- fix for CVE-2007-3108

[packages/openssl.git] / openssl.spec

diff --git a/openssl.spec b/openssl.spec
index 7e32e51282def5eb3abc151424551eb17432981f..1101a94166a71a66e3be13d0c124bfb4b9260a1e 100644 (file)
--- a/openssl.spec
+++ b/openssl.spec
@@ -1,3 +1,8 @@
+#
+# Conditional build:
+%bcond_with purify     # Compile openssl with \-DPURIFY, usefull when one wants to
+                       # use valgrind debugger against openssl-linked programs
+#
 %include       /usr/lib/rpm/macros.perl
 Summary:       OpenSSL Toolkit libraries for the "Secure Sockets Layer" (SSL v2/v3)
 Summary(de):   Secure Sockets Layer (SSL)-Kommunikationslibrary
@@ -8,12 +13,12 @@ Summary(pt_BR):      Uma biblioteca C que fornece v
 Summary(ru):   âÉÂÌÉÏÔÅËÉ É ÕÔÉÌÉÔÙ ÄÌÑ ÓÏÅÄÉÎÅÎÉÊ ÞÅÒÅÚ Secure Sockets Layer
 Summary(uk):   â¦Â̦ÏÔÅËÉ ÔÁ ÕÔÉ̦ÔÉ ÄÌÑ Ú'¤ÄÎÁÎØ ÞÅÒÅÚ Secure Sockets Layer
 Name:          openssl
-Version:       0.9.7d
+Version:       0.9.7l
 Release:       3
 License:       Apache-style License
 Group:         Libraries
 Source0:       ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
-# Source0-md5: 1b49e90fc8a75c3a507c0a624529aca5
+# Source0-md5: b21d6e10817ddeccf5fbe1379987333e
 Source1:       %{name}-ca-bundle.crt
 Source2:       %{name}.1.pl
 Source3:       %{name}-ssl-certificate.sh
@@ -21,15 +26,19 @@ Patch0:             %{name}-alpha-ccc.patch
 Patch1:                %{name}-optflags.patch
 Patch2:                %{name}-globalCA.diff
 Patch3:                %{name}-include.patch
-Patch4:                %{name}-smime.patch
+Patch4:                %{name}-md5-sparcv9.patch
+Patch5:                %{name}-ssl-algs.patch
+Patch6:                %{name}-CVE-2007-3108.patch
 URL:           http://www.openssl.org/
 BuildRequires: perl-devel >= 1:5.6.1
 BuildRequires: rpm-perlprov >= 4.1-13
-BuildRoot:     %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
+BuildRequires: rpmbuild(macros) >= 1.213
+BuildRequires: sed >= 4.0
 Obsoletes:     SSLeay
 Obsoletes:     SSLeay-devel
 Obsoletes:     SSLeay-perl
 Obsoletes:     libopenssl0
+BuildRoot:     %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
 
 %description
 The OpenSSL Project is a collaborative effort to develop a robust,
@@ -126,7 +135,7 @@ Development part of OpenSSL library.
 Bibliotecas y archivos de inclusión para desarrollo OpenSSL
 
 %description devel -l pl
-Czê¶æ bibiloteki OpenSSL przeznaczona dla programistów.
+Czê¶æ biblioteki OpenSSL przeznaczona dla programistów.
 
 %description devel -l pt_BR
 Uma biblioteca C que fornece vários algoritmos e protocolos
@@ -182,6 +191,12 @@ RC4, RSA 
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
+%patch6 -p1
+
+# conflicts with i386-only DES implementation
+# (missing #ifdef OPENSSL_FIPS  ...  #endif)
+:> fips-1.0/des/asm/fips-dx86-elf.s
 
 %build
 %{__perl} -pi -e 's#%{_prefix}/local/bin/perl#%{__perl}#g' \
@@ -191,27 +206,37 @@ touch Makefile.*
 
 %{__perl} util/perlpath.pl %{__perl}
 
-OPTFLAGS="%{rpmcflags}"
+OPTFLAGS="%{rpmcflags} %{?with_purify:-DPURIFY}"
 export OPTFLAGS
 %ifarch %{ix86}
-%ifarch i386 i486
+%ifarch i386
+# allow running on 80386 (default code uses bswapl available on i486+)
 ./Configure --openssldir=%{_var}/lib/%{name} linux-elf shared 386
 %else
 ./Configure --openssldir=%{_var}/lib/%{name} linux-elf shared
 %endif
 %endif
-%ifarch amd64
+%ifarch alpha
+./Configure --openssldir=%{_var}/lib/%{name} threads linux-alpha+bwx-gcc shared
+%endif
+%ifarch %{x8664}
 ./Configure --openssldir=%{_var}/lib/%{name} linux-x86_64 shared
 %endif
+%ifarch ia64
+./Configure --openssldir=%{_var}/lib/%{name} linux-ia64 shared
+%endif
 %ifarch ppc
 ./Configure --openssldir=%{_var}/lib/%{name} linux-ppc shared
 %endif
-%ifarch alpha
-./Configure --openssldir=%{_var}/lib/%{name} threads linux-alpha+bwx-gcc shared
-%endif
 %ifarch sparc
 ./Configure --openssldir=%{_var}/lib/%{name} threads linux-sparcv8 shared
 %endif
+%ifarch sparcv9
+./Configure --openssldir=%{_var}/lib/%{name} threads linux-sparcv9 shared
+%endif
+%ifarch sparc64
+./Configure --openssldir=%{_var}/lib/%{name} threads linux64-sparcv9 shared
+%endif
 
 %{__make} \
        CC="%{__cc}" \
@@ -281,6 +306,7 @@ install -d $RPM_BUILD_ROOT{%{_sysconfdir}/%{name},%{_libdir}/%{name}} \
        $RPM_BUILD_ROOT%{_pkgconfigdir}
 
 %{__make} install \
+       CC="%{__cc}" \
        INSTALLTOP=%{_prefix} \
        INSTALL_PREFIX=$RPM_BUILD_ROOT \
        MANDIR=%{_mandir}
@@ -289,6 +315,7 @@ if [ "%{_prefix}/lib/pkgconfig" != "%{_pkgconfigdir}" ] ; then
        mv $RPM_BUILD_ROOT%{_prefix}/lib/pkgconfig/* \
                $RPM_BUILD_ROOT%{_pkgconfigdir}
 fi
+sed -i -e 's,^libdir=.*,libdir=%{_libdir},' $RPM_BUILD_ROOT%{_pkgconfigdir}/*.pc
 
 install %{SOURCE1} $RPM_BUILD_ROOT%{_datadir}/ssl/ca-bundle.crt
 install libcrypto.a libssl.a $RPM_BUILD_ROOT%{_libdir}
@@ -303,8 +330,6 @@ ln -s %{_sysconfdir}/%{name}/openssl.cnf \
 mv -f $RPM_BUILD_ROOT%{_var}/lib/%{name}/misc/* $RPM_BUILD_ROOT%{_libdir}/%{name}
 rm -rf $RPM_BUILD_ROOT%{_var}/lib/%{name}/misc
 
-mv -f $RPM_BUILD_ROOT%{_bindir}/c_rehash $RPM_BUILD_ROOT%{_libdir}/%{name}
-
 find $RPM_BUILD_ROOT%{_mandir} -type f | xargs rm -f
 install doc/apps/*.1 $RPM_BUILD_ROOT%{_mandir}/man1
 install doc/apps/*.5 $RPM_BUILD_ROOT%{_mandir}/man5
@@ -312,6 +337,7 @@ install doc/ssl/*.3 doc/crypto/*.3 $RPM_BUILD_ROOT%{_mandir}/man3
 install doc/crypto/*.7 $RPM_BUILD_ROOT%{_mandir}/man7
 install %{SOURCE2} $RPM_BUILD_ROOT%{_mandir}/pl/man1/openssl.1
 install %{SOURCE3} $RPM_BUILD_ROOT%{_bindir}/ssl-certificate
+install fips-1.0/openssl_fips_fingerprint $RPM_BUILD_ROOT%{_bindir}
 
 %clean
 rm -rf $RPM_BUILD_ROOT
@@ -321,24 +347,27 @@ rm -rf $RPM_BUILD_ROOT
 
 %files
 %defattr(644,root,root,755)
-%attr(755,root,root) %{_libdir}/lib*.so.*.*
 %doc CHANGES CHANGES.SSLeay LICENSE NEWS README doc/*.txt
 %doc doc/openssl_button.gif doc/openssl_button.html
+%attr(755,root,root) %{_libdir}/libcrypto.so.*.*.*
+%attr(755,root,root) %{_libdir}/libssl.so.*.*.*
 %dir %{_var}/lib/%{name}
 %dir %{_var}/lib/%{name}/certs
 %dir %{_var}/lib/%{name}/private
+%dir %{_datadir}/ssl
+%config(noreplace) %verify(not md5 mtime size) %{_datadir}/ssl/ca-bundle.crt
 
 %files tools
 %defattr(644,root,root,755)
 %dir %{_sysconfdir}/%{name}
 
-%verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/%{name}/openssl.cnf
-%verify(not md5 size mtime) %config(noreplace) %{_var}/lib/%{name}/openssl.cnf
-%dir %{_datadir}/ssl
-%verify(not md5 size mtime) %config(noreplace) %{_datadir}/ssl/ca-bundle.crt
+%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/openssl.cnf
+%config(noreplace) %verify(not md5 mtime size) %{_var}/lib/%{name}/openssl.cnf
 
 %attr(755,root,root) %{_bindir}/%{name}
+%attr(755,root,root) %{_bindir}/openssl_fips_fingerprint
 %attr(754,root,root) %{_bindir}/ssl-certificate
+
 %dir %{_libdir}/%{name}
 %attr(755,root,root) %{_libdir}/%{name}/CA.sh
 %attr(755,root,root) %{_libdir}/%{name}/c_hash
@@ -357,6 +386,7 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man1/openssl_dsa.1*
 %{_mandir}/man1/openssl_dsaparam.1*
 %{_mandir}/man1/openssl_enc.1*
+%{_mandir}/man1/openssl_errstr.1*
 %{_mandir}/man1/openssl_gendsa.1*
 %{_mandir}/man1/openssl_genrsa.1*
 %{_mandir}/man1/openssl_nseq.1*
@@ -385,13 +415,13 @@ rm -rf $RPM_BUILD_ROOT
 %files tools-perl
 %defattr(644,root,root,755)
 %attr(755,root,root) %{_libdir}/%{name}/CA.pl
-%attr(755,root,root) %{_libdir}/%{name}/der_chop
-%attr(755,root,root) %{_libdir}/%{name}/c_rehash
+%attr(755,root,root) %{_bindir}/c_rehash
 %{_mandir}/man1/openssl_CA.pl.1*
 
 %files devel
 %defattr(644,root,root,755)
-%attr(755,root,root) %{_libdir}/lib*.so
+%attr(755,root,root) %{_libdir}/libcrypto.so
+%attr(755,root,root) %{_libdir}/libssl.so
 %{_includedir}/%{name}
 %{_pkgconfigdir}/openssl.pc
 %{_mandir}/man3/openssl*.3*