-#
-# TODO: consider dropping last optflags.patch hunk and return to SOMAJOR (.so.1) sonames
+# TODO
+# - consider dropping last optflags.patch hunk and return to SOMAJOR (.so.1) sonames
#
# Conditional build:
%bcond_without tests # don't perform "make tests"
+%bcond_without zlib # zlib: note - enables CVE-2012-4929 vulnerability
+%bcond_without sslv2 # SSLv2: note - many flaws http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_2.0
+%bcond_without sslv3 # SSLv3: note - enables CVE-2014-3566 vulnerability
%bcond_with purify # Compile openssl with \-DPURIFY, useful when one wants to
# use valgrind debugger against openssl-linked programs
Summary(ru.UTF-8): Библиотеки и утилиты для соединений через Secure Sockets Layer
Summary(uk.UTF-8): Бібліотеки та утиліти для з'єднань через Secure Sockets Layer
Name: openssl
-Version: 1.0.1e
-Release: 2
+Version: 1.0.2a
+Release: 1
License: Apache-like
Group: Libraries
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
-# Source0-md5: 66bf6f10f060d561929de96f9dfe5b8c
+# Source0-md5: a06c547dac9044161a477211049f60ef
Source2: %{name}.1.pl
Source3: %{name}-ssl-certificate.sh
Source4: %{name}-c_rehash.sh
Patch0: %{name}-alpha-ccc.patch
Patch1: %{name}-optflags.patch
-Patch2: %{name}-globalCA.diff
-Patch3: %{name}-include.patch
-Patch4: %{name}-man-namespace.patch
-Patch5: %{name}-asflag.patch
-Patch6: %{name}-ca-certificates.patch
-Patch7: %{name}-ldflags.patch
-
-# from debian
-Patch10: aesni-mac.patch
-Patch11: cpuid.patch
-Patch12: default_bits.patch
-Patch13: dtls_version.patch
-Patch14: get_certificate.patch
-Patch15: pic.patch
-Patch16: stddef.patch
-
+Patch2: %{name}-include.patch
+Patch3: %{name}-man-namespace.patch
+Patch4: %{name}-asflag.patch
+Patch5: %{name}-ca-certificates.patch
+Patch6: %{name}-ldflags.patch
+Patch7: %{name}-find.patch
+Patch8: pic.patch
+Patch10: %{name}_fix_for_x32.patch
URL: http://www.openssl.org/
BuildRequires: bc
BuildRequires: perl-devel >= 1:5.6.1
Obsoletes: SSLeay-devel
Obsoletes: SSLeay-perl
Obsoletes: libopenssl0
+%if "%{pld_release}" != "ac"
+Conflicts: neon < 0.29.6-8
+Conflicts: openssh-clients < 2:6.2p2-3
+Conflicts: openssh-server < 2:6.2p2-3
+%endif
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
%description
- Broadcom uBSec
In addition, dynamic binding to external ENGINE implementations is now
-provided by a special ENGINE called "dynamic".
+provided by a special ENGINE called "dynamic".
%description engines -l pl.UTF-8
Począwszy od OpenSSL-a 0.9.6 został dodany nowy komponent, mający
wspierać alternatywne implementacje kryptografii, przeważnie
współpracujące z zewnętrznymi urządzeniami kryptograficznymi (np.
-kartami akceleratorów). Komponent ten jest nazywany SILNIKIEM
-(ang. ENGINE).
+kartami akceleratorów). Komponent ten jest nazywany SILNIKIEM (ang.
+ENGINE).
Obecnie istnieją wbudowane implementacje silników dla następujących
urządzeń kryptograficznych:
%patch5 -p1
%patch6 -p1
%patch7 -p1
-
+%patch8 -p1
%patch10 -p1
-%patch11 -p1
-%patch12 -p1
-%patch13 -p1
-%patch14 -p1
-%patch15 -p1
-%patch16 -p1
sed -i -e 's|\$prefix/\$libdir/engines|/%{_lib}/engines|g' Configure
--libdir=%{_lib} \
shared \
threads \
- zlib \
- enable-tlsext \
- enable-seed \
- enable-rfc3779 \
+ %{!?with_sslv2:no-ssl2} \
+ %{!?with_sslv3:no-ssl3} \
+ %{!?with_zlib:no-}zlib \
enable-camelia \
enable-cms \
enable-idea \
- enable-mdc2 \
enable-md2 \
+ enable-mdc2 \
enable-rc5 \
+ enable-rfc3779 \
+ enable-seed \
+ enable-tlsext \
+%ifarch %{x8664}
+ enable-ec_nistp_64_gcc_128 \
+%endif
%ifarch %{ix86}
%ifarch i386
386 linux-elf
%ifarch %{x8664}
linux-x86_64
%endif
+%ifarch x32
+ linux-x32
+%endif
%ifarch ia64
linux-ia64
%endif
rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc
# not installed as individual utilities (see openssl dgst instead)
-%{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/{md2,md4,md5,mdc2,ripemd160,sha,sha1}.1
+%{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/{dss1,md2,md4,md5,mdc2,ripemd160,sha,sha1,sha224,sha256,sha384,sha512}.1
cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_mandir}/pl/man1/openssl.1
install -p %{SOURCE3} $RPM_BUILD_ROOT%{_bindir}/ssl-certificate
%dir %{_datadir}/ssl
%files engines
+%defattr(644,root,root,755)
%dir /%{_lib}/engines
%attr(755,root,root) /%{_lib}/engines/*.so
%attr(755,root,root) %{_libdir}/%{name}/CA.pl
%attr(755,root,root) %{_libdir}/%{name}/tsget
%{_mandir}/man1/openssl_CA.pl.1*
+%{_mandir}/man1/openssl_c_rehash.1*
%files devel
%defattr(644,root,root,755)