trigger improvements

[packages/openssl.git] / openssl.spec

diff --git a/openssl.spec b/openssl.spec
index 239e1682e79b0471e65856f9d8b60e8f62dd2c55..f2324447ced174742ead31bb5e1942bef28d5ac9 100644 (file)
--- a/openssl.spec
+++ b/openssl.spec
@@ -1,20 +1,50 @@
-Summary:       Library and toolkit for the "Secure Sockets Layer" (SSL v2/v3)
-Name:          openssl
-Version:       0.9.2b
-Release:       2
-Group:                 Libraries
-Group(pl):     Biblioteki
-Source:        ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
-Patch0:                openssl-sslcrypto.patch
-Patch1:                openssl-perl.patch
-Patch2:                openssl-shlib.patch
-Vendor:        The OpenSSL Project
-License:       Apache-style License
-BuildPrereq:   perl
-BuildRoot:     /tmp/%{name}-%{version}-root
+#
+# Conditional build:
+%bcond_with purify     # Compile openssl with \-DPURIFY, usefull when one wants to
+                       # use valgrind debugger against openssl-linked programs
+
+%include       /usr/lib/rpm/macros.perl
+Summary:       OpenSSL Toolkit libraries for the "Secure Sockets Layer" (SSL v2/v3)
+Summary(de.UTF-8):     Secure Sockets Layer (SSL)-Kommunikationslibrary
+Summary(es.UTF-8):     Biblioteca C que suministra algoritmos y protocolos criptográficos
+Summary(fr.UTF-8):     Utilitaires de communication SSL (Secure Sockets Layer)
+Summary(pl.UTF-8):     Biblioteki OpenSSL (SSL v2/v3)
+Summary(pt_BR.UTF-8):  Uma biblioteca C que fornece vários algoritmos e protocolos criptográficos
+Summary(ru.UTF-8):     Библиотеки и утилиты для соединений через Secure Sockets Layer
+Summary(uk.UTF-8):     Бібліотеки та утиліти для з'єднань через Secure Sockets Layer
+Name:          openssl
+Version:       0.9.7m
+Release:       7
+License:       Apache-like
+Group:         Libraries
+Source0:       ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
+# Source0-md5: 74a4d1b87e1e6e1ec95dbe58cb4c5b9a
+Source2:       %{name}.1.pl
+Source3:       %{name}-ssl-certificate.sh
+Source4:       %{name}-c_rehash.sh
+Patch0:                %{name}-alpha-ccc.patch
+Patch1:                %{name}-optflags.patch
+Patch2:                %{name}-globalCA.diff
+Patch3:                %{name}-include.patch
+Patch4:                %{name}-md5-sparcv9.patch
+Patch5:                %{name}-ssl-algs.patch
+Patch6:                %{name}-CVE-2007-3108.patch
+Patch7:                %{name}-c_rehash.patch
+Patch15:       %{name}-0.9.8b-cve-2007-5135.patch
+Patch16:       %{name}-0.9.7a-cve-2008-5077.patch
+Patch18:       %{name}-0.9.7a-cve-2009-2409.patch
+#Patch19:      %{name}-0.9.7a-cve-2009-3555.patch
+URL:           http://www.openssl.org/
+BuildRequires: perl-devel >= 1:5.6.1
+BuildRequires: rpm-perlprov >= 4.1-13
+BuildRequires: rpmbuild(macros) >= 1.213
+BuildRequires: sed >= 4.0
+Requires:      ca-certificates >= 20120623-1.1
 Obsoletes:     SSLeay
 Obsoletes:     SSLeay-devel
 Obsoletes:     SSLeay-perl
+Obsoletes:     libopenssl0
+BuildRoot:     %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
 
 %description
 The OpenSSL Project is a collaborative effort to develop a robust,
@@ -24,72 +54,407 @@ v1) protocols with full-strength cryptography world-wide. The project
 is managed by a worldwide community of volunteers that use the
 Internet to communicate, plan, and develop the OpenSSL tookit and its
 related documentation.
-   
+
 OpenSSL is based on the excellent SSLeay library developed by Eric A.
 Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
 Apache-style licence, which basically means that you are free to get
 and use it for commercial and non-commercial purposes subject to some
 simple license conditions.
 
+This package contains shared libraries only, install openssl-tools if
+you want to use openssl cmdline tool.
+
+%description -l de.UTF-8
+Openssl enthält das OpenSSL Zertifikatsmanagementtool und shared
+libraries, die verschiedene Verschlüsselungs- und
+Entschlüsselungsalgorithmen und -protokolle, wie DES, RC4, RSA und SSL
+zur Verfügung stellen.
+
+%description -l es.UTF-8
+Biblioteca C que suministra algoritmos y protocolos criptográficos.
+
+%description -l fr.UTF-8
+OpenSSL est un outiil de gestion des certificats et les librairies
+partagees qui fournit plusieurs protocoles et algorithmes de
+codage/decodage, incluant DES, RC4, RSA et SSL.
+
+%description -l pl.UTF-8
+Implementacja protokołów kryptograficznych Secure Socket Layer (SSL)
+v2/v3 oraz Transport Layer Security (TLS v1).
+
+%description -l pt_BR.UTF-8
+Uma biblioteca C que fornece vários algoritmos e protocolos
+criptográficos, incluindo DES, RC4, RSA e SSL. Inclui bibliotecas
+compartilhadas e utilitários.
+
+%description -l ru.UTF-8
+Программа openssl для работы с сертификатами и разделяемые библиотеки,
+которые реализуют множетсво криптографических алгоритмов, включая DES,
+RC4, RSA и SSL.
+
+%description -l uk.UTF-8
+Програма openssl для роботи з сертифікатами та бібліотеки спільного
+користування, що реалізують велику кількість криптографічних
+алгоритмів, включаючи DES, RC4, RSA та SSL.
+
+%package tools
+Summary:       OpenSSL command line tool and utilities
+Summary(pl.UTF-8):     Zestaw narzędzi i skryptów
+Group:         Applications/Communications
+Requires:      %{name} = %{version}-%{release}
+Requires:      which
+
+%description tools
+The OpenSSL Toolkit cmdline tool openssl and utility scripts.
+
+%description tools -l pl.UTF-8
+Zestaw narzędzi i skryptów wywoływanych z linii poleceń.
+
+%package tools-perl
+Summary:       OpenSSL utilities written in Perl
+Summary(pl.UTF-8):     Narzędzia OpenSSL napisane w perlu
+Group:         Applications/Communications
+Requires:      %{name} = %{version}-%{release}
+
+%description tools-perl
+OpenSSL Toolkit tools written in Perl.
+
+%description tools-perl -l pl.UTF-8
+Narzędzia OpenSSL napisane w perlu.
+
+%package devel
+Summary:       Development part of OpenSSL Toolkit libraries
+Summary(de.UTF-8):     Secure Sockets Layer Kommunikationslibrary: statische libraries+header
+Summary(es.UTF-8):     Bibliotecas y archivos de inclusión para desarrollo OpenSSL
+Summary(fr.UTF-8):     Librairies statiques, headers et utilitaires pour communication SSL
+Summary(pl.UTF-8):     Część bibiloteki OpenSSL przeznaczona dla programistów
+Summary(pt_BR.UTF-8):  Bibliotecas e arquivos de inclusão para desenvolvimento OpenSSL
+Summary(ru.UTF-8):     Библиотеки, хедеры и утилиты для Secure Sockets Layer
+Summary(uk.UTF-8):     Бібліотеки, хедери та утиліти для Secure Sockets Layer
+Group:         Development/Libraries
+Requires:      %{name} = %{version}-%{release}
+Obsoletes:     libopenssl0-devel
+
+%description devel
+Development part of OpenSSL library.
+
+%description devel -l es.UTF-8
+Bibliotecas y archivos de inclusión para desarrollo OpenSSL
+
+%description devel -l pl.UTF-8
+Część biblioteki OpenSSL przeznaczona dla programistów.
+
+%description devel -l pt_BR.UTF-8
+Uma biblioteca C que fornece vários algoritmos e protocolos
+criptográficos, incluindo DES, RC4, RSA e SSL. Inclui bibliotecas e
+arquivos de inclusão para desenvolvimento.
+
+%description devel -l ru.UTF-8
+Программа openssl для работы с сертификатами и разделяемые библиотеки,
+которые реализуют множетсво криптографических алгоритмов, включая DES,
+RC4, RSA и SSL. Включает библиотеки и хедеры для разработки приложений
+с использованием SSL.
+
+%description devel -l uk.UTF-8
+Програма openssl для роботи з сертифікатами та бібліотеки спільного
+користування, що реалізують велику кількість криптографічних
+алгоритмів, включаючи DES, RC4, RSA та SSL. Містить бібліотеки та
+хедери для розробки програм з використанням SSL.
+
+%package static
+Summary:       Static OpenSSL libraries
+Summary(pl.UTF-8):     Statyczne wersje bibliotek z OpenSSL
+Summary(pt_BR.UTF-8):  Bibliotecas estáticas para desenvolvimento com openssl
+Summary(ru.UTF-8):     Статические библиотеки разработчика для OpenSSL
+Summary(uk.UTF-8):     Статичні бібліотеки програміста для OpenSSL
+Group:         Development/Libraries
+Requires:      %{name}-devel = %{version}-%{release}
+
+%description static
+Static OpenSSL Toolkit libraries.
+
+%description static -l pl.UTF-8
+Statyczne wersje bibliotek z OpenSSL.
+
+%description static -l pt_BR.UTF-8
+Bibliotecas estáticas para desenvolvimento com openssl.
+
+%description static -l ru.UTF-8
+Программа openssl для работы с сертификатами и разделяемые библиотеки,
+которые реализуют множетсво криптографических алгоритмов, включая DES,
+RC4, RSA и SSL. Включает статические библиотеки для разработки
+приложений с использованием OpenSSL.
+
+%description static -l uk.UTF-8
+Програма openssl для роботи з сертифікатами та бібліотеки спільного
+користування, що реалізують велику кількість криптографічних
+алгоритмів, включаючи DES, RC4, RSA та SSL. Містить статичні
+бібліотеки для розробки програм з використанням SSL.
+
 %prep
-%setup  -q
+%setup -q
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
+cp -a %{SOURCE4} c_rehash.sh
+%patch7 -p1
+%patch15 -p1
+%patch16 -p1
+%patch18 -p1
+#%patch19 -p1
+
+# conflicts with i386-only DES implementation
+# (missing #ifdef OPENSSL_FIPS  ...  #endif)
+:> fips-1.0/des/asm/fips-dx86-elf.s
 
 %build
-for i in ` echo Configure Makefile.org Makefile.ssl `; do
-        sed -e 's#-m486##g' \
-               -e 's#-O3 -fomit-frame-pointer#%{optflags}#g' \
-               <$i >$i.work
-        mv $i.work $i
+%{__perl} -pi -e 's#%{_prefix}/local/bin/perl#%{__perl}#g' \
+       `grep -l -r "%{_prefix}/local/bin/perl" *`
+
+touch Makefile.*
+
+%{__perl} util/perlpath.pl %{__perl}
+
+OPTFLAGS="%{rpmcflags} %{rpmcppflags} %{?with_purify:-DPURIFY}" \
+./Configure \
+       --openssldir=%{_sysconfdir}/%{name} \
+       shared \
+%ifarch %{ix86}
+%ifarch i386
+       linux-elf 386
+# ^- allow running on 80386 (default code uses bswapl available on i486+)
+%else
+       linux-elf
+%endif
+%endif
+%ifarch alpha
+       threads linux-alpha+bwx-gcc
+%endif
+%ifarch %{x8664}
+       linux-x86_64
+%endif
+%ifarch ia64
+       linux-ia64
+%endif
+%ifarch ppc
+       linux-ppc
+%endif
+%ifarch sparc
+       threads linux-sparcv8
+%endif
+%ifarch sparcv9
+       threads linux-sparcv9
+%endif
+%ifarch sparc64
+       threads linux64-sparcv9
+%endif
+
+%{__make} \
+       CC="%{__cc}" \
+       INSTALLTOP=%{_prefix}
+
+%{__make} rehash \
+       CC="%{__cc}" \
+       INSTALLTOP=%{_prefix}
+
+# Conv PODs to man pages. "openssl_" prefix is added to each manpage
+# to avoid potential conflicts with others packages.
+center="OpenSSL 0.9.7"
+rel="OpenSSL 0.9.7"
+
+cd doc/apps || exit 1
+%{__perl} -pi -e 's/(\W)((?<!openssl_)\w+)(\(\d\))/$1openssl_$2$3/g; s/openssl_openssl/openssl/g;' *.pod;
+
+for pod in *.pod; do
+       if [ $pod != "openssl.pod" ]; then
+               mv -f $pod openssl_$pod;
+               pod=openssl_$pod;
+       fi
+
+       sec=1
+       if [ $pod = "openssl_config.pod" ]; then
+               sec=5
+       fi
+
+       manpage=`basename $pod .pod`.$sec;
+       pod2man --section="$sec" --release="$rel" --center="$center" \
+               $pod > $manpage;
+       echo "$manpage";
 done
+cd ..
 
-perl util/perlpath.pl /usr/bin
-perl util/ssldir.pl /var/state/ssl
+sec=3
+for dir in ssl crypto; do
+       cd $dir || exit 1;
+       if [ $dir = "ssl" ]; then
+               rel="OpenSSL SSL/TLS library"
+       elif [ $dir = "crypto" ]; then
+               rel="OpenSSL cryptographic library"
+       fi
+
+       %{__perl} -pi -e 's/(\W)((?<!openssl_)\w+)(\(\d\))/$1openssl_$2$3/g; s/openssl_openssl/openssl/g;' *.pod;
+
+       for pod in *.pod; do
+               sec=`[ "$pod" = "des_modes.pod" ] && echo 7 || echo 3`;
+               mv -f $pod openssl_$pod;
+               pod=openssl_$pod;
+               manpage=`basename $pod .pod`.$sec;
+               pod2man --section="$sec" --release="$rel" --center=" " $pod > $manpage;
+               echo "$manpage";
+       done
+       cd ..
+done
 
-./config
-make INSTALLTOP=/usr OPT_FLAGS="$RPM_OPT_FLAGS"
-make rehash
+#cd perl
+#%%{__perl} Makefile.PL \
+#      INSTALLDIRS=vendor
+#%{__make}
 
 %install
 rm -rf $RPM_BUILD_ROOT
+install -d $RPM_BUILD_ROOT{%{_sysconfdir}/%{name},%{_libdir}/%{name}} \
+       $RPM_BUILD_ROOT{%{_mandir}/{pl/man1,man{1,3,5,7}},%{_datadir}/ssl} \
+       $RPM_BUILD_ROOT%{_pkgconfigdir}
 
-install -d $RPM_BUILD_ROOT/{etc,usr/include/ssl,var/state/ssl/{certs,private}}
+%{__make} install \
+       CC="%{__cc}" \
+       INSTALLTOP=%{_prefix} \
+       INSTALL_PREFIX=$RPM_BUILD_ROOT \
+       MANDIR=%{_mandir}
 
-make INSTALLTOP=$RPM_BUILD_ROOT/usr install
+if [ "%{_prefix}/lib/pkgconfig" != "%{_pkgconfigdir}" ] ; then
+       mv $RPM_BUILD_ROOT%{_prefix}/lib/pkgconfig/* \
+               $RPM_BUILD_ROOT%{_pkgconfigdir}
+fi
+sed -i -e 's,^libdir=.*,libdir=%{_libdir},' $RPM_BUILD_ROOT%{_pkgconfigdir}/*.pc
 
-install libRSAglue.a $RPM_BUILD_ROOT/usr/lib
+install libcrypto.a libssl.a $RPM_BUILD_ROOT%{_libdir}
+install lib*.so.*.* $RPM_BUILD_ROOT%{_libdir}
+ln -sf libcrypto.so.*.* $RPM_BUILD_ROOT%{_libdir}/libcrypto.so
+ln -sf libssl.so.*.* $RPM_BUILD_ROOT%{_libdir}/libssl.so
 
-mv $RPM_BUILD_ROOT/usr/include/*.h $RPM_BUILD_ROOT/usr/include/ssl
+mv -f $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc/* $RPM_BUILD_ROOT%{_libdir}/%{name}
+rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc
 
-mv $RPM_BUILD_ROOT/usr/lib/openssl.cnf $RPM_BUILD_ROOT/etc
-ln -s ../../etc/openssl.cnf $RPM_BUILD_ROOT/usr/lib/openssl.cnf
+find $RPM_BUILD_ROOT%{_mandir} -type f | xargs rm -f
+install doc/apps/*.1 $RPM_BUILD_ROOT%{_mandir}/man1
+install doc/apps/*.5 $RPM_BUILD_ROOT%{_mandir}/man5
+install doc/ssl/*.3 doc/crypto/*.3 $RPM_BUILD_ROOT%{_mandir}/man3
+install doc/crypto/*.7 $RPM_BUILD_ROOT%{_mandir}/man7
+install %{SOURCE2} $RPM_BUILD_ROOT%{_mandir}/pl/man1/openssl.1
+install %{SOURCE3} $RPM_BUILD_ROOT%{_bindir}/ssl-certificate
+install -p c_rehash.sh $RPM_BUILD_ROOT%{_bindir}/c_rehash.sh
+install fips-1.0/openssl_fips_fingerprint $RPM_BUILD_ROOT%{_bindir}
 
-gzip -9fn CHANGES CHANGES.SSLeay LICENSE NEWS README \
-       doc/*.pod doc/*.txt
+%clean
+rm -rf $RPM_BUILD_ROOT
 
-%post
-/usr/bin/c_rehash certs
+%post   -p /sbin/ldconfig
+%postun -p /sbin/ldconfig
 
-%clean
-#rm -rf $RPM_BUILD_ROOT
+%triggerpostun -- %{name} < 0.9.7m-6.3
+# don't do anything on --downgrade
+if [ $1 -le 1 ]; then
+       exit 0
+fi
+if [ -d /var/lib/openssl/certs ]; then
+       mv /var/lib/openssl/certs/* %{_sysconfdir}/%{name}/certs 2>/dev/null || :
+fi
+if [ -d /var/lib/openssl/private ]; then
+       mv /var/lib/openssl/private/* %{_sysconfdir}/%{name}/private 2>/dev/null || :
+fi
+if [ -d /var/lib/openssl ]; then
+       for f in /var/lib/openssl/*; do
+               [ -f "$f" ] && mv "$f" %{_sysconfdir}/%{name} 2>/dev/null || :
+       done
+       rmdir in /var/lib/openssl/* 2>/dev/null || :
+       rmdir in /var/lib/openssl 2>/dev/null || :
+fi
 
 %files
 %defattr(644,root,root,755)
-%doc {CHANGES,CHANGES.SSLeay,LICENSE,NEWS,README}.gz
-%doc doc/*.pod.gz doc/*.txt.gz
+%doc CHANGES CHANGES.SSLeay LICENSE NEWS README doc/*.txt
 %doc doc/openssl_button.gif doc/openssl_button.html
+%attr(755,root,root) %{_libdir}/libcrypto.so.*.*.*
+%attr(755,root,root) %{_libdir}/libssl.so.*.*.*
+%dir %{_sysconfdir}/%{name}
+%dir %{_sysconfdir}/%{name}/certs
+%dir %{_sysconfdir}/%{name}/private
+%dir %{_datadir}/ssl
+
+%files tools
+%defattr(644,root,root,755)
+
+%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/openssl.cnf
+
+%attr(755,root,root) %{_bindir}/c_rehash.sh
+%attr(755,root,root) %{_bindir}/openssl
+%attr(755,root,root) %{_bindir}/openssl_fips_fingerprint
+%attr(754,root,root) %{_bindir}/ssl-certificate
 
-%attr(755,root,root) /usr/bin/*
-%verify(not md5 size mtime) %config(noreplace) /etc/openssl.cnf
-%verify(not md5 size mtime) %config(noreplace) /usr/lib/openssl.cnf
-/usr/lib/lib*.a
-/usr/include/ssl/*.h
-/var/state/ssl
-
-%changelog
-* Wed Apr 14 1999 Artur Frysiak <wiget@pld.org.pl>
-  [0.9.2c-2]
-- rewrite for PLD
-TODO: make shared libs and perl subpackage
+%dir %{_libdir}/%{name}
+%attr(755,root,root) %{_libdir}/%{name}/CA.sh
+%attr(755,root,root) %{_libdir}/%{name}/c_hash
+%attr(755,root,root) %{_libdir}/%{name}/c_info
+%attr(755,root,root) %{_libdir}/%{name}/c_issuer
+%attr(755,root,root) %{_libdir}/%{name}/c_name
+
+%{_mandir}/man1/openssl.1*
+%{_mandir}/man1/openssl_asn1parse.1*
+%{_mandir}/man1/openssl_ca.1*
+%{_mandir}/man1/openssl_ciphers.1*
+%{_mandir}/man1/openssl_crl.1*
+%{_mandir}/man1/openssl_crl2pkcs7.1*
+%{_mandir}/man1/openssl_dgst.1*
+%{_mandir}/man1/openssl_dhparam.1*
+%{_mandir}/man1/openssl_dsa.1*
+%{_mandir}/man1/openssl_dsaparam.1*
+%{_mandir}/man1/openssl_enc.1*
+%{_mandir}/man1/openssl_errstr.1*
+%{_mandir}/man1/openssl_gendsa.1*
+%{_mandir}/man1/openssl_genrsa.1*
+%{_mandir}/man1/openssl_nseq.1*
+%{_mandir}/man1/openssl_ocsp.1*
+%{_mandir}/man1/openssl_passwd.1*
+%{_mandir}/man1/openssl_pkcs12.1*
+%{_mandir}/man1/openssl_pkcs7.1*
+%{_mandir}/man1/openssl_pkcs8.1*
+%{_mandir}/man1/openssl_rand.1*
+%{_mandir}/man1/openssl_req.1*
+%{_mandir}/man1/openssl_rsa.1*
+%{_mandir}/man1/openssl_rsautl.1*
+%{_mandir}/man1/openssl_s_client.1*
+%{_mandir}/man1/openssl_s_server.1*
+%{_mandir}/man1/openssl_s_time.1*
+%{_mandir}/man1/openssl_sess_id.1*
+%{_mandir}/man1/openssl_smime.1*
+%{_mandir}/man1/openssl_speed.1*
+%{_mandir}/man1/openssl_spkac.1*
+%{_mandir}/man1/openssl_verify.1*
+%{_mandir}/man1/openssl_version.1*
+%{_mandir}/man1/openssl_x509.1*
+%{_mandir}/man5/*.5*
+%lang(pl) %{_mandir}/pl/man1/openssl.1*
+
+%files tools-perl
+%defattr(644,root,root,755)
+%attr(755,root,root) %{_libdir}/%{name}/CA.pl
+%attr(755,root,root) %{_bindir}/c_rehash
+%{_mandir}/man1/openssl_CA.pl.1*
+
+%files devel
+%defattr(644,root,root,755)
+%attr(755,root,root) %{_libdir}/libcrypto.so
+%attr(755,root,root) %{_libdir}/libssl.so
+%{_includedir}/%{name}
+%{_pkgconfigdir}/openssl.pc
+%{_mandir}/man3/openssl*.3*
+%{_mandir}/man7/openssl_des_modes.7*
+
+%files static
+%defattr(644,root,root,755)
+%{_libdir}/lib*.a