-#
-# TODO: consider dropping last optflags.patch hunk and return to SOMAJOR (.so.1) sonames
+# TODO
+# - consider dropping last optflags.patch hunk and return to SOMAJOR (.so.1) sonames
#
# Conditional build:
%bcond_without tests # don't perform "make tests"
+%bcond_without zlib # zlib: note - enables CVE-2012-4929 vulnerability
+%bcond_without sslv2 # SSLv2: note - many flaws http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_2.0
+%bcond_without sslv3 # SSLv3: note - enables CVE-2014-3566 vulnerability
%bcond_with purify # Compile openssl with \-DPURIFY, useful when one wants to
# use valgrind debugger against openssl-linked programs
Summary(ru.UTF-8): Библиотеки и утилиты для соединений через Secure Sockets Layer
Summary(uk.UTF-8): Бібліотеки та утиліти для з'єднань через Secure Sockets Layer
Name: openssl
-Version: 1.0.1c
-Release: 1
+Version: 1.0.1j
+Release: 3
License: Apache-like
Group: Libraries
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
-# Source0-md5: ae412727c8c15b67880aef7bd2999b2e
+# Source0-md5: f7175c9cd3c39bb1907ac8bba9df8ed3
Source2: %{name}.1.pl
Source3: %{name}-ssl-certificate.sh
Source4: %{name}-c_rehash.sh
Patch5: %{name}-asflag.patch
Patch6: %{name}-ca-certificates.patch
Patch7: %{name}-ldflags.patch
+Patch8: %{name}-find.patch
+# from debian
+Patch10: default_bits.patch
+Patch11: pic.patch
+Patch12: stddef.patch
+Patch13: openssl_fix_for_x32.patch
URL: http://www.openssl.org/
BuildRequires: bc
BuildRequires: perl-devel >= 1:5.6.1
Obsoletes: SSLeay-devel
Obsoletes: SSLeay-perl
Obsoletes: libopenssl0
+%if "%{pld_release}" != "ac"
+Conflicts: neon < 0.29.6-8
+Conflicts: openssh-clients < 2:6.2p2-3
+Conflicts: openssh-server < 2:6.2p2-3
+%endif
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
%description
- Broadcom uBSec
In addition, dynamic binding to external ENGINE implementations is now
-provided by a special ENGINE called "dynamic".
+provided by a special ENGINE called "dynamic".
%description engines -l pl.UTF-8
Począwszy od OpenSSL-a 0.9.6 został dodany nowy komponent, mający
wspierać alternatywne implementacje kryptografii, przeważnie
współpracujące z zewnętrznymi urządzeniami kryptograficznymi (np.
-kartami akceleratorów). Komponent ten jest nazywany SILNIKIEM
-(ang. ENGINE).
+kartami akceleratorów). Komponent ten jest nazywany SILNIKIEM (ang.
+ENGINE).
Obecnie istnieją wbudowane implementacje silników dla następujących
urządzeń kryptograficznych:
%patch5 -p1
%patch6 -p1
%patch7 -p1
+%patch8 -p1
+%patch10 -p1
+%patch11 -p1
+%patch12 -p1
+%patch13 -p1
sed -i -e 's|\$prefix/\$libdir/engines|/%{_lib}/engines|g' Configure
OPTFLAGS="%{rpmcflags} %{rpmcppflags} %{?with_purify:-DPURIFY}" \
PERL="%{__perl}" \
%{__perl} ./Configure \
-%if "%{pld_release}" == "ti"
- --openssldir=%{_var}/lib/%{name} \
-%else
--openssldir=%{_sysconfdir}/%{name} \
-%endif
--libdir=%{_lib} \
shared \
threads \
- zlib \
- enable-tlsext \
- enable-seed \
- enable-rfc3779 \
+ %{!?with_sslv2:no-ssl2} \
+ %{!?with_sslv3:no-ssl3} \
+ %{!?with_zlib:no-}zlib \
enable-camelia \
enable-cms \
enable-idea \
- enable-mdc2 \
enable-md2 \
+ enable-mdc2 \
enable-rc5 \
+ enable-rfc3779 \
+ enable-seed \
+ enable-tlsext \
+%ifarch %{x8664}
+ enable-ec_nistp_64_gcc_128 \
+%endif
%ifarch %{ix86}
%ifarch i386
386 linux-elf
%ifarch %{x8664}
linux-x86_64
%endif
+%ifarch x32
+ linux-x32
+%endif
%ifarch ia64
linux-ia64
%endif
$RPM_BUILD_ROOT/%{_lib}/engines \
$RPM_BUILD_ROOT%{_pkgconfigdir}
-%{__make} install \
+%{__make} -j1 install \
INSTALLTOP=%{_prefix} \
INSTALL_PREFIX=$RPM_BUILD_ROOT \
MANDIR=%{_mandir}
ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libcrypto.*.*) $RPM_BUILD_ROOT%{_libdir}/libcrypto.so
ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libssl.*.*) $RPM_BUILD_ROOT%{_libdir}/libssl.so
-%if "%{pld_release}" == "ti"
-ln -sf %{_var}/lib/%{name}/%{name}.cnf \
- $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/openssl.cnf
-ln -sf %{_var}/lib/%{name}/certs \
- $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/certs
-ln -sf %{_var}/lib/%{name}/private \
- $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/private
-mv -f $RPM_BUILD_ROOT%{_var}/lib/%{name}/misc/* $RPM_BUILD_ROOT%{_libdir}/%{name}
-rm -rf $RPM_BUILD_ROOT%{_var}/lib/%{name}/misc
-%else
mv -f $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc/* $RPM_BUILD_ROOT%{_libdir}/%{name}
rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc
-%endif
# not installed as individual utilities (see openssl dgst instead)
-%{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/{md2,md4,md5,mdc2,ripemd160,sha,sha1}.1
+%{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/{dss1,md2,md4,md5,mdc2,ripemd160,sha,sha1,sha224,sha256,sha384,sha512}.1
cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_mandir}/pl/man1/openssl.1
install -p %{SOURCE3} $RPM_BUILD_ROOT%{_bindir}/ssl-certificate
# the hashing format has changed in 1.0.0
[ ! -x %{_sbindir}/update-ca-certificates ] || %{_sbindir}/update-ca-certificates --fresh || :
-%if "%{pld_release}" == "ti"
-%triggerin -- %{name}-tools < 0.9.8i-2
-if [ -L /var/lib/openssl/openssl.cnf ] ; then
- echo "Saving old configuration as /var/lib/openssl/openssl.cnf.rpmsave"
- rm /var/lib/openssl/openssl.cnf
- mv %{_sysconfdir}/%{name}/openssl.cnf /var/lib/openssl/openssl.cnf.rpmsave 2>/dev/null || :
-fi
-%else
%triggerpostun -- %{name} < 0.9.8i-2
# don't do anything on --downgrade
if [ $1 -le 1 ]; then
rmdir /var/lib/openssl/* 2>/dev/null || :
rmdir /var/lib/openssl 2>/dev/null || :
fi
-%endif
%files
%defattr(644,root,root,755)
%doc doc/openssl_button.gif doc/openssl_button.html
%attr(755,root,root) /%{_lib}/libcrypto.so.*.*.*
%attr(755,root,root) /%{_lib}/libssl.so.*.*.*
-%if "%{pld_release}" == "ti"
-%dir %{_var}/lib/%{name}
-%dir %{_var}/lib/%{name}/certs
-%dir %{_var}/lib/%{name}/private
-%dir %{_sysconfdir}/%{name}
-%attr(755,root,root) %{_sysconfdir}/%{name}/certs
-%attr(755,root,root) %{_sysconfdir}/%{name}/private
-%else
%dir %{_sysconfdir}/%{name}
%dir %{_sysconfdir}/%{name}/certs
%dir %{_sysconfdir}/%{name}/private
-%endif
%dir %{_datadir}/ssl
%files engines
+%defattr(644,root,root,755)
%dir /%{_lib}/engines
%attr(755,root,root) /%{_lib}/engines/*.so
%files tools
%defattr(644,root,root,755)
-%if "%{pld_release}" == "ti"
-%{_sysconfdir}/%{name}/openssl.cnf
-%config(noreplace) %verify(not md5 mtime size) %{_var}/lib/%{name}/openssl.cnf
-%else
%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/openssl.cnf
-%endif
%attr(755,root,root) %{_bindir}/c_rehash.sh
%attr(755,root,root) %{_bindir}/openssl
%attr(754,root,root) %{_bindir}/ssl-certificate
%attr(755,root,root) %{_libdir}/%{name}/CA.pl
%attr(755,root,root) %{_libdir}/%{name}/tsget
%{_mandir}/man1/openssl_CA.pl.1*
+%{_mandir}/man1/openssl_c_rehash.1*
%files devel
%defattr(644,root,root,755)
projects / packages / openssl.git / blobdiff