL-1.0
 Group:          Hardware/Other
-URL:            https://github.com/opencryptoki/openssl-ibmca/
-Source:         openssl-ibmca-%{version}.tar.gz
+URL:            https://github.com/opencryptoki/openssl-ibmca
+Source:         https://github.com/opencryptoki/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Source1:        baselibs.conf
+
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  libica-devel >= 3.1.1
 BuildRequires:  libica-tools >= 2.4.0
 BuildRequires:  libtool
 BuildRequires:  openssl-devel
+Requires:       libica3
 Requires:       openssl
-ExclusiveArch:  s390 s390x
+ExclusiveArch:  s390x

 %description
 This package contains a shared object OpenSSL dynamic engine for the
 IBM eServer Cryptographic Accelerator (ICA).

 %prep
-%setup -q
+%autosetup
+./bootstrap.sh

 %build
 # The directory where crypto engines are located is owned by the libcrypto package.
@ -110,7 +113,6 @@ if [ $1 -eq 0 ]; then # last uninstall, modify %%{_sysconfdir}/openssl.cnf (bsc#
 fi

 %files
-%defattr(-, root, root)
 %license LICENSE
 %doc README.md
 %doc src/openssl.cnf.sample