forked from pool/openssl-ibmca
Accepting request 1168592 from home:ngueorguiev:branches:security:tls
- Amended the .spec file - Changed the package names +-------------+---------------------------------+--------------------------+ | Flavor | Package name | Note | +-------------+---------------------------------+--------------------------+ | '' | openssl-ibmca | Both engine and provider | | openssl1_1 | openssl1_1-ibmca | openssl1 flavor | | engine | openssl-ibmca-engine | Only engine | | provider | openssl-ibmca-provider | Only provider | +-------------+---------------------------------+--------------------------+ - Applied a patch for openssl1_1 (bsc#1221627) * openssl1-rename-libica-files.patch - Re-implemented flavors (openssl3, engine, provider) (bsc#1221627) +------------+---------------------------------+--------------------------+ | Flavor | Package name | Note | +------------+---------------------------------+--------------------------+ | '' | openssl-ibmca | openssl1 flavor | | engine | openssl3-ibmca-engine | Only engine | | provider | openssl3-ibmca-provider | Only provider | | openssl3 | openssl3-ibmca | Both engine and provider | +------------+---------------------------------+--------------------------+ - Changing/editing 'dynamic_path' after the installation on the target system * From /usr/lib64/ossl-modules to /usr/lib64/engines-3 in /usr/share/doc/packages/openssl3-ibmca/ibmca-engine-opensslconfig for openssl3 flavor - Amended the .spec file (bsc#1221627) * Removed the flavors * Removed 'muiltibuild' environment * Removed the 'provider' logic - Updated the .spec file (bsc#1218933, bsc#1221627) * Amended the .spec file to use modulesdir variable - Implemented _multibuild environment (openssl1, engine, provider) - Added a flag and logic for provider in the .spec file * When provider is set to 1, it 'configures' the provider * When provider is set to 0, it 'configures' the engine - Removed an obsolete patch (implemented in the version 2.4.1) * openssl-ibmca-engine-noregister.patch - Upgrade to version 2.4.1 (jsc#PED-5422) * Provider: Change the default log directory to /tmp * Bug fixes - Updated the .spec file, amended to use libica4 instead of libica * Requires: libica4 >= 4 - Updated the .spec file * uses a flag openssl3 (1 or 0) to include or not the openssl3 libraries - Updated the .spec file as follow: * BuildRequires: libica-devel >= 4.0.0 * BuildRequires: libica-tools >= 4.0.0 - Added dependency on libica4 (bsc#1209038) * BuildRequires and Requires statements in .spec file for libica4 - Applies a patch (bsc#1210359) * openssl-ibmca-engine-noregister.patch - Updated the '#dynamic_path' line, as it was before, with the comment '#'. - Upgraded openssl-ibmca to version 2.4.0 (bsc#1210059) * openssl-ibmca 2.4.0 - Provider: Adjustments for OpenSSL versions 3.1 and 3.2 - Provider: Support RSA blinding - Provider: Constant-time fixes for RSA PKCS#1 v1.5 and OAEP padding - Provider: Support "implicit rejection" option for RSA PKCS#1 v1.5 padding - Provider: Adjustments in OpenSSL config generator and example configs - Engine: EC: Cache ICA key in EC_KEY object (performance improvement) - Engine: Enable RSA blinding - Updated .spec file removed '#' from the line containing 'sed -e 's/^dynamic_path/#dynamic_path/' (bsc#1209038) - Added in %files * /usr/lib64/engines-3/ibmca-provider.la * /usr/lib64/engines-3/ibmca-provider.so - Upgraded to version 2.3.1 (jsc#PED-597) * openssl-ibmca 2.3.1 - Adjustments for libica 4.1.0 * openssl-ibmca 2.3.0 - First version including the provider - Fix for engine build without OpenSSL 3.0 sources * openssl-ibmca 2.2.3 - Fix PKEY segfault with OpenSSL 3.0 * openssl-ibmca 2.2.2 - Fix tests with OpenSSL 3.0 - Build against libica 4.0 - Removed a Requires for libica from the specfile. - Removed the obsolete baselibs.conf file - Completely revamped the postinstall scriptlet so that it doesn't need to know or care about how many lines are in either /etc/ssl/openssl.cnf, or the sample file at /usr/share/doc/packages/openssl-ibmca/openssl.cnf.sample We're now using the ".include" directive for the openssl.cnf file, and only modifying that file the minimum necessary to implement the change. (bsc#1004463) - Upgraded to version 2.2.1 (jsc#SLE-18333) * openssl-ibmca 2.2.1 Bug fixes * openssl-ibmca 2.2.0 Implement fallbacks based on OpenSSL Disable software fallbacks from libica Allow to specify default library (libica vs. libica-cex) to use Provide "libica" engine ctrl to switch library at load time Update README.md Remove libica link dependency Generate sample configuration files from system configuration Restructure registration global data * openssl-ibmca 2.1.3 Bug fix * openssl-ibmca 2.1.2 Bug fixes - Modified spec file to * Define a global variable enginesdir the same was as IBM does instead of _ENGINE_DIR as we had been doing. * Implemented %make_build macro according to spec-cleaner * Changed the package description to match IBM's. * Removed the redundant "autoreconf --force --install" - Upgrade to version 2.1.1 (jsc#SLE-13709) * Bug fixes - Upgrade to version 2.1.0 (jsc#SLE-7852, jsc#SLE-7882) Add MSA9 CPACF support for X25519, X448, Ed25519 and Ed448 - Upgraded to version 2.0.3 (jsc#SLE-6123, jsc#SLE-6424) * openssl-ibmca 2.0.3 Add MSA9 CPACF support for ECDSA sign/verify - Dropped obsolete openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch - Changed the ExclusiveArch directive to include s390x only. - The code in e_ibmca.c does a dlopen for libica.so.3, instead of linking against the shared library. As a result, if the package containing libica.so.3 isn't installed, problems occur. Added a "Requires: libica3" to the spec file to fix this. (bsc#1142286) - Made a couple of changes to the spec file based on the output from spec-cleaner. - Added openssl-ibmca-sles15sp1-Move-ERR_load-unload-to-bind_helper-resp-destroy-fun.patch An Apache HTTP Server was set up with mod_ssl and the openssl ibmca engine using libica and a CEX6A card. Whenever a worker process is cleaned up a segmentation fault occurs. (bsc#1138517) - Upgraded to version 2.0.2 (Fate#325688) * openssl-ibmca 2.0.2 Fix doing rsa-me, altough rsa-crt would be possible. - Upgraded to version 2.0.1 (Fate#325688) * openssl-ibmca 2.0.1 Dont fail when a libica symbol cannot be resolved. - Made multiple changes to the spec file based on spec-cleaner output. - Upgraded to version 2.0.0 (Fate#325688) * openssl-ibmca 2.0.0 Add ECC support. Add check and distcheck make-targets. Project cleanup, code was broken into multiple files and coding style cleanup. Improvements to compat macros for openssl. Don't disable libica sw fallbacks. Fix dlclose logic. * openssl-ibmca 1.4.1 Fix structure size for aes-256-ecb/cbc/cfb/ofb Update man page Switch to ibmca.so filename to allow standalone use Switch off Libica fallback mode if available Make sure ibmca_init only runs once Provide simple macro for DEBUG_PRINTF possibility Cleanup and slight rework of function set_supported_meths - Did some cleanup to the spec file, based on spec-cleanup. - Removed the following obsolete patches: * openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch * openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch * openssl-ibmca-sles15-Update-lib-name-in-documentation.patch - Added the following patches for bsc#1097463 * openssl-ibmca-sles15-Switch-to-ibmca.so-filename-to-allow-a-standalone-us.patch * openssl-ibmca-sles15-Fix-lib-name-in-test-code.patch * openssl-ibmca-sles15-Update-lib-name-in-documentation.patch - Upgraded to version 1.4.0 * Re-license to Apache License v2.0 * Fix aes_gcm initialization. * Update man page. * Add macros for OpenSSL 0.9.8 compat. * Remove AC_FUNC_MALLOC from configure.ac * Add compat macro for OpenSSL 1.0.1e-fips. * Setting 'foreign' strictness for automake. * Add AES-GCM support. * Rework EVP_aes macros. * Remove dependency of old local OpenSSL headers. * Fix engine initialization to set function pointers only once. * Remove blank COPYING and NEWS files. * Remove INSTALL and move its content to README.md * Update README.md file to make use of markdown. * Rename README file to README.md to use markdown * Add CONTRIBUTING guidelines. * Adding coding style documentation. * Enable EVP_MD_FLAG_FIPS flag for SHA-*. * Initialize rsa_keygen in RSA_METHOD for openssl < 1.1.0 * Fix SHA512 EVP digest struct to use EVP_MD_FLAG_PKEY_METHOD_SIGNATURE when using OpenSSL 1.0 * Fix wrong parenthesis * convert libica loading to dlopen() and friends * Add support to DSO on new API of OpenSSL-1.1.0 - Removed obsolete openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch - Added BuildRequires for autoconf, automake, and libtool. - Updated BuildRequires for libica-devel to be >= 3.1.1 - Now that the openSSL engines directory is versioned: * Modified the spec file to query the libcrypto package for which directory to install the engine into. * Removed openssl-ibmca-fix-enginepath.patch. Replaced it with a sed command so that it will provide the correct versioned engines directory - Removed openssl-ibmca-configure.patch. It doesn't seem to be needed any longer. - Added openssl-ibmca-fix-sha512-evp-digest-to-use-evp_md_flag_pkey_method_signature.patch (bsc#1032113) - Added libica-tools to the BuildRequires due to repackaging of libica. - Renamed BuildRequires from libica2-devel to libica-devel for the same reason. - Tweaked a comment to get rid of an rpmlint warning message. - fixed ssl configuration merging (bsc#1004463) - openssl-ibmca-fix-enginepath.patch: fix the engine path - Use macro for configure (fate#319941) - Use url for source - Enable parallel building - Cleanup spec file with spec-cleaner - Upgraded to version 1.3.0 (fate#319941) - Updated openssl-ibmca-configure.patch to apply cleanly - Removed obsolete patches - openssl-ibmca-README.patch - openssl-ibmca-sha256-digest-length.patch - openssl-pkey.patch - openssl-des-ede.patch - Did some spec file cleanup. - Fixed %post script to update library path (the only dynamic part of the ibmca configuration) every time the package is installed. (bsc#966139) - Updated AUTHORS, INSTALL, and README (bsc#942839) - %post and %postun added to properly update openssl.cnf (bsc#942839) - Updated to used libica2 == v2.4.2 for SLE12-SP1 (bsc#951138) - Remove dependency on fillup anf insserv; the package provides neither sysconfig file nor sysvinit script - Remove depreciated AUTHORS section - Use %configure macro - Add openssl-ibmca-configure.patch - the openssl engines moved to /%_lib/engines bnc#905480 - Forced requirement of libica-2_3_0 (bnc#890824) - openssl-des-ede.patch: fixed a crash during benchmark (bnc#879922) - openssl-pkey.patch: defer HMAC signing to pkey framework, fixes fips self-test during EC key creation (bnc#879922) - spec file cleaned up a bit - openssl-ibmca-sha256-digest-length.patch: SHA256: Fixed message digest length definition in sha256 template (bnc#868275) - update to 1.2.0 - removed patches: ibmca-configure.patch ibmca-segfault.fix.patch ibmca-sw-fix.patch openssl-ibmca-1.0.0.rc2-memset-fix.patch - make it exclusivearch for s390/s390x as the required libica is only available for s390/s390x - Made required libica-2_1_0 s390 specific - Added x86_64 to ExclusiveArch as %ix86 doesn't do it - Removed libica requirement - allowing build process to find it - Added COPYING to %files - Requiring libica 2.1.0 or greater - enable ppc64le - fix build (add autoconf automake libtool to BuildRequires) - disable libtool --finish call - own engines directory - package baselibs.conf - obsolete old -XXbit packages (bnc#437293) - added baselibs.conf file to build xxbit packages for multilib support - added fixes by IBM (bug #243801): ibmca-segfault.fix: rewrite ibmca_mod_expto remove improper use of BIGNUM object ibmca-sw-fix: rewrite ibmca_mod_exp_crtto remove improper use of BIGNUM object openssl-ibmca-1.0.0.rc2-memset-fix.patch: fix memory initialization problem - updated README (bug #185508) - Fixed configure.in to build correctly - Fixed spec file - Initial version from Mike Halcrow OBS-URL: https://build.opensuse.org/request/show/1168592 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=68
This commit is contained in:
parent
01268ca482
commit
450c38b5ae
@ -1,5 +1,5 @@
|
|||||||
<multibuild>
|
<multibuild>
|
||||||
<flavor>openssl3</flavor>
|
<flavor>openssl1_1</flavor>
|
||||||
<flavor>engine</flavor>
|
<flavor>engine</flavor>
|
||||||
<flavor>provider</flavor>
|
<flavor>provider</flavor>
|
||||||
</multibuild>
|
</multibuild>
|
||||||
|
@ -1,16 +1,16 @@
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Apr 17 10:14:00 UTC 2024 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
|
Wed Apr 17 14:04:14 UTC 2024 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
|
||||||
|
|
||||||
- Amended the .spec file
|
- Amended the .spec file
|
||||||
- Changed the package names
|
- Changed the package names
|
||||||
+------------+---------------------------------+--------------------------+
|
+-------------+---------------------------------+--------------------------+
|
||||||
| Flavor | Package name | Note |
|
| Flavor | Package name | Note |
|
||||||
+------------+---------------------------------+--------------------------+
|
+-------------+---------------------------------+--------------------------+
|
||||||
| '' | openssl1_1-ibmca | openssl1 flavor |
|
| '' | openssl-ibmca | Both engine and provider |
|
||||||
| engine | openssl-ibmca-engine | Only engine |
|
| openssl1_1 | openssl1_1-ibmca | openssl1 flavor |
|
||||||
| provider | openssl-ibmca-provider | Only provider |
|
| engine | openssl-ibmca-engine | Only engine |
|
||||||
| openssl3 | openssl-ibmca | Both engine and provider |
|
| provider | openssl-ibmca-provider | Only provider |
|
||||||
+------------+---------------------------------+--------------------------+
|
+-------------+---------------------------------+--------------------------+
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Apr 17 08:41:08 UTC 2024 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
|
Wed Apr 17 08:41:08 UTC 2024 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# spec file for package openssl-ibmca
|
# spec file for package openssl1_1-ibmca
|
||||||
#
|
#
|
||||||
# Copyright (c) 2024 SUSE LLC
|
# Copyright (c) 2024 SUSE LLC
|
||||||
#
|
#
|
||||||
@ -24,13 +24,13 @@
|
|||||||
|
|
||||||
%define flavor @BUILD_FLAVOR@%{nil}
|
%define flavor @BUILD_FLAVOR@%{nil}
|
||||||
|
|
||||||
%if "%{flavor}" == ""
|
%if "%{flavor}" == "openssl1_1"
|
||||||
%global sslengcnf %{_sysconfdir}/ssl/engines1.1.d
|
%global sslengcnf %{_sysconfdir}/ssl/engines1.1.d
|
||||||
%global sslengdef %{_sysconfdir}/ssl/engdef1.1.d
|
%global sslengdef %{_sysconfdir}/ssl/engdef1.1.d
|
||||||
Name: openssl1_1-ibmca
|
Name: openssl1_1-ibmca
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if "%{flavor}" == "openssl3"
|
%if "%{flavor}" == ""
|
||||||
Name: openssl-ibmca
|
Name: openssl-ibmca
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
@ -56,7 +56,7 @@ BuildRequires: autoconf
|
|||||||
BuildRequires: automake
|
BuildRequires: automake
|
||||||
BuildRequires: libtool
|
BuildRequires: libtool
|
||||||
###
|
###
|
||||||
%if "%{flavor}" != ""
|
%if "%{flavor}" != "openssl1_1"
|
||||||
BuildRequires: libica-devel >= 4.0.0
|
BuildRequires: libica-devel >= 4.0.0
|
||||||
BuildRequires: libica-tools >= 4.0.0
|
BuildRequires: libica-tools >= 4.0.0
|
||||||
BuildRequires: libopenssl-3-devel
|
BuildRequires: libopenssl-3-devel
|
||||||
@ -75,7 +75,7 @@ Requires: libopenssl1_1
|
|||||||
###
|
###
|
||||||
ExclusiveArch: s390x
|
ExclusiveArch: s390x
|
||||||
|
|
||||||
%if "%{flavor}" == ""
|
%if "%{flavor}" == "openssl1_1"
|
||||||
Patch001: openssl1-rename-libica-files.patch
|
Patch001: openssl1-rename-libica-files.patch
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
@ -91,7 +91,7 @@ to libica, a library enabling the IBM s390/x CPACF crypto instructions.
|
|||||||
export CFLAGS="%{optflags}"
|
export CFLAGS="%{optflags}"
|
||||||
export CPPFLAGS="%{optflags}"
|
export CPPFLAGS="%{optflags}"
|
||||||
|
|
||||||
%if "%{flavor}" == "openssl3"
|
%if "%{flavor}" == ""
|
||||||
%configure \
|
%configure \
|
||||||
--libdir=%{modulesdir}
|
--libdir=%{modulesdir}
|
||||||
mkdir -p %{buildroot}/%{enginesdir}
|
mkdir -p %{buildroot}/%{enginesdir}
|
||||||
@ -109,7 +109,7 @@ export CPPFLAGS="%{optflags}"
|
|||||||
--libdir=%{modulesdir}
|
--libdir=%{modulesdir}
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if "%{flavor}" == ""
|
%if "%{flavor}" == "openssl1_1"
|
||||||
%configure \
|
%configure \
|
||||||
--libdir=%{enginesdir}
|
--libdir=%{enginesdir}
|
||||||
%endif
|
%endif
|
||||||
@ -125,11 +125,11 @@ sed -i -e "/^dynamic_path/s, = .*/, = %{enginesdir}/," src/engine/openssl.cnf.sa
|
|||||||
|
|
||||||
%make_install
|
%make_install
|
||||||
|
|
||||||
%if "%{flavor}" == ""
|
%if "%{flavor}" == "openssl1_1"
|
||||||
rm -f %{buildroot}/%{enginesdir}/ibmca-provider.*
|
rm -f %{buildroot}/%{enginesdir}/ibmca-provider.*
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if "%{flavor}" == "openssl3"
|
%if "%{flavor}" == ""
|
||||||
mkdir -p %{buildroot}/%{enginesdir}
|
mkdir -p %{buildroot}/%{enginesdir}
|
||||||
mv %{buildroot}/%{modulesdir}/ibmca.* %{buildroot}/%{enginesdir}/
|
mv %{buildroot}/%{modulesdir}/ibmca.* %{buildroot}/%{enginesdir}/
|
||||||
%endif
|
%endif
|
||||||
@ -161,7 +161,7 @@ mkdir -p %{sslengdef}
|
|||||||
cp -p %{_datadir}/%{name}/openssl-ibmca.sectiondef.txt %{sslengcnf}/openssl-ibmca.cnf
|
cp -p %{_datadir}/%{name}/openssl-ibmca.sectiondef.txt %{sslengcnf}/openssl-ibmca.cnf
|
||||||
cp -p %{_datadir}/%{name}/openssl-ibmca.enginedef.cnf %{sslengdef}/openssl-ibmca.cnf
|
cp -p %{_datadir}/%{name}/openssl-ibmca.enginedef.cnf %{sslengdef}/openssl-ibmca.cnf
|
||||||
|
|
||||||
%if "%{flavor}" == "openssl3"
|
%if "%{flavor}" == ""
|
||||||
cp -p /usr/share/doc/packages/openssl-ibmca/ibmca-engine-opensslconfig /usr/share/doc/packages/openssl-ibmca/ibmca-engine-opensslconfig.orig
|
cp -p /usr/share/doc/packages/openssl-ibmca/ibmca-engine-opensslconfig /usr/share/doc/packages/openssl-ibmca/ibmca-engine-opensslconfig.orig
|
||||||
sed -e 's/ossl-modules/engines-3/' /usr/share/doc/packages/openssl-ibmca/ibmca-engine-opensslconfig.orig > /usr/share/doc/packages/openssl-ibmca/ibmca-engine-opensslconfig
|
sed -e 's/ossl-modules/engines-3/' /usr/share/doc/packages/openssl-ibmca/ibmca-engine-opensslconfig.orig > /usr/share/doc/packages/openssl-ibmca/ibmca-engine-opensslconfig
|
||||||
rm /usr/share/doc/packages/openssl-ibmca/ibmca-engine-opensslconfig.orig
|
rm /usr/share/doc/packages/openssl-ibmca/ibmca-engine-opensslconfig.orig
|
||||||
@ -180,7 +180,7 @@ fi
|
|||||||
%dir %{_datadir}/%{name}
|
%dir %{_datadir}/%{name}
|
||||||
%{_datadir}/%{name}/openssl-ibmca.sectiondef.txt
|
%{_datadir}/%{name}/openssl-ibmca.sectiondef.txt
|
||||||
%{_datadir}/%{name}/openssl-ibmca.enginedef.cnf
|
%{_datadir}/%{name}/openssl-ibmca.enginedef.cnf
|
||||||
%if "%{flavor}" == "openssl3"
|
%if "%{flavor}" == ""
|
||||||
%doc src/engine/ibmca-engine-opensslconfig
|
%doc src/engine/ibmca-engine-opensslconfig
|
||||||
%doc src/provider/ibmca-provider-opensslconfig
|
%doc src/provider/ibmca-provider-opensslconfig
|
||||||
%doc src/engine/openssl.cnf.sample
|
%doc src/engine/openssl.cnf.sample
|
||||||
@ -200,7 +200,7 @@ fi
|
|||||||
%{enginesdir}/ibmca.*
|
%{enginesdir}/ibmca.*
|
||||||
%{_mandir}/man5/ibmca.5%{?ext_man}
|
%{_mandir}/man5/ibmca.5%{?ext_man}
|
||||||
%endif
|
%endif
|
||||||
%if "%{flavor}" == ""
|
%if "%{flavor}" == "openssl1_1"
|
||||||
%doc src/engine/openssl.cnf.sample
|
%doc src/engine/openssl.cnf.sample
|
||||||
%{enginesdir}/ibmca.*
|
%{enginesdir}/ibmca.*
|
||||||
%{_mandir}/man5/ibmca.5%{?ext_man}
|
%{_mandir}/man5/ibmca.5%{?ext_man}
|
||||||
|
Loading…
Reference in New Issue
Block a user