1
0
forked from pool/openssl-ibmca
openssl-ibmca/openssl-ibmca.changes

296 lines
11 KiB
Plaintext
Raw Normal View History

-------------------------------------------------------------------
Tue Sep 10 22:22:49 UTC 2019 - Mark Post <mpost.com>
- Upgrade to version 2.1.0 (jsc#SLE-7852, jsc#SLE-7882)
Add MSA9 CPACF support for X25519, X448, Ed25519 and Ed448
-------------------------------------------------------------------
Wed Aug 28 20:56:08 UTC 2019 - Mark Post <mpost.com>
- Upgraded to version 2.0.3 (jsc#SLE-6123, jsc#SLE-6424)
* openssl-ibmca 2.0.3
Add MSA9 CPACF support for ECDSA sign/verify
- Dropped obsolete openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
- Changed the ExclusiveArch directive to include s390x only.
- The code in e_ibmca.c does a dlopen for libica.so.3, instead of
linking against the shared library. As a result, if the package
containing libica.so.3 isn't installed, problems occur. Added
a "Requires: libica3" to the spec file to fix this. (bsc#1142286)
- Made a couple of changes to the spec file based on the output
from spec-cleaner.
-------------------------------------------------------------------
Fri Jun 28 18:10:29 UTC 2019 - Mark Post <mpost.com>
- Added openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch
An Apache HTTP Server was set up with mod_ssl and the openssl
ibmca engine using libica and a CEX6A card. Whenever a worker
process is cleaned up a segmentation fault occurs.
(bsc#1138517)
-------------------------------------------------------------------
Tue Nov 27 17:55:19 UTC 2018 - mpost.com
- Upgraded to version 2.0.2 (Fate#325688)
* openssl-ibmca 2.0.2
Fix doing rsa-me, altough rsa-crt would be possible.
-------------------------------------------------------------------
Thu Nov 15 20:17:04 UTC 2018 - mpost.com
- Upgraded to version 2.0.1 (Fate#325688)
* openssl-ibmca 2.0.1
Dont fail when a libica symbol cannot be resolved.
- Made multiple changes to the spec file based on spec-cleaner output.
-------------------------------------------------------------------
Wed Nov 14 20:18:07 UTC 2018 - mpost.com
- Upgraded to version 2.0.0 (Fate#325688)
* openssl-ibmca 2.0.0
Add ECC support.
Add check and distcheck make-targets.
Project cleanup, code was broken into multiple files and coding style cleanup.
Improvements to compat macros for openssl.
Don't disable libica sw fallbacks.
Fix dlclose logic.
* openssl-ibmca 1.4.1
Fix structure size for aes-256-ecb/cbc/cfb/ofb
Update man page
Switch to ibmca.so filename to allow standalone use
Switch off Libica fallback mode if available
Make sure ibmca_init only runs once
Provide simple macro for DEBUG_PRINTF possibility
Cleanup and slight rework of function set_supported_meths
- Did some cleanup to the spec file, based on spec-cleanup.
Accepting request 649102 from home:markkp:branches:security:tls - Upgraded to version 2.0.0 (Fate#325688) * openssl-ibmca 2.0.0 Add ECC support. Add check and distcheck make-targets. Project cleanup, code was broken into multiple files and coding style cleanup. Improvements to compat macros for openssl. Don't disable libica sw fallbacks. Fix dlclose logic. * openssl-ibmca 1.4.1 Fix structure size for aes-256-ecb/cbc/cfb/ofb Update man page Switch to ibmca.so filename to allow standalone use Switch off Libica fallback mode if available Make sure ibmca_init only runs once Provide simple macro for DEBUG_PRINTF possibility Cleanup and slight rework of function set_supported_meths - Did some cleanup to the spec file, based on spec-cleanup. - Removed the following obsolete patches: * openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch * openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch * openssl-ibmca-sles15-Update-lib-name-in-documentation.patch - Added the following patches for bsc#1097463 * openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch * openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch * openssl-ibmca-sles15-Update-lib-name-in-documentation.patch - Upgraded to version 1.4.0 * Re-license to Apache License v2.0 * Fix aes_gcm initialization. * Update man page. * Add macros for OpenSSL 0.9.8 compat. * Remove AC_FUNC_MALLOC from configure.ac * Add compat macro for OpenSSL 1.0.1e-fips. * Setting 'foreign' strictness for automake. * Add AES-GCM support. * Rework EVP_aes macros. * Remove dependency of old local OpenSSL headers. * Fix engine initialization to set function pointers only once. * Remove blank COPYING and NEWS files. * Remove INSTALL and move its content to README.md * Update README.md file to make use of markdown. * Rename README file to README.md to use markdown * Add CONTRIBUTING guidelines. * Adding coding style documentation. * Enable EVP_MD_FLAG_FIPS flag for SHA-*. * Initialize rsa_keygen in RSA_METHOD for openssl < 1.1.0 * Fix SHA512 EVP digest struct to use EVP_MD_FLAG_PKEY_METHOD_SIGNATURE when using OpenSSL 1.0 * Fix wrong parenthesis * convert libica loading to dlopen() and friends * Add support to DSO on new API of OpenSSL-1.1.0 - Removed obsolete openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch - Added BuildRequires for autoconf, automake, and libtool. - Updated BuildRequires for libica-devel to be >= 3.1.1 - Now that the openSSL engines directory is versioned: * Modified the spec file to query the libcrypto package for which directory to install the engine into. * Removed openssl-ibmca-fix-enginepath.patch. Replaced it with a sed command so that it will provide the correct versioned engines directory - Removed openssl-ibmca-configure.patch. It doesn't seem to be needed any longer. - Added openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch (bsc#1032113) - Added libica-tools to the BuildRequires due to repackaging of libica. - Renamed BuildRequires from libica2-devel to libica-devel for the same reason. - Tweaked a comment to get rid of an rpmlint warning message. - fixed ssl configuration merging (bsc#1004463) - openssl-ibmca-fix-enginepath.patch: fix the engine path - Use macro for configure (fate#319941) - Use url for source - Enable parallel building - Cleanup spec file with spec-cleaner - Upgraded to version 1.3.0 (fate#319941) - Updated openssl-ibmca-configure.patch to apply cleanly - Removed obsolete patches - openssl-ibmca-README.patch - openssl-ibmca-sha256-digest-length.patch - openssl-pkey.patch - openssl-des-ede.patch - Did some spec file cleanup. - Fixed %post script to update library path (the only dynamic part of the ibmca configuration) every time the package is installed. (bsc#966139) - Updated AUTHORS, INSTALL, and README (bsc#942839) - %post and %postun added to properly update openssl.cnf (bsc#942839) - Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138) - Remove dependency on fillup anf insserv; the package provides neither sysconfig file nor sysvinit script - Remove depreciated AUTHORS section - Use %configure macro - Add openssl-ibmca-configure.patch - the openssl engines moved to /%_lib/engines bnc#905480 - Forced requirement of libica-2_3_0 (bnc#890824) - openssl-des-ede.patch: fixed a crash during benchmark (bnc#879922) - openssl-pkey.patch: defer HMAC signing to pkey framework, fixes fips self-test during EC key creation (bnc#879922) - spec file cleaned up a bit - openssl-ibmca-sha256-digest-length.patch: SHA256: Fixed message digest length definition in sha256 template (bnc#868275) - update to 1.2.0 - removed patches: ibmca-configure.patch ibmca-segfault.fix.patch ibmca-sw-fix.patch openssl-ibmca-1.0.0.rc2-memset-fix.patch - make it exclusivearch for s390/s390x as the required libica is only available for s390/s390x - Made required libica-2_1_0 s390 specific - Added x86_64 to ExclusiveArch as %ix86 doesn't do it - Removed libica requirement - allowing build process to find it - Added COPYING to %files - Requiring libica 2.1.0 or greater - enable ppc64le - fix build (add autoconf automake libtool to BuildRequires) - disable libtool --finish call - own engines directory - package baselibs.conf - obsolete old -XXbit packages (bnc#437293) - added baselibs.conf file to build xxbit packages for multilib support - added fixes by IBM (bug #243801): ibmca-segfault.fix: rewrite ibmca_mod_expto remove improper use of BIGNUM object ibmca-sw-fix: rewrite ibmca_mod_exp_crtto remove improper use of BIGNUM object openssl-ibmca-1.0.0.rc2-memset-fix.patch: fix memory initialization problem - updated README (bug #185508) - Fixed configure.in to build correctly - Fixed spec file - Initial version from Mike Halcrow OBS-URL: https://build.opensuse.org/request/show/649102 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=5
2018-11-14 23:44:10 +01:00
- Removed the following obsolete patches:
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
-------------------------------------------------------------------
Fri Aug 31 19:37:39 UTC 2018 - mpost.com
Accepting request 649102 from home:markkp:branches:security:tls - Upgraded to version 2.0.0 (Fate#325688) * openssl-ibmca 2.0.0 Add ECC support. Add check and distcheck make-targets. Project cleanup, code was broken into multiple files and coding style cleanup. Improvements to compat macros for openssl. Don't disable libica sw fallbacks. Fix dlclose logic. * openssl-ibmca 1.4.1 Fix structure size for aes-256-ecb/cbc/cfb/ofb Update man page Switch to ibmca.so filename to allow standalone use Switch off Libica fallback mode if available Make sure ibmca_init only runs once Provide simple macro for DEBUG_PRINTF possibility Cleanup and slight rework of function set_supported_meths - Did some cleanup to the spec file, based on spec-cleanup. - Removed the following obsolete patches: * openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch * openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch * openssl-ibmca-sles15-Update-lib-name-in-documentation.patch - Added the following patches for bsc#1097463 * openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch * openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch * openssl-ibmca-sles15-Update-lib-name-in-documentation.patch - Upgraded to version 1.4.0 * Re-license to Apache License v2.0 * Fix aes_gcm initialization. * Update man page. * Add macros for OpenSSL 0.9.8 compat. * Remove AC_FUNC_MALLOC from configure.ac * Add compat macro for OpenSSL 1.0.1e-fips. * Setting 'foreign' strictness for automake. * Add AES-GCM support. * Rework EVP_aes macros. * Remove dependency of old local OpenSSL headers. * Fix engine initialization to set function pointers only once. * Remove blank COPYING and NEWS files. * Remove INSTALL and move its content to README.md * Update README.md file to make use of markdown. * Rename README file to README.md to use markdown * Add CONTRIBUTING guidelines. * Adding coding style documentation. * Enable EVP_MD_FLAG_FIPS flag for SHA-*. * Initialize rsa_keygen in RSA_METHOD for openssl < 1.1.0 * Fix SHA512 EVP digest struct to use EVP_MD_FLAG_PKEY_METHOD_SIGNATURE when using OpenSSL 1.0 * Fix wrong parenthesis * convert libica loading to dlopen() and friends * Add support to DSO on new API of OpenSSL-1.1.0 - Removed obsolete openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch - Added BuildRequires for autoconf, automake, and libtool. - Updated BuildRequires for libica-devel to be >= 3.1.1 - Now that the openSSL engines directory is versioned: * Modified the spec file to query the libcrypto package for which directory to install the engine into. * Removed openssl-ibmca-fix-enginepath.patch. Replaced it with a sed command so that it will provide the correct versioned engines directory - Removed openssl-ibmca-configure.patch. It doesn't seem to be needed any longer. - Added openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch (bsc#1032113) - Added libica-tools to the BuildRequires due to repackaging of libica. - Renamed BuildRequires from libica2-devel to libica-devel for the same reason. - Tweaked a comment to get rid of an rpmlint warning message. - fixed ssl configuration merging (bsc#1004463) - openssl-ibmca-fix-enginepath.patch: fix the engine path - Use macro for configure (fate#319941) - Use url for source - Enable parallel building - Cleanup spec file with spec-cleaner - Upgraded to version 1.3.0 (fate#319941) - Updated openssl-ibmca-configure.patch to apply cleanly - Removed obsolete patches - openssl-ibmca-README.patch - openssl-ibmca-sha256-digest-length.patch - openssl-pkey.patch - openssl-des-ede.patch - Did some spec file cleanup. - Fixed %post script to update library path (the only dynamic part of the ibmca configuration) every time the package is installed. (bsc#966139) - Updated AUTHORS, INSTALL, and README (bsc#942839) - %post and %postun added to properly update openssl.cnf (bsc#942839) - Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138) - Remove dependency on fillup anf insserv; the package provides neither sysconfig file nor sysvinit script - Remove depreciated AUTHORS section - Use %configure macro - Add openssl-ibmca-configure.patch - the openssl engines moved to /%_lib/engines bnc#905480 - Forced requirement of libica-2_3_0 (bnc#890824) - openssl-des-ede.patch: fixed a crash during benchmark (bnc#879922) - openssl-pkey.patch: defer HMAC signing to pkey framework, fixes fips self-test during EC key creation (bnc#879922) - spec file cleaned up a bit - openssl-ibmca-sha256-digest-length.patch: SHA256: Fixed message digest length definition in sha256 template (bnc#868275) - update to 1.2.0 - removed patches: ibmca-configure.patch ibmca-segfault.fix.patch ibmca-sw-fix.patch openssl-ibmca-1.0.0.rc2-memset-fix.patch - make it exclusivearch for s390/s390x as the required libica is only available for s390/s390x - Made required libica-2_1_0 s390 specific - Added x86_64 to ExclusiveArch as %ix86 doesn't do it - Removed libica requirement - allowing build process to find it - Added COPYING to %files - Requiring libica 2.1.0 or greater - enable ppc64le - fix build (add autoconf automake libtool to BuildRequires) - disable libtool --finish call - own engines directory - package baselibs.conf - obsolete old -XXbit packages (bnc#437293) - added baselibs.conf file to build xxbit packages for multilib support - added fixes by IBM (bug #243801): ibmca-segfault.fix: rewrite ibmca_mod_expto remove improper use of BIGNUM object ibmca-sw-fix: rewrite ibmca_mod_exp_crtto remove improper use of BIGNUM object openssl-ibmca-1.0.0.rc2-memset-fix.patch: fix memory initialization problem - updated README (bug #185508) - Fixed configure.in to build correctly - Fixed spec file - Initial version from Mike Halcrow OBS-URL: https://build.opensuse.org/request/show/649102 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=5
2018-11-14 23:44:10 +01:00
- Added the following patches for bsc#1097463
* openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch
* openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch
* openssl-ibmca-sles15-Update-lib-name-in-documentation.patch
-------------------------------------------------------------------
Fri Sep 22 18:07:10 UTC 2017 - mpost.com
- Upgraded to version 1.4.0
* Re-license to Apache License v2.0
* Fix aes_gcm initialization.
* Update man page.
* Add macros for OpenSSL 0.9.8 compat.
* Remove AC_FUNC_MALLOC from configure.ac
* Add compat macro for OpenSSL 1.0.1e-fips.
* Setting 'foreign' strictness for automake.
* Add AES-GCM support.
* Rework EVP_aes macros.
* Remove dependency of old local OpenSSL headers.
* Fix engine initialization to set function pointers only once.
* Remove blank COPYING and NEWS files.
* Remove INSTALL and move its content to README.md
* Update README.md file to make use of markdown.
* Rename README file to README.md to use markdown
* Add CONTRIBUTING guidelines.
* Adding coding style documentation.
* Enable EVP_MD_FLAG_FIPS flag for SHA-*.
* Initialize rsa_keygen in RSA_METHOD for openssl < 1.1.0
* Fix SHA512 EVP digest struct to use
EVP_MD_FLAG_PKEY_METHOD_SIGNATURE when using OpenSSL 1.0
* Fix wrong parenthesis
* convert libica loading to dlopen() and friends
* Add support to DSO on new API of OpenSSL-1.1.0
- Removed obsolete openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch
- Added BuildRequires for autoconf, automake, and libtool.
- Updated BuildRequires for libica-devel to be >= 3.1.1
-------------------------------------------------------------------
Fri Sep 22 07:50:52 UTC 2017 - mpost.com
- Now that the openSSL engines directory is versioned:
* Modified the spec file to query the libcrypto package
for which directory to install the engine into.
* Removed openssl-ibmca-fix-enginepath.patch. Replaced it
with a sed command so that it will provide the correct
versioned engines directory
- Removed openssl-ibmca-configure.patch. It doesn't seem to
be needed any longer.
-------------------------------------------------------------------
Tue Apr 11 15:09:03 UTC 2017 - mpost.com
- Added openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch (bsc#1032113)
- Added libica-tools to the BuildRequires due to repackaging of libica.
- Renamed BuildRequires from libica2-devel to libica-devel for the
same reason.
- Tweaked a comment to get rid of an rpmlint warning message.
-------------------------------------------------------------------
Thu Oct 13 09:36:50 UTC 2016 - meissner.com
- fixed ssl configuration merging (bsc#1004463)
- openssl-ibmca-fix-enginepath.patch: fix the engine path
-------------------------------------------------------------------
Wed Apr 6 19:07:43 UTC 2016 - mpluskal.com
- Use macro for configure (fate#319941)
- Use url for source
- Enable parallel building
- Cleanup spec file with spec-cleaner
-------------------------------------------------------------------
Thu Mar 31 21:20:34 UTC 2016 - mpost.com
- Upgraded to version 1.3.0 (fate#319941)
- Updated openssl-ibmca-configure.patch to apply cleanly
- Removed obsolete patches
- openssl-ibmca-README.patch
- openssl-ibmca-sha256-digest-length.patch
- openssl-pkey.patch
- openssl-des-ede.patch
- Did some spec file cleanup.
-------------------------------------------------------------------
Mon Mar 21 20:53:02 UTC 2016 - jjolly.com
- Fixed %post script to update library path (the only dynamic part
of the ibmca configuration) every time the package is installed.
(bsc#966139)
-------------------------------------------------------------------
Tue Oct 27 06:36:06 UTC 2015 - jjolly.com
- Updated AUTHORS, INSTALL, and README (bsc#942839)
- %post and %postun added to properly update openssl.cnf (bsc#942839)
-------------------------------------------------------------------
Tue Oct 27 03:46:00 UTC 2015 - jjolly.com
- Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138)
-------------------------------------------------------------------
Sun Mar 8 17:15:03 UTC 2015 - p.drouand.com
- Remove dependency on fillup anf insserv; the package provides
neither sysconfig file nor sysvinit script
- Remove depreciated AUTHORS section
- Use %configure macro
- Add openssl-ibmca-configure.patch
-------------------------------------------------------------------
Wed Dec 3 09:22:24 UTC 2014 - meissner.com
- the openssl engines moved to /%_lib/engines bnc#905480
-------------------------------------------------------------------
Thu Aug 14 13:03:44 UTC 2014 - jjolly.com
- Forced requirement of libica-2_3_0 (bnc#890824)
-------------------------------------------------------------------
Thu Jun 26 07:35:34 UTC 2014 - meissner.com
- openssl-des-ede.patch: fixed a crash during benchmark (bnc#879922)
- openssl-pkey.patch: defer HMAC signing to pkey framework, fixes
fips self-test during EC key creation (bnc#879922)
- spec file cleaned up a bit
-------------------------------------------------------------------
Tue Mar 18 12:33:49 UTC 2014 - jjolly.com
- openssl-ibmca-sha256-digest-length.patch: SHA256: Fixed message
digest length definition in sha256 template (bnc#868275)
-------------------------------------------------------------------
Wed Mar 5 18:51:25 CET 2014 - ro.de
- update to 1.2.0
- removed patches:
ibmca-configure.patch
ibmca-segfault.fix.patch
ibmca-sw-fix.patch
openssl-ibmca-1.0.0.rc2-memset-fix.patch
- make it exclusivearch for s390/s390x as the required libica
is only available for s390/s390x
-------------------------------------------------------------------
Wed Feb 19 14:02:44 UTC 2014 - jjolly.com
- Made required libica-2_1_0 s390 specific
- Added x86_64 to ExclusiveArch as %ix86 doesn't do it
- Removed libica requirement - allowing build process to find it
-------------------------------------------------------------------
Wed Feb 19 06:10:42 UTC 2014 - jjolly.com
- Added COPYING to %files
-------------------------------------------------------------------
Tue Feb 18 14:47:27 UTC 2014 - jjolly.com
- Requiring libica 2.1.0 or greater
-------------------------------------------------------------------
Tue Dec 10 20:55:24 UTC 2013 - dvaleev.com
- enable ppc64le
-------------------------------------------------------------------
Fri Mar 23 11:27:45 UTC 2012 - dvaleev.com
- fix build (add autoconf automake libtool to BuildRequires)
-------------------------------------------------------------------
Thu Mar 24 17:19:11 UTC 2011 - coolo.com
- disable libtool --finish call
-------------------------------------------------------------------
Fri Dec 17 10:56:05 UTC 2010 - coolo.com
- own engines directory
-------------------------------------------------------------------
Mon Feb 1 12:13:29 UTC 2010 - jengelh.de
- package baselibs.conf
-------------------------------------------------------------------
Wed Jan 7 12:34:56 CET 2009 - olh.de
- obsolete old -XXbit packages (bnc#437293)
-------------------------------------------------------------------
Thu Apr 10 12:54:45 CEST 2008 - ro.de
- added baselibs.conf file to build xxbit packages
for multilib support
-------------------------------------------------------------------
Tue Feb 13 12:51:00 CET 2007 - uli.de
- added fixes by IBM (bug #243801):
ibmca-segfault.fix: rewrite ibmca_mod_expto remove improper use of BIGNUM
object
ibmca-sw-fix: rewrite ibmca_mod_exp_crtto remove improper use of BIGNUM
object
openssl-ibmca-1.0.0.rc2-memset-fix.patch: fix memory initialization problem
-------------------------------------------------------------------
Mon Jun 19 17:22:37 CEST 2006 - uli.de
- updated README (bug #185508)
-------------------------------------------------------------------
Tue Mar 28 14:27:32 CEST 2006 - hare.de
- Fixed configure.in to build correctly
- Fixed spec file
- Initial version from Mike Halcrow