- fix bconds

[packages/openssl.git] / openssl.spec

diff --git a/openssl.spec b/openssl.spec
index 4455fe6fda7f87236f300260e613a635b49f13ed..9ae870c08c4aa9869344fa13e0fbd1c5dad8911a 100644 (file)
--- a/openssl.spec
+++ b/openssl.spec
@@ -3,6 +3,9 @@
 #
 # Conditional build:
 %bcond_without tests   # don't perform "make tests"
+%bcond_with    zlib    # zlib: note - enables CVE-2012-4929 vulnerability
+%bcond_with    sslv2   # SSLv2: note - many flaws http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_2.0
+%bcond_with    sslv3   # SSLv3: note - enables  CVE-2014-3566 vulnerability
 %bcond_with    purify  # Compile openssl with \-DPURIFY, useful when one wants to
                        # use valgrind debugger against openssl-linked programs
 
@@ -17,7 +20,7 @@ Summary(ru.UTF-8):    Библиотеки и утилиты для соедине
 Summary(uk.UTF-8):     Бібліотеки та утиліти для з'єднань через Secure Sockets Layer
 Name:          openssl
 Version:       1.0.1j
-Release:       1
+Release:       2
 License:       Apache-like
 Group:         Libraries
 Source0:       ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
@@ -271,16 +274,21 @@ PERL="%{__perl}" \
        --libdir=%{_lib} \
        shared \
        threads \
-       zlib \
-       enable-tlsext \
-       enable-seed \
-       enable-rfc3779 \
+       %{!?with_sslv2:no-ssl2} \
+       %{!?with_sslv3:no-ssl3} \
+       %{!?with_zlib:no-}zlib \
        enable-camelia \
        enable-cms \
        enable-idea \
-       enable-mdc2 \
        enable-md2 \
+       enable-mdc2 \
        enable-rc5 \
+       enable-rfc3779 \
+       enable-seed \
+       enable-tlsext \
+%ifarch %{x8664}
+       enable-ec_nistp_64_gcc_128 \
+%endif
 %ifarch %{ix86}
 %ifarch i386
        386 linux-elf