%bcond_without tests # don't perform "make tests"
%bcond_without zlib # zlib: note - enables CVE-2012-4929 vulnerability
%bcond_with sslv2 # SSLv2: note - many flaws http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_2.0
-%bcond_with sslv3 # SSLv3: note - enables CVE-2014-3566 vulnerability
+%bcond_with sslv3 # SSLv3: note - enables CVE-2014-3566 vulnerability
+%bcond_with snap # use GitHub snapshot to build branch release
-%include /usr/lib/rpm/macros.perl
Summary: OpenSSL Toolkit libraries for the "Secure Sockets Layer" (SSL v2/v3)
Summary(de.UTF-8): Secure Sockets Layer (SSL)-Kommunikationslibrary
Summary(es.UTF-8): Biblioteca C que suministra algoritmos y protocolos criptográficos
Name: openssl
# Version 1.1.1 is LTS, supported until 2023-09-11.
# https://www.openssl.org/about/releasestrat.html
-Version: 1.1.1
+Version: 1.1.1q
Release: 1
License: Apache-like
Group: Libraries
+%if %{without snap}
Source0: https://www.openssl.org/source/%{name}-%{version}.tar.gz
-# Source0-md5: 7079eb017429e0ffb9efb42bf80ccb21
+# Source0-md5: c685d239b6a6e1bd78be45624c092f51
+%else
+Source1: https://github.com/openssl/openssl/archive/OpenSSL_1_1_1-stable/%{name}-%{version}-dev.tar.gz
+%endif
Source2: %{name}.1.pl
Source3: %{name}-ssl-certificate.sh
Source4: %{name}-c_rehash.sh
Patch1: %{name}-optflags.patch
Patch3: %{name}-man-namespace.patch
-
Patch5: %{name}-ca-certificates.patch
-
+Patch6: %{name}-no-win32.patch
Patch7: %{name}-find.patch
Patch8: pic.patch
Patch11: engines-dir.patch
URL: http://www.openssl.org/
+BuildRequires: libsctp-devel
BuildRequires: perl-devel >= 1:5.10.0
BuildRequires: pkgconfig
BuildRequires: rpm-perlprov >= 4.1-13
%prep
%if %{with snap}
%setup -qcT -a1
-%{__mv} %{name}-OpenSSL_1_1_0-stable/* .
+%{__mv} %{name}-OpenSSL_1_1_1-stable/* .
%else
%setup -q %{?subver:-n %{name}-%{version}-%{subver}}
%endif
-
%patch1 -p1
%patch3 -p1
-
%patch5 -p1
-
+%patch6 -p1
%patch7 -p1
%patch8 -p1
v=$(awk -F= '/^VERSION/{print $2}' Makefile)
test "$v" = %{version}%{?subver:-%{subver}}%{?with_snap:-dev}
+# fails with enable-sctp as of 1.1.1
+%{__rm} test/recipes/80-test_ssl_new.t
+
%{__make} -j1 all %{?with_tests:tests} \
CC="%{__cc}" \
OPTFLAGS="%{rpmcflags} %{rpmcppflags}" \
INSTALLTOP=%{_prefix}
# Rename POD sources of man pages. "openssl-" prefix is added to each
-# manpage to avoid potential conflicts with other packages.
+# manpage to avoid potential conflicts with other packages.
# openssl-man-namespace.patch mostly marks these pages with "openssl-" prefix.
for podfile in $(grep -rl '^openssl-' doc/man*); do
%{_mandir}/man7/openssl-x509.7*
%{_mandir}/man7/ossl_store.7*
%{_mandir}/man7/ossl_store-file.7*
+%{_mandir}/man7/proxy-certificates.7*
%{_mandir}/man7/RSA-PSS.7.gz
%files static