diff --git a/.gitignore b/.gitignore
index 024cc2d..b268f8e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,4 @@ libp11-0.2.7.tar.gz
 /libp11-0.4.2.tar.gz
 /libp11-0.4.2.tar.gz.asc
 /libp11-0.4.6.tar.gz
+/libp11-0.4.7.tar.gz
diff --git a/libp11-0.4.0-paths.patch b/libp11-0.4.0-paths.patch
deleted file mode 100644
index 325e779..0000000
--- a/libp11-0.4.0-paths.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-diff --git a/examples/listkeys.c b/examples/listkeys.c
-index 5e4249b..38e16b9 100644
---- a/examples/listkeys.c
-+++ b/examples/listkeys.c
-@@ -77,13 +77,6 @@ int main(int argc, char *argv[])
- 	printf("Slot token model.......: %s\n", slot->token->model);
- 	printf("Slot token serialnr....: %s\n", slot->token->serialnr);
- 
--	/* get public keys */
--	rc = PKCS11_enumerate_public_keys(slot->token, &keys, &nkeys);
--	error_queue("PKCS11_enumerate_public_keys");
--	CHECK_ERR(rc < 0, "PKCS11_enumerate_public_keys failed", 4);
--	CHECK_ERR(nkeys == 0, "No public keys found", 5);
--	list_keys("Public keys", keys, nkeys);
--
- 	if (slot->token->loginRequired && argc > 2) {
- 		strcpy(password, argv[2]);
- 		/* perform pkcs #11 login */
-@@ -93,6 +86,13 @@ int main(int argc, char *argv[])
- 		CHECK_ERR(rc < 0, "PKCS11_login failed", 6);
- 	}
- 
-+	/* get public keys */
-+	rc = PKCS11_enumerate_public_keys(slot->token, &keys, &nkeys);
-+	error_queue("PKCS11_enumerate_public_keys");
-+	CHECK_ERR(rc < 0, "PKCS11_enumerate_public_keys failed", 4);
-+	CHECK_ERR(nkeys == 0, "No public keys found", 5);
-+	list_keys("Public keys", keys, nkeys);
-+
- 	/* get private keys */
- 	rc = PKCS11_enumerate_keys(slot->token, &keys, &nkeys);
- 	error_queue("PKCS11_enumerate_keys");
-
diff --git a/libp11-0.4.2-openssl.patch b/libp11-0.4.2-openssl.patch
deleted file mode 100644
index abaa240..0000000
--- a/libp11-0.4.2-openssl.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-diff --git a/src/eng_front.c b/src/eng_front.c
-index d170604..c4fac6d 100644
---- a/src/eng_front.c
-+++ b/src/eng_front.c
-@@ -68,7 +68,9 @@
- #include <openssl/crypto.h>
- #include <openssl/objects.h>
- #include <openssl/engine.h>
--#include <openssl/dso.h>
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+# include <openssl/dso.h>
-+#endif
- #ifndef ENGINE_CMD_BASE
- #error did not get engine.h
- #endif
-diff --git a/src/p11_ec.c b/src/p11_ec.c
-index dd1742e..d2966cc 100644
---- a/src/p11_ec.c
-+++ b/src/p11_ec.c
-@@ -278,13 +278,19 @@ static ECDSA_SIG *pkcs11_ecdsa_sign_sig(const unsigned char *dgst, int dlen,
- 	if (sig == NULL)
- 		return NULL;
- #if OPENSSL_VERSION_NUMBER >= 0x10100000L
--	ECDSA_SIG_get0(&r, &s, sig);
-+	r = BN_new();
-+	s = BN_new();
- #else
- 	r = sig->r;
- 	s = sig->s;
- #endif
-+
- 	BN_bin2bn(sigret, siglen/2, r);
- 	BN_bin2bn(sigret + siglen/2, siglen/2, s);
-+
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+	ECDSA_SIG_set0(sig, r, s);
-+#endif
- 	return sig;
- }
- 
-diff --git a/src/p11_key.c b/src/p11_key.c
-index 3a38907..65667c2 100644
---- a/src/p11_key.c
-+++ b/src/p11_key.c
-@@ -223,7 +223,7 @@ static int pkcs11_store_key(PKCS11_TOKEN * token, EVP_PKEY * pk,
- 	CK_ATTRIBUTE attrs[32];
- 	unsigned int n = 0;
- 	int rv;
--	BIGNUM *rsa_n, *rsa_e, *rsa_d, *rsa_p, *rsa_q;
-+	const BIGNUM *rsa_n, *rsa_e, *rsa_d, *rsa_p, *rsa_q;
- 
- 	/* First, make sure we have a session */
- 	if (!spriv->haveSession && PKCS11_open_session(slot, 1))
-diff --git a/src/p11_rsa.c b/src/p11_rsa.c
-index e36bc76..f0aa822 100644
---- a/src/p11_rsa.c
-+++ b/src/p11_rsa.c
-@@ -271,7 +271,7 @@ static EVP_PKEY *pkcs11_get_evp_key_rsa(PKCS11_KEY *key)
- int pkcs11_get_key_modulus(PKCS11_KEY *key, BIGNUM **bn)
- {
- 	RSA *rsa = pkcs11_rsa(key);
--	BIGNUM *rsa_n;
-+	const BIGNUM *rsa_n;
- 
- 	if (rsa == NULL)
- 		return 0;
-@@ -288,7 +288,7 @@ int pkcs11_get_key_modulus(PKCS11_KEY *key, BIGNUM **bn)
- int pkcs11_get_key_exponent(PKCS11_KEY *key, BIGNUM **bn)
- {
- 	RSA *rsa = pkcs11_rsa(key);
--	BIGNUM *rsa_e;
-+	const BIGNUM *rsa_e;
- 
- 	if (rsa == NULL)
- 		return 0;
diff --git a/libp11-0.4.2-soname.patch b/libp11-0.4.2-soname.patch
deleted file mode 100644
index 22e5a2e..0000000
--- a/libp11-0.4.2-soname.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-diff --git a/configure.ac b/configure.ac
-index 2f79b80..c56acf9 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -2,6 +2,7 @@ dnl -*- mode: m4; -*-
- 
- AC_PREREQ(2.60)
- 
-+# When bumping versions see also the LT vesion numbers below.
- define([PACKAGE_VERSION_MAJOR], [0])
- define([PACKAGE_VERSION_MINOR], [4])
- define([PACKAGE_VERSION_FIX], [2])
-@@ -17,15 +18,6 @@ LIBP11_VERSION_MAJOR="PACKAGE_VERSION_MAJOR"
- LIBP11_VERSION_MINOR="PACKAGE_VERSION_MINOR"
- LIBP11_VERSION_FIX="PACKAGE_VERSION_FIX"
- 
--# LT Version numbers, remember to change them just *before* a release.
--#   (Code changed:                      REVISION++)
--#   (Oldest interface removed:          OLDEST++)
--#   (Interfaces added:                  CURRENT++, REVISION=0)
--LIBP11_LT_CURRENT="6"
--LIBP11_LT_OLDEST="2"
--LIBP11_LT_REVISION="2"
--LIBP11_LT_AGE="$((${LIBP11_LT_CURRENT}-${LIBP11_LT_OLDEST}))"
--
- AC_CONFIG_SRCDIR([src/libp11.h])
- 
- # silent build by default
-@@ -36,6 +28,35 @@ AC_PROG_CC
- PKG_PROG_PKG_CONFIG
- AC_C_BIGENDIAN
- 
-+# we need to set our soversion based on openssl's soversion to avoid
-+# issues with applications linking to new openssl, old libp11, and vice versa
-+case "`$PKG_CONFIG --modversion --silence-errors libcrypto || \
-+	$PKG_CONFIG --modversion openssl`" in
-+	1.1.*) # Predicted engines directory prefix for OpenSSL 1.1.x
-+	    LIBP11_LT_OLDEST="3"
-+	    debian_ssl_prefix="openssl-1.1.0";;
-+	1.0.*) # Engines directory prefix for OpenSSL 1.0.x
-+	    LIBP11_LT_OLDEST="2"
-+	    debian_ssl_prefix="openssl-1.0.0";;
-+	*) # Engines directory prefix for OpenSSL 0.9.x
-+	    LIBP11_LT_OLDEST="2"
-+	    debian_ssl_prefix="ssl";;
-+esac
-+
-+
-+# LT Version numbers, remember to change them just *before* a release.
-+#   (Code changed:                      REVISION++)
-+#   (Oldest interface removed:          OLDEST++)
-+#   (Interfaces added:                  CURRENT++, REVISION=0)
-+#
-+# Note that at this moment we tie the oldest (soname) version to
-+# the openssl version we link to. If the ABI is broken on a later
-+# release, we should either stick to supporting a single openssl ABI
-+# or bump the LT_OLDEST version sufficiently to avoid clashes.
-+LIBP11_LT_REVISION="2"
-+LIBP11_LT_CURRENT="6"
-+LIBP11_LT_AGE="$((${LIBP11_LT_CURRENT}-${LIBP11_LT_OLDEST}))"
-+
- gl_LD_VERSION_SCRIPT
- 
- AC_ARG_WITH(
-@@ -108,15 +129,6 @@ AC_ARG_WITH(
- 		if test "${enginesdir}" = ""; then
- 		    libcryptodir="`$PKG_CONFIG --variable=libdir --silence-errors libcrypto || \
- 			$PKG_CONFIG --variable=libdir openssl`"
--		    case "`$PKG_CONFIG --modversion --silence-errors libcrypto || \
--			$PKG_CONFIG --modversion openssl`" in
--			1.1.*) # Predicted engines directory prefix for OpenSSL 1.1.x
--			    debian_ssl_prefix="openssl-1.1.0";;
--			1.0.*) # Engines directory prefix for OpenSSL 1.0.x
--			    debian_ssl_prefix="openssl-1.0.0";;
--			*) # Engines directory prefix for OpenSSL 0.9.x
--			    debian_ssl_prefix="ssl";;
--		    esac
- 		    if test -d "$libcryptodir/$debian_ssl_prefix/engines"; then
- 			# Debian-based OpenSSL package (for example Ubuntu)
- 			enginesdir="$libcryptodir/$debian_ssl_prefix/engines"
diff --git a/libp11-0.4.2-versioned-symbols.patch b/libp11-0.4.2-versioned-symbols.patch
deleted file mode 100644
index eb25b0d..0000000
--- a/libp11-0.4.2-versioned-symbols.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-diff --git a/configure.ac b/configure.ac
-index a69e230..2f79b80 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -36,6 +36,8 @@ AC_PROG_CC
- PKG_PROG_PKG_CONFIG
- AC_C_BIGENDIAN
- 
-+gl_LD_VERSION_SCRIPT
-+
- AC_ARG_WITH(
- 	[cygwin-native],
- 	[AS_HELP_STRING([--with-cygwin-native],[compile native win32])],
-@@ -221,6 +223,18 @@ if test "${enable_strict}" = "yes"; then
- 	CFLAGS="${CFLAGS} -Wall -Wextra"
- fi
- 
-+rm -f src/libp11.map
-+echo "LIBP11_${LIBP11_LT_OLDEST}" > src/libp11.map
-+echo "{" >> src/libp11.map
-+echo "global:" >> src/libp11.map
-+tr '\n' ';' <src/libp11.exports >>src/libp11.map
-+echo "" >> src/libp11.map
-+echo "local:" >> src/libp11.map
-+echo '*;' >> src/libp11.map
-+echo "};" >> src/libp11.map
-+
-+chmod ugo-w src/libp11.map
-+
- AC_CONFIG_FILES([
- 	Makefile
- 	src/Makefile
-diff --git a/m4/ld-version-script.m4 b/m4/ld-version-script.m4
-new file mode 100644
-index 0000000..330c2cc
---- /dev/null
-+++ b/m4/ld-version-script.m4
-@@ -0,0 +1,48 @@
-+# ld-version-script.m4 serial 4
-+dnl Copyright (C) 2008-2016 Free Software Foundation, Inc.
-+dnl This file is free software; the Free Software Foundation
-+dnl gives unlimited permission to copy and/or distribute it,
-+dnl with or without modifications, as long as this notice is preserved.
-+
-+dnl From Simon Josefsson
-+
-+# FIXME: The test below returns a false positive for mingw
-+# cross-compiles, 'local:' statements does not reduce number of
-+# exported symbols in a DLL.  Use --disable-ld-version-script to work
-+# around the problem.
-+
-+# gl_LD_VERSION_SCRIPT
-+# --------------------
-+# Check if LD supports linker scripts, and define automake conditional
-+# HAVE_LD_VERSION_SCRIPT if so.
-+AC_DEFUN([gl_LD_VERSION_SCRIPT],
-+[
-+  AC_ARG_ENABLE([ld-version-script],
-+    [AS_HELP_STRING([--enable-ld-version-script],
-+       [enable linker version script (default is enabled when possible)])],
-+    [have_ld_version_script=$enableval],
-+    [AC_CACHE_CHECK([if LD -Wl,--version-script works],
-+       [gl_cv_sys_ld_version_script],
-+       [gl_cv_sys_ld_version_script=no
-+        save_LDFLAGS=$LDFLAGS
-+        LDFLAGS="$LDFLAGS -Wl,--version-script=conftest.map"
-+        echo foo >conftest.map
-+        AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])],
-+          [],
-+          [cat > conftest.map <<EOF
-+VERS_1 {
-+        global: sym;
-+};
-+
-+VERS_2 {
-+        global: sym;
-+} VERS_1;
-+EOF
-+           AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])],
-+             [gl_cv_sys_ld_version_script=yes])])
-+        rm -f conftest.map
-+        LDFLAGS=$save_LDFLAGS])
-+     have_ld_version_script=$gl_cv_sys_ld_version_script])
-+  AM_CONDITIONAL([HAVE_LD_VERSION_SCRIPT],
-+    [test "$have_ld_version_script" = yes])
-+])
-diff --git a/src/Makefile.am b/src/Makefile.am
-index c39266b..8f6df08 100644
---- a/src/Makefile.am
-+++ b/src/Makefile.am
-@@ -22,8 +22,13 @@ endif
- libp11_la_CFLAGS = $(AM_CFLAGS) $(OPENSSL_CFLAGS)
- libp11_la_LIBADD = $(OPENSSL_LIBS)
- libp11_la_LDFLAGS = $(AM_LDFLAGS) \
--	-version-info @LIBP11_LT_CURRENT@:@LIBP11_LT_REVISION@:@LIBP11_LT_AGE@ \
--	-export-symbols "$(srcdir)/libp11.exports"
-+	-version-info @LIBP11_LT_CURRENT@:@LIBP11_LT_REVISION@:@LIBP11_LT_AGE@
-+
-+if HAVE_LD_VERSION_SCRIPT
-+libp11_la_LDFLAGS += -Wl,--version-script="$(srcdir)/libp11.map"
-+else
-+libp11_la_LDFLAGS += -export-symbols "$(srcdir)/libp11.exports"
-+endif
- 
- pkcs11_la_SOURCES = eng_front.c eng_back.c eng_parse.c engine.h pkcs11.exports
- if WIN32
diff --git a/libp11.spec b/libp11.spec
index 2db05b9..c522446 100644
--- a/libp11.spec
+++ b/libp11.spec
@@ -1,10 +1,12 @@
 # This spec file has been automatically updated
-Version:	0.4.6
-Release: 3%{?dist}
-Patch1:	libp11-0.4.0-paths.patch
-Patch2:	libp11-0.4.2-soname.patch
-Patch3:	libp11-0.4.2-openssl.patch
-Patch4:	libp11-0.4.2-versioned-symbols.patch
+Version:	0.4.7
+Release: 1%{?dist}
+%if 0%{?fedora} >= 26
+%define enginesdir %{_libdir}/engines-1.1
+%else
+%define enginesdir %{_libdir}/openssl/engines
+%endif
+
 Name:           libp11
 Summary:        Library for using PKCS#11 modules
 
@@ -19,23 +21,23 @@ BuildRequires:  doxygen graphviz
 BuildRequires:  libtool-ltdl-devel
 BuildRequires:  openssl-devel
 BuildRequires:  pkgconfig
+%if 0%{?fedora}
 BuildRequires:  autoconf automake libtool
 # needed for testsuite
 BuildRequires:  softhsm opensc
+%else
+%ifnarch ppc ppc64 ppc64le
+BuildRequires:  softhsm opensc
+%endif
+%endif
+
 
 %description
 Libp11 is a library implementing a small layer on top of PKCS#11 API to
 make using PKCS#11 implementations easier.
 
-%package devel
-Summary:        Files for developing with %{name}
-Group:          Development/Libraries
-Requires:       %{name} = %{version}-%{release}
-Conflicts: compat-openssl10-devel < 1:1.1.0
-
-%description devel
-The %{name}-devel package contains libraries and header files for
-developing applications that use %{name}.
+## We no longer ship libp11-devel; we treat libp11 as an internal library.
+## OpenSSL applications should use the engine instead.
 
 %package -n engine_pkcs11
 Summary: A PKCS#11 engine for use with OpenSSL
@@ -44,10 +46,17 @@ License: BSD
 
 BuildRequires:  openssl-devel pkgconfig
 BuildRequires:  pkgconfig(p11-kit-1)
+%if 0%{?fedora}
+BuildRequires:  softhsm opensc
+Recommends:	p11-kit-trust
+%else
+%ifnarch ppc ppc64 ppc64le
 BuildRequires:  softhsm opensc
+Requires:	p11-kit-trust
+%endif
+%endif
 Requires:       openssl > 0.9.6
 Requires:	%{name} = %{version}-%{release}
-Recommends:	p11-kit-trust
 
 %description -n engine_pkcs11
 Engine_pkcs11 is an implementation of an engine for OpenSSL. It can be loaded
@@ -59,12 +68,14 @@ cards and software for using smart cards in PKCS#11 format, such as OpenSC.
 %setup -q
 
 %build
+%if 0%{?fedora}
 autoreconf -fvi
-%configure --disable-static --enable-api-doc --with-enginesdir=%{_libdir}/engines-1.1
+%endif
+%configure --disable-static --enable-api-doc --with-enginesdir=%{enginesdir}
 make V=1 %{?_smp_mflags}
 
 %install
-mkdir -p $RPM_BUILD_ROOT%{_libdir}/engines-1.1
+mkdir -p $RPM_BUILD_ROOT%{enginesdir}
 #make install DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p"
 make install DESTDIR=$RPM_BUILD_ROOT
 
@@ -75,13 +86,20 @@ rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/%{name}/
 
 # Remove libtool .la files
 rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
-rm -f $RPM_BUILD_ROOT%{_libdir}/engines-1.1/*.la
+rm -f $RPM_BUILD_ROOT%{enginesdir}/*.la
+
+## Remove development files
+rm -f $RPM_BUILD_ROOT%{_libdir}/libp11.so
+rm -f $RPM_BUILD_ROOT%{_libdir}/pkgconfig/libp11.pc
+rm -f $RPM_BUILD_ROOT%{_includedir}/*.h
 
 %clean
 rm -rf $RPM_BUILD_ROOT
 
 %check
+%if 0%{?fedora}
 make check %{?_smp_mflags}
+%endif
 
 %post -p /sbin/ldconfig
 
@@ -92,19 +110,15 @@ make check %{?_smp_mflags}
 %doc COPYING NEWS
 %{_libdir}/libp11.so.*
 
-%files devel
-%defattr(-,root,root,-)
-%doc examples/ __docdir/api/
-%{_libdir}/libp11.so
-%{_libdir}/pkgconfig/libp11.pc
-%{_includedir}/libp11.h
-
 %files -n engine_pkcs11
 %defattr(-,root,root,-)
 %doc NEWS
-%{_libdir}/engines-1.1/*.so
+%{enginesdir}/*.so
 
 %changelog
+* Fri Oct 06 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.4.7-1
+- Update to upstream 0.4.7 release
+
 * Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.6-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
 
diff --git a/sources b/sources
index 57af083..51247ca 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (libp11-0.4.6.tar.gz) = fe335c0670befe0f9be541f1751f96aab4ef9572ae2ba67edd73d019ffe9cfdcff110667e6ecabf3591cd7c64bf57bc1feedd2aad879e8dd16f545ebf81e2a9f
+SHA512 (libp11-0.4.7.tar.gz) = 8142b32bee9e6763b506b93be788a4df2b28ae8cb3ad6e11fc53ba3db770d77bdcc0362661c2f906cab1b5afc2828019f3d0f0b9d898414c0d6266201b7e08e6