%bcond_without tests # don't perform "make tests"
%bcond_without zlib # zlib: note - enables CVE-2012-4929 vulnerability
%bcond_with sslv2 # SSLv2: note - many flaws http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_2.0
-%bcond_with sslv3 # SSLv3: note - enables CVE-2014-3566 vulnerability
-%bcond_with snap # use GitHub snapshot to build branch release
+%bcond_with sslv3 # SSLv3: note - enables CVE-2014-3566 vulnerability
-%include /usr/lib/rpm/macros.perl
Summary: OpenSSL Toolkit libraries for the "Secure Sockets Layer" (SSL v2/v3)
Summary(de.UTF-8): Secure Sockets Layer (SSL)-Kommunikationslibrary
Summary(es.UTF-8): Biblioteca C que suministra algoritmos y protocolos criptográficos
Summary(ru.UTF-8): Библиотеки и утилиты для соединений через Secure Sockets Layer
Summary(uk.UTF-8): Бібліотеки та утиліти для з'єднань через Secure Sockets Layer
Name: openssl
-# Version 1.1.0 will be supported until 2019-??-?? (one year after release of 1.1.1).
+# Version 1.1.1 is LTS, supported until 2023-09-11.
# https://www.openssl.org/about/releasestrat.html
-Version: 1.1.1
+Version: 1.1.1e
Release: 1
License: Apache-like
Group: Libraries
-%if %{without snap}
Source0: https://www.openssl.org/source/%{name}-%{version}.tar.gz
-# Source0-md5: 7079eb017429e0ffb9efb42bf80ccb21
-%else
-Source1: https://github.com/openssl/openssl/archive/OpenSSL_1_1_0-stable/%{name}-%{version}-dev.tar.gz
-%endif
+# Source0-md5: baeff2a64d2f3d7e0a69b677c9977b57
Source2: %{name}.1.pl
Source3: %{name}-ssl-certificate.sh
Source4: %{name}-c_rehash.sh
Patch1: %{name}-optflags.patch
Patch3: %{name}-man-namespace.patch
-
+Patch4: bug-11378.patch
Patch5: %{name}-ca-certificates.patch
-
+Patch6: %{name}-no-win32.patch
Patch7: %{name}-find.patch
Patch8: pic.patch
-Patch10: %{name}_fix_for_x32.patch
Patch11: engines-dir.patch
URL: http://www.openssl.org/
+BuildRequires: libsctp-devel
BuildRequires: perl-devel >= 1:5.10.0
BuildRequires: pkgconfig
BuildRequires: rpm-perlprov >= 4.1-13
BuildRequires: rpmbuild(macros) >= 1.213
BuildRequires: sed >= 4.0
BuildRequires: zlib-devel
-Requires: ca-certificates >= 20120623-1.1
+Requires: ca-certificates >= 20141019-3
Requires: rpm-whiteout >= 1.7
Obsoletes: SSLeay
Obsoletes: SSLeay-devel
%else
%setup -q %{?subver:-n %{name}-%{version}-%{subver}}
%endif
-
%patch1 -p1
%patch3 -p1
-
+%patch4 -p1
%patch5 -p1
-
+%patch6 -p1
%patch7 -p1
%patch8 -p1
-%ifarch x32
-%patch10 -p1
-%endif
%patch11 -p1
%build
enable-mdc2 \
enable-rc5 \
enable-rfc3779 \
+ enable-sctp \
enable-seed \
%ifarch %{x8664}
enable-ec_nistp_64_gcc_128 \
v=$(awk -F= '/^VERSION/{print $2}' Makefile)
test "$v" = %{version}%{?subver:-%{subver}}%{?with_snap:-dev}
+# fails with enable-sctp as of 1.1.1
+%{__rm} test/recipes/80-test_ssl_new.t
+
%{__make} -j1 all %{?with_tests:tests} \
CC="%{__cc}" \
OPTFLAGS="%{rpmcflags} %{rpmcppflags}" \
INSTALLTOP=%{_prefix}
# Rename POD sources of man pages. "openssl-" prefix is added to each
-# manpage to avoid potential conflicts with other packages.
+# manpage to avoid potential conflicts with other packages.
# openssl-man-namespace.patch mostly marks these pages with "openssl-" prefix.
for podfile in $(grep -rl '^openssl-' doc/man*); do
%{_mandir}/man1/openssl-rsa.1*
%{_mandir}/man1/openssl-rsautl.1*
%{_mandir}/man1/openssl-s_client.1*
+%{_mandir}/man1/openssl-s_server.1*
+%{_mandir}/man1/openssl-s_time.1*
%{_mandir}/man1/openssl-sess_id.1*
%{_mandir}/man1/openssl-smime.1*
%{_mandir}/man1/openssl-speed.1*
%{_mandir}/man1/openssl-spkac.1*
%{_mandir}/man1/openssl-srp.1*
-%{_mandir}/man1/openssl-s_server.1*
-%{_mandir}/man1/openssl-s_time.1*
%{_mandir}/man1/openssl-storeutl.1*
%{_mandir}/man1/openssl-ts.1*
%{_mandir}/man1/openssl-tsget.1*
%{_mandir}/man7/openssl-x509.7*
%{_mandir}/man7/ossl_store.7*
%{_mandir}/man7/ossl_store-file.7*
+%{_mandir}/man7/proxy-certificates.7*
%{_mandir}/man7/RSA-PSS.7.gz
%files static