-#
-# TODO: consider dropping last optflags.patch hunk and return to SOMAJOR (.so.1) sonames
+# TODO
+# - consider dropping last optflags.patch hunk and return to SOMAJOR (.so.1) sonames
+# - find a way to simplify (drop) openssl-optflags.patch, it's pain to update here in pld
#
# Conditional build:
%bcond_without tests # don't perform "make tests"
-%bcond_with purify # Compile openssl with \-DPURIFY, useful when one wants to
+%bcond_without zlib # zlib: note - enables CVE-2012-4929 vulnerability
+%bcond_without sslv2 # SSLv2: note - many flaws http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_2.0
+%bcond_without sslv3 # SSLv3: note - enables CVE-2014-3566 vulnerability
+%bcond_with purify # Compile openssl with "-DPURIFY", useful when one wants to
# use valgrind debugger against openssl-linked programs
%include /usr/lib/rpm/macros.perl
Summary(ru.UTF-8): Библиотеки и утилиты для соединений через Secure Sockets Layer
Summary(uk.UTF-8): Бібліотеки та утиліти для з'єднань через Secure Sockets Layer
Name: openssl
-Version: 1.0.0g
+# 1.0.2 will be LTS release
+# Version 1.0.2 will be supported until 2019-12-31.
+# https://www.openssl.org/about/releasestrat.html
+Version: 1.0.2e
Release: 1
License: Apache-like
Group: Libraries
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
-# Source0-md5: 07ecbe4324f140d157478637d6beccf1
+# Source0-md5: 2218c1a6f807f7206c11eb3ee3a5ec80
Source2: %{name}.1.pl
Source3: %{name}-ssl-certificate.sh
Source4: %{name}-c_rehash.sh
Patch0: %{name}-alpha-ccc.patch
Patch1: %{name}-optflags.patch
-Patch2: %{name}-globalCA.diff
-Patch3: %{name}-include.patch
-Patch4: %{name}-man-namespace.patch
-Patch5: %{name}-asflag.patch
-Patch6: %{name}-ca-certificates.patch
-Patch7: %{name}-ldflags.patch
+Patch2: %{name}-include.patch
+Patch3: %{name}-man-namespace.patch
+Patch4: %{name}-asflag.patch
+Patch5: %{name}-ca-certificates.patch
+Patch6: %{name}-ldflags.patch
+Patch7: %{name}-find.patch
+Patch8: pic.patch
+Patch10: %{name}_fix_for_x32.patch
URL: http://www.openssl.org/
BuildRequires: bc
BuildRequires: perl-devel >= 1:5.6.1
Obsoletes: SSLeay-devel
Obsoletes: SSLeay-perl
Obsoletes: libopenssl0
+%if "%{pld_release}" == "ac"
+Conflicts: neon < 0.26.3-3
+Conflicts: ntpd < 4.2.4p8-10
+Conflicts: openssh-clients < 2:5.8p1-9
+Conflicts: openssh-server < 2:5.8p1-9
+%else
+Conflicts: neon < 0.29.6-8
+Conflicts: openssh-clients < 2:6.2p2-3
+Conflicts: openssh-server < 2:6.2p2-3
+%endif
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
%description
- Broadcom uBSec
In addition, dynamic binding to external ENGINE implementations is now
-provided by a special ENGINE called "dynamic".
+provided by a special ENGINE called "dynamic".
%description engines -l pl.UTF-8
Począwszy od OpenSSL-a 0.9.6 został dodany nowy komponent, mający
wspierać alternatywne implementacje kryptografii, przeważnie
współpracujące z zewnętrznymi urządzeniami kryptograficznymi (np.
-kartami akceleratorów). Komponent ten jest nazywany SILNIKIEM
-(ang. ENGINE).
+kartami akceleratorów). Komponent ten jest nazywany SILNIKIEM (ang.
+ENGINE).
Obecnie istnieją wbudowane implementacje silników dla następujących
urządzeń kryptograficznych:
%patch5 -p1
%patch6 -p1
%patch7 -p1
-
-%{__perl} -pi -e 's#%{_prefix}/local/bin/perl#%{__perl}#g' \
- `grep -l -r "%{_prefix}/local/bin/perl" *`
+%patch8 -p1
+%patch10 -p1
sed -i -e 's|\$prefix/\$libdir/engines|/%{_lib}/engines|g' Configure
+# fix packaging error
+# https://github.com/openssl/openssl/issues/491
+ln -s . test/openssl-1.0.2e
+
+# also pod2man missing
+# https://github.com/openssl/openssl/issues/490
+
%build
touch Makefile.*
%{__perl} util/perlpath.pl %{__perl}
OPTFLAGS="%{rpmcflags} %{rpmcppflags} %{?with_purify:-DPURIFY}" \
-./Configure \
-%if "%{pld_release}" == "ti"
- --openssldir=%{_var}/lib/%{name} \
-%else
+PERL="%{__perl}" \
+%{__perl} ./Configure \
--openssldir=%{_sysconfdir}/%{name} \
-%endif
--libdir=%{_lib} \
shared \
threads \
- zlib \
- enable-tlsext \
- enable-seed \
- enable-rfc3779 \
+ %{!?with_sslv2:no-ssl2} \
+ %{!?with_sslv3:no-ssl3} \
+ %{!?with_zlib:no-}zlib \
enable-camelia \
enable-cms \
enable-idea \
- enable-mdc2 \
enable-md2 \
+ enable-mdc2 \
enable-rc5 \
+ enable-rfc3779 \
+ enable-seed \
+ enable-tlsext \
+%ifarch %{x8664}
+ enable-ec_nistp_64_gcc_128 \
+%endif
%ifarch %{ix86}
%ifarch i386
386 linux-elf
%ifarch %{x8664}
linux-x86_64
%endif
+%ifarch x32
+ linux-x32
+%endif
%ifarch ia64
linux-ia64
%endif
$RPM_BUILD_ROOT/%{_lib}/engines \
$RPM_BUILD_ROOT%{_pkgconfigdir}
-%{__make} install \
+%{__make} -j1 install \
INSTALLTOP=%{_prefix} \
INSTALL_PREFIX=$RPM_BUILD_ROOT \
MANDIR=%{_mandir}
ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libcrypto.*.*) $RPM_BUILD_ROOT%{_libdir}/libcrypto.so
ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libssl.*.*) $RPM_BUILD_ROOT%{_libdir}/libssl.so
-%if "%{pld_release}" == "ti"
-ln -sf %{_var}/lib/%{name}/%{name}.cnf \
- $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/openssl.cnf
-ln -sf %{_var}/lib/%{name}/certs \
- $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/certs
-ln -sf %{_var}/lib/%{name}/private \
- $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/private
-mv -f $RPM_BUILD_ROOT%{_var}/lib/%{name}/misc/* $RPM_BUILD_ROOT%{_libdir}/%{name}
-rm -rf $RPM_BUILD_ROOT%{_var}/lib/%{name}/misc
-%else
mv -f $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc/* $RPM_BUILD_ROOT%{_libdir}/%{name}
rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc
-%endif
# not installed as individual utilities (see openssl dgst instead)
-%{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/{md2,md4,md5,mdc2,ripemd160,sha,sha1}.1
+%{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/{dss1,md2,md4,md5,mdc2,ripemd160,sha,sha1,sha224,sha256,sha384,sha512}.1
cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_mandir}/pl/man1/openssl.1
install -p %{SOURCE3} $RPM_BUILD_ROOT%{_bindir}/ssl-certificate
# the hashing format has changed in 1.0.0
[ ! -x %{_sbindir}/update-ca-certificates ] || %{_sbindir}/update-ca-certificates --fresh || :
-%if "%{pld_release}" == "ti"
-%triggerin -- %{name}-tools < 0.9.8i-2
-if [ -L /var/lib/openssl/openssl.cnf ] ; then
- echo "Saving old configuration as /var/lib/openssl/openssl.cnf.rpmsave"
- rm /var/lib/openssl/openssl.cnf
- mv %{_sysconfdir}/%{name}/openssl.cnf /var/lib/openssl/openssl.cnf.rpmsave 2>/dev/null || :
-fi
-%else
%triggerpostun -- %{name} < 0.9.8i-2
+# don't do anything on --downgrade
+if [ $1 -le 1 ]; then
+ exit 0
+fi
if [ -d /var/lib/openssl/certs ] ; then
mv /var/lib/openssl/certs/* %{_sysconfdir}/%{name}/certs 2>/dev/null || :
fi
for f in /var/lib/openssl/* ; do
[ -f "$f" ] && mv "$f" %{_sysconfdir}/%{name} 2>/dev/null || :
done
+ rmdir /var/lib/openssl/* 2>/dev/null || :
+ rmdir /var/lib/openssl 2>/dev/null || :
fi
-%endif
%files
%defattr(644,root,root,755)
%doc doc/openssl_button.gif doc/openssl_button.html
%attr(755,root,root) /%{_lib}/libcrypto.so.*.*.*
%attr(755,root,root) /%{_lib}/libssl.so.*.*.*
-%if "%{pld_release}" == "ti"
-%dir %{_var}/lib/%{name}
-%dir %{_var}/lib/%{name}/certs
-%dir %{_var}/lib/%{name}/private
-%dir %{_sysconfdir}/%{name}
-%attr(755,root,root) %{_sysconfdir}/%{name}/certs
-%attr(755,root,root) %{_sysconfdir}/%{name}/private
-%else
%dir %{_sysconfdir}/%{name}
%dir %{_sysconfdir}/%{name}/certs
%dir %{_sysconfdir}/%{name}/private
-%endif
%dir %{_datadir}/ssl
%files engines
+%defattr(644,root,root,755)
%dir /%{_lib}/engines
%attr(755,root,root) /%{_lib}/engines/*.so
%files tools
%defattr(644,root,root,755)
-%if "%{pld_release}" == "ti"
-%{_sysconfdir}/%{name}/openssl.cnf
-%config(noreplace) %verify(not md5 mtime size) %{_var}/lib/%{name}/openssl.cnf
-%else
%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/openssl.cnf
-%endif
%attr(755,root,root) %{_bindir}/c_rehash.sh
%attr(755,root,root) %{_bindir}/openssl
%attr(754,root,root) %{_bindir}/ssl-certificate
%attr(755,root,root) %{_libdir}/%{name}/CA.pl
%attr(755,root,root) %{_libdir}/%{name}/tsget
%{_mandir}/man1/openssl_CA.pl.1*
+%{_mandir}/man1/openssl_c_rehash.1*
%files devel
%defattr(644,root,root,755)
%files static
%defattr(644,root,root,755)
-%{_libdir}/lib*.a
+%{_libdir}/libcrypto.a
+%{_libdir}/libssl.a