Up to 1.1.1q (fixes CVE-2022-2097)

[packages/openssl.git] / openssl.spec

diff --git a/openssl.spec b/openssl.spec
index c433de3d88936db7b6d21bc2ee84b00e1fa3a06d..c66b28c938f96b6cde7e6b24869d49ffe02560fb 100644 (file)
--- a/openssl.spec
+++ b/openssl.spec
@@ -3,9 +3,9 @@
 %bcond_without tests   # don't perform "make tests"
 %bcond_without zlib    # zlib: note - enables CVE-2012-4929 vulnerability
 %bcond_with    sslv2   # SSLv2: note - many flaws http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_2.0
-%bcond_with    sslv3   # SSLv3: note - enables  CVE-2014-3566 vulnerability
+%bcond_with    sslv3   # SSLv3: note - enables CVE-2014-3566 vulnerability
+%bcond_with    snap    # use GitHub snapshot to build branch release
 
-%include       /usr/lib/rpm/macros.perl
 Summary:       OpenSSL Toolkit libraries for the "Secure Sockets Layer" (SSL v2/v3)
 Summary(de.UTF-8):     Secure Sockets Layer (SSL)-Kommunikationslibrary
 Summary(es.UTF-8):     Biblioteca C que suministra algoritmos y protocolos criptográficos
@@ -17,26 +17,30 @@ Summary(uk.UTF-8):  Бібліотеки та утиліти для з'єднан
 Name:          openssl
 # Version 1.1.1 is LTS, supported until 2023-09-11.
 # https://www.openssl.org/about/releasestrat.html
-Version:       1.1.1
+Version:       1.1.1q
 Release:       1
 License:       Apache-like
 Group:         Libraries
+%if %{without snap}
 Source0:       https://www.openssl.org/source/%{name}-%{version}.tar.gz
-# Source0-md5: 7079eb017429e0ffb9efb42bf80ccb21
+# Source0-md5: c685d239b6a6e1bd78be45624c092f51
+%else
+Source1:       https://github.com/openssl/openssl/archive/OpenSSL_1_1_1-stable/%{name}-%{version}-dev.tar.gz
+%endif
 Source2:       %{name}.1.pl
 Source3:       %{name}-ssl-certificate.sh
 Source4:       %{name}-c_rehash.sh
 Patch1:                %{name}-optflags.patch
 
 Patch3:                %{name}-man-namespace.patch
-
 Patch5:                %{name}-ca-certificates.patch
-
+Patch6:                %{name}-no-win32.patch
 Patch7:                %{name}-find.patch
 Patch8:                pic.patch
 
 Patch11:       engines-dir.patch
 URL:           http://www.openssl.org/
+BuildRequires: libsctp-devel
 BuildRequires: perl-devel >= 1:5.10.0
 BuildRequires: pkgconfig
 BuildRequires: rpm-perlprov >= 4.1-13
@@ -251,17 +255,15 @@ RC4, RSA и SSL. Включает статические библиотеки д
 %prep
 %if %{with snap}
 %setup -qcT -a1
-%{__mv} %{name}-OpenSSL_1_1_0-stable/* .
+%{__mv} %{name}-OpenSSL_1_1_1-stable/* .
 %else
 %setup -q %{?subver:-n %{name}-%{version}-%{subver}}
 %endif
-
 %patch1 -p1
 
 %patch3 -p1
-
 %patch5 -p1
-
+%patch6 -p1
 %patch7 -p1
 %patch8 -p1
 
@@ -337,13 +339,16 @@ PERL="%{__perl}" \
 v=$(awk -F= '/^VERSION/{print $2}' Makefile)
 test "$v" = %{version}%{?subver:-%{subver}}%{?with_snap:-dev}
 
+# fails with enable-sctp as of 1.1.1
+%{__rm} test/recipes/80-test_ssl_new.t
+
 %{__make} -j1 all %{?with_tests:tests} \
        CC="%{__cc}" \
        OPTFLAGS="%{rpmcflags} %{rpmcppflags}" \
        INSTALLTOP=%{_prefix}
 
 # Rename POD sources of man pages. "openssl-" prefix is added to each
-# manpage to avoid potential conflicts with other packages. 
+# manpage to avoid potential conflicts with other packages.
 # openssl-man-namespace.patch mostly marks these pages with "openssl-" prefix.
 
 for podfile in $(grep -rl '^openssl-' doc/man*); do
@@ -632,6 +637,7 @@ fi
 %{_mandir}/man7/openssl-x509.7*
 %{_mandir}/man7/ossl_store.7*
 %{_mandir}/man7/ossl_store-file.7*
+%{_mandir}/man7/proxy-certificates.7*
 %{_mandir}/man7/RSA-PSS.7.gz
 
 %files static