#
# Conditional build:
%bcond_without tests # don't perform "make tests"
+%bcond_without zlib # zlib: note - enables CVE-2012-4929 vulnerability
+%bcond_without sslv2 # SSLv2: note - many flaws http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_2.0
+%bcond_without sslv3 # SSLv3: note - enables CVE-2014-3566 vulnerability
%bcond_with purify # Compile openssl with \-DPURIFY, useful when one wants to
# use valgrind debugger against openssl-linked programs
Summary(ru.UTF-8): Библиотеки и утилиты для соединений через Secure Sockets Layer
Summary(uk.UTF-8): Бібліотеки та утиліти для з'єднань через Secure Sockets Layer
Name: openssl
-Version: 1.0.1j
+Version: 1.0.2a
Release: 1
License: Apache-like
Group: Libraries
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
-# Source0-md5: f7175c9cd3c39bb1907ac8bba9df8ed3
+# Source0-md5: a06c547dac9044161a477211049f60ef
Source2: %{name}.1.pl
Source3: %{name}-ssl-certificate.sh
Source4: %{name}-c_rehash.sh
Patch0: %{name}-alpha-ccc.patch
Patch1: %{name}-optflags.patch
-Patch2: %{name}-globalCA.diff
-Patch3: %{name}-include.patch
-Patch4: %{name}-man-namespace.patch
-Patch5: %{name}-asflag.patch
-Patch6: %{name}-ca-certificates.patch
-Patch7: %{name}-ldflags.patch
-Patch8: %{name}-find.patch
-# from debian
-Patch10: default_bits.patch
-Patch11: pic.patch
-Patch12: stddef.patch
+Patch2: %{name}-include.patch
+Patch3: %{name}-man-namespace.patch
+Patch4: %{name}-asflag.patch
+Patch5: %{name}-ca-certificates.patch
+Patch6: %{name}-ldflags.patch
+Patch7: %{name}-find.patch
+Patch8: pic.patch
+Patch10: %{name}_fix_for_x32.patch
URL: http://www.openssl.org/
BuildRequires: bc
BuildRequires: perl-devel >= 1:5.6.1
Obsoletes: SSLeay-devel
Obsoletes: SSLeay-perl
Obsoletes: libopenssl0
+%if "%{pld_release}" != "ac"
Conflicts: neon < 0.29.6-8
Conflicts: openssh-clients < 2:6.2p2-3
Conflicts: openssh-server < 2:6.2p2-3
+%endif
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
%description
%patch7 -p1
%patch8 -p1
%patch10 -p1
-%patch11 -p1
-%patch12 -p1
sed -i -e 's|\$prefix/\$libdir/engines|/%{_lib}/engines|g' Configure
--libdir=%{_lib} \
shared \
threads \
- zlib \
- enable-tlsext \
- enable-seed \
- enable-rfc3779 \
+ %{!?with_sslv2:no-ssl2} \
+ %{!?with_sslv3:no-ssl3} \
+ %{!?with_zlib:no-}zlib \
enable-camelia \
enable-cms \
enable-idea \
- enable-mdc2 \
enable-md2 \
+ enable-mdc2 \
enable-rc5 \
+ enable-rfc3779 \
+ enable-seed \
+ enable-tlsext \
+%ifarch %{x8664}
+ enable-ec_nistp_64_gcc_128 \
+%endif
%ifarch %{ix86}
%ifarch i386
386 linux-elf
%ifarch %{x8664}
linux-x86_64
%endif
+%ifarch x32
+ linux-x32
+%endif
%ifarch ia64
linux-ia64
%endif
rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc
# not installed as individual utilities (see openssl dgst instead)
-%{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/{md2,md4,md5,mdc2,ripemd160,sha,sha1}.1
+%{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/{dss1,md2,md4,md5,mdc2,ripemd160,sha,sha1,sha224,sha256,sha384,sha512}.1
cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_mandir}/pl/man1/openssl.1
install -p %{SOURCE3} $RPM_BUILD_ROOT%{_bindir}/ssl-certificate
%attr(755,root,root) %{_libdir}/%{name}/CA.pl
%attr(755,root,root) %{_libdir}/%{name}/tsget
%{_mandir}/man1/openssl_CA.pl.1*
+%{_mandir}/man1/openssl_c_rehash.1*
%files devel
%defattr(644,root,root,755)