X-Git-Url: http://git.pld-linux.org/?p=packages%2Fopenssl.git;a=blobdiff_plain;f=openssl.spec;h=39e6135751b7f79afd41962ba5b3aee6274540c2;hp=73d4f1da346d0fd340dc1f809c55385ec033df8d;hb=c04ce0ebe4dbeb92db0e36be6c52f4c2c0c9569a;hpb=68d2134cecc6b04108a32522b901d43d54671bda

diff --git a/openssl.spec b/openssl.spec
index 73d4f1d..39e6135 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -1,8 +1,11 @@
-#
-# TODO: consider dropping last optflags.patch hunk and return to SOMAJOR (.so.1) sonames
+# TODO
+# - consider dropping last optflags.patch hunk and return to SOMAJOR (.so.1) sonames
 #
 # Conditional build:
 %bcond_without	tests	# don't perform "make tests"
+%bcond_without	zlib	# zlib: note - enables CVE-2012-4929 vulnerability
+%bcond_without	sslv2	# SSLv2: note - many flaws http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_2.0
+%bcond_without	sslv3	# SSLv3: note - enables  CVE-2014-3566 vulnerability
 %bcond_with	purify	# Compile openssl with \-DPURIFY, useful when one wants to
 			# use valgrind debugger against openssl-linked programs
 
@@ -16,12 +19,12 @@ Summary(pt_BR.UTF-8):	Uma biblioteca C que fornece vÃ¡rios algoritmos e protocol
 Summary(ru.UTF-8):	ÐÐ¸Ð±Ð»Ð¸Ð¾ÑÐµÐºÐ¸ Ð¸ ÑÑÐ¸Ð»Ð¸ÑÑ Ð´Ð»Ñ ÑÐ¾ÐµÐ´Ð¸Ð½ÐµÐ½Ð¸Ð¹ ÑÐµÑÐµÐ· Secure Sockets Layer
 Summary(uk.UTF-8):	ÐÑÐ±Ð»ÑÐ¾ÑÐµÐºÐ¸ ÑÐ° ÑÑÐ¸Ð»ÑÑÐ¸ Ð´Ð»Ñ Ð·'ÑÐ´Ð½Ð°Ð½Ñ ÑÐµÑÐµÐ· Secure Sockets Layer
 Name:		openssl
-Version:	1.0.0i
-Release:	1
+Version:	1.0.1j
+Release:	3
 License:	Apache-like
 Group:		Libraries
 Source0:	ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
-# Source0-md5:	b4df9c11af454fd68178c85a1d5f328f
+# Source0-md5:	f7175c9cd3c39bb1907ac8bba9df8ed3
 Source2:	%{name}.1.pl
 Source3:	%{name}-ssl-certificate.sh
 Source4:	%{name}-c_rehash.sh
@@ -33,6 +36,12 @@ Patch4:		%{name}-man-namespace.patch
 Patch5:		%{name}-asflag.patch
 Patch6:		%{name}-ca-certificates.patch
 Patch7:		%{name}-ldflags.patch
+Patch8:		%{name}-find.patch
+# from debian
+Patch10:	default_bits.patch
+Patch11:	pic.patch
+Patch12:	stddef.patch
+Patch13:	openssl_fix_for_x32.patch
 URL:		http://www.openssl.org/
 BuildRequires:	bc
 BuildRequires:	perl-devel >= 1:5.6.1
@@ -45,6 +54,11 @@ Obsoletes:	SSLeay
 Obsoletes:	SSLeay-devel
 Obsoletes:	SSLeay-perl
 Obsoletes:	libopenssl0
+%if "%{pld_release}" != "ac"
+Conflicts:	neon < 0.29.6-8
+Conflicts:	openssh-clients < 2:6.2p2-3
+Conflicts:	openssh-server < 2:6.2p2-3
+%endif
 BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)
 
 %description
@@ -120,14 +134,14 @@ crypto devices:
 - Broadcom uBSec
 
 In addition, dynamic binding to external ENGINE implementations is now
-provided by a special ENGINE called "dynamic". 
+provided by a special ENGINE called "dynamic".
 
 %description engines -l pl.UTF-8
 PoczÄwszy od OpenSSL-a 0.9.6 zostaÅ dodany nowy komponent, majÄcy
 wspieraÄ alternatywne implementacje kryptografii, przewaÅ¼nie
 wspÃ³ÅpracujÄce z zewnÄtrznymi urzÄdzeniami kryptograficznymi (np.
-kartami akceleratorÃ³w). Komponent ten jest nazywany SILNIKIEM
-(ang. ENGINE).
+kartami akceleratorÃ³w). Komponent ten jest nazywany SILNIKIEM (ang.
+ENGINE).
 
 Obecnie istniejÄ wbudowane implementacje silnikÃ³w dla nastÄpujÄcych
 urzÄdzeÅ kryptograficznych:
@@ -244,9 +258,11 @@ RC4, RSA Ð¸ SSL. ÐÐºÐ»ÑÑÐ°ÐµÑ ÑÑÐ°ÑÐ¸ÑÐµÑÐºÐ¸Ðµ Ð±Ð¸Ð±Ð»Ð¸Ð¾ÑÐµÐºÐ¸ Ð´
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
-
-%{__perl} -pi -e 's#%{_prefix}/local/bin/perl#%{__perl}#g' \
-	`grep -l -r "%{_prefix}/local/bin/perl" *`
+%patch8 -p1
+%patch10 -p1
+%patch11 -p1
+%patch12 -p1
+%patch13 -p1
 
 sed -i -e 's|\$prefix/\$libdir/engines|/%{_lib}/engines|g' Configure
 
@@ -256,25 +272,27 @@ touch Makefile.*
 %{__perl} util/perlpath.pl %{__perl}
 
 OPTFLAGS="%{rpmcflags} %{rpmcppflags} %{?with_purify:-DPURIFY}" \
-./Configure \
-%if "%{pld_release}" == "ti"
-	--openssldir=%{_var}/lib/%{name} \
-%else
+PERL="%{__perl}" \
+%{__perl} ./Configure \
 	--openssldir=%{_sysconfdir}/%{name} \
-%endif
 	--libdir=%{_lib} \
 	shared \
 	threads \
-	zlib \
-	enable-tlsext \
-	enable-seed \
-	enable-rfc3779 \
+	%{!?with_sslv2:no-ssl2} \
+	%{!?with_sslv3:no-ssl3} \
+	%{!?with_zlib:no-}zlib \
 	enable-camelia \
 	enable-cms \
 	enable-idea \
-	enable-mdc2 \
 	enable-md2 \
+	enable-mdc2 \
 	enable-rc5 \
+	enable-rfc3779 \
+	enable-seed \
+	enable-tlsext \
+%ifarch %{x8664}
+	enable-ec_nistp_64_gcc_128 \
+%endif
 %ifarch %{ix86}
 %ifarch i386
 	386 linux-elf
@@ -289,6 +307,9 @@ OPTFLAGS="%{rpmcflags} %{rpmcppflags} %{?with_purify:-DPURIFY}" \
 %ifarch %{x8664}
 	linux-x86_64
 %endif
+%ifarch x32
+	linux-x32
+%endif
 %ifarch ia64
 	linux-ia64
 %endif
@@ -336,7 +357,7 @@ install -d $RPM_BUILD_ROOT{%{_sysconfdir}/%{name},%{_libdir}/%{name}} \
 	$RPM_BUILD_ROOT/%{_lib}/engines \
 	$RPM_BUILD_ROOT%{_pkgconfigdir}
 
-%{__make} install \
+%{__make} -j1 install \
 	INSTALLTOP=%{_prefix} \
 	INSTALL_PREFIX=$RPM_BUILD_ROOT \
 	MANDIR=%{_mandir}
@@ -346,22 +367,11 @@ mv -f $RPM_BUILD_ROOT%{_libdir}/lib*.so.*.* $RPM_BUILD_ROOT/%{_lib}
 ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libcrypto.*.*) $RPM_BUILD_ROOT%{_libdir}/libcrypto.so
 ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libssl.*.*) $RPM_BUILD_ROOT%{_libdir}/libssl.so
 
-%if "%{pld_release}" == "ti"
-ln -sf %{_var}/lib/%{name}/%{name}.cnf \
-	$RPM_BUILD_ROOT%{_sysconfdir}/%{name}/openssl.cnf
-ln -sf %{_var}/lib/%{name}/certs \
-	$RPM_BUILD_ROOT%{_sysconfdir}/%{name}/certs
-ln -sf %{_var}/lib/%{name}/private \
-	$RPM_BUILD_ROOT%{_sysconfdir}/%{name}/private
-mv -f $RPM_BUILD_ROOT%{_var}/lib/%{name}/misc/* $RPM_BUILD_ROOT%{_libdir}/%{name}
-rm -rf $RPM_BUILD_ROOT%{_var}/lib/%{name}/misc
-%else
 mv -f $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc/* $RPM_BUILD_ROOT%{_libdir}/%{name}
 rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc
-%endif
 
 # not installed as individual utilities (see openssl dgst instead)
-%{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/{md2,md4,md5,mdc2,ripemd160,sha,sha1}.1
+%{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/{dss1,md2,md4,md5,mdc2,ripemd160,sha,sha1,sha224,sha256,sha384,sha512}.1
 
 cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_mandir}/pl/man1/openssl.1
 install -p %{SOURCE3} $RPM_BUILD_ROOT%{_bindir}/ssl-certificate
@@ -377,15 +387,11 @@ rm -rf $RPM_BUILD_ROOT
 # the hashing format has changed in 1.0.0
 [ ! -x %{_sbindir}/update-ca-certificates ] || %{_sbindir}/update-ca-certificates --fresh || :
 
-%if "%{pld_release}" == "ti"
-%triggerin -- %{name}-tools < 0.9.8i-2
-if [ -L /var/lib/openssl/openssl.cnf ] ; then
-	echo "Saving old configuration as /var/lib/openssl/openssl.cnf.rpmsave"
-	rm /var/lib/openssl/openssl.cnf
-	mv %{_sysconfdir}/%{name}/openssl.cnf /var/lib/openssl/openssl.cnf.rpmsave 2>/dev/null || :
-fi
-%else
 %triggerpostun -- %{name} < 0.9.8i-2
+# don't do anything on --downgrade
+if [ $1 -le 1 ]; then
+	exit 0
+fi
 if [ -d /var/lib/openssl/certs ] ; then
 	mv /var/lib/openssl/certs/* %{_sysconfdir}/%{name}/certs 2>/dev/null || :
 fi
@@ -396,8 +402,9 @@ if [ -d /var/lib/openssl ] ; then
 	for f in /var/lib/openssl/* ; do
 		[ -f "$f" ] && mv "$f" %{_sysconfdir}/%{name} 2>/dev/null || :
 	done
+	rmdir /var/lib/openssl/* 2>/dev/null || :
+	rmdir /var/lib/openssl 2>/dev/null || :
 fi
-%endif
 
 %files
 %defattr(644,root,root,755)
@@ -405,32 +412,19 @@ fi
 %doc doc/openssl_button.gif doc/openssl_button.html
 %attr(755,root,root) /%{_lib}/libcrypto.so.*.*.*
 %attr(755,root,root) /%{_lib}/libssl.so.*.*.*
-%if "%{pld_release}" == "ti"
-%dir %{_var}/lib/%{name}
-%dir %{_var}/lib/%{name}/certs
-%dir %{_var}/lib/%{name}/private
-%dir %{_sysconfdir}/%{name}
-%attr(755,root,root) %{_sysconfdir}/%{name}/certs
-%attr(755,root,root) %{_sysconfdir}/%{name}/private
-%else
 %dir %{_sysconfdir}/%{name}
 %dir %{_sysconfdir}/%{name}/certs
 %dir %{_sysconfdir}/%{name}/private
-%endif
 %dir %{_datadir}/ssl
 
 %files engines
+%defattr(644,root,root,755)
 %dir /%{_lib}/engines
 %attr(755,root,root) /%{_lib}/engines/*.so
 
 %files tools
 %defattr(644,root,root,755)
-%if "%{pld_release}" == "ti"
-%{_sysconfdir}/%{name}/openssl.cnf
-%config(noreplace) %verify(not md5 mtime size) %{_var}/lib/%{name}/openssl.cnf
-%else
 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/openssl.cnf
-%endif
 %attr(755,root,root) %{_bindir}/c_rehash.sh
 %attr(755,root,root) %{_bindir}/openssl
 %attr(754,root,root) %{_bindir}/ssl-certificate
@@ -495,6 +489,7 @@ fi
 %attr(755,root,root) %{_libdir}/%{name}/CA.pl
 %attr(755,root,root) %{_libdir}/%{name}/tsget
 %{_mandir}/man1/openssl_CA.pl.1*
+%{_mandir}/man1/openssl_c_rehash.1*
 
 %files devel
 %defattr(644,root,root,755)
@@ -509,4 +504,5 @@ fi
 
 %files static
 %defattr(644,root,root,755)
-%{_libdir}/lib*.a
+%{_libdir}/libcrypto.a
+%{_libdir}/libssl.a