X-Git-Url: http://git.pld-linux.org/?p=packages%2Fopenssl.git;a=blobdiff_plain;f=openssl.spec;h=39e6135751b7f79afd41962ba5b3aee6274540c2;hp=973e82464f3f9f9ff850fc121590123503ec6fc3;hb=c04ce0ebe4dbeb92db0e36be6c52f4c2c0c9569a;hpb=cc9d3e2c32ce2f6fed84e19500bc2a79511d075a

diff --git a/openssl.spec b/openssl.spec
index 973e824..39e6135 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -1,6 +1,11 @@
+# TODO
+# - consider dropping last optflags.patch hunk and return to SOMAJOR (.so.1) sonames
 #
 # Conditional build:
 %bcond_without	tests	# don't perform "make tests"
+%bcond_without	zlib	# zlib: note - enables CVE-2012-4929 vulnerability
+%bcond_without	sslv2	# SSLv2: note - many flaws http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_2.0
+%bcond_without	sslv3	# SSLv3: note - enables  CVE-2014-3566 vulnerability
 %bcond_with	purify	# Compile openssl with \-DPURIFY, useful when one wants to
 			# use valgrind debugger against openssl-linked programs
 
@@ -14,12 +19,12 @@ Summary(pt_BR.UTF-8):	Uma biblioteca C que fornece vÃ¡rios algoritmos e protocol
 Summary(ru.UTF-8):	ÐÐ¸Ð±Ð»Ð¸Ð¾ÑÐµÐºÐ¸ Ð¸ ÑÑÐ¸Ð»Ð¸ÑÑ Ð´Ð»Ñ ÑÐ¾ÐµÐ´Ð¸Ð½ÐµÐ½Ð¸Ð¹ ÑÐµÑÐµÐ· Secure Sockets Layer
 Summary(uk.UTF-8):	ÐÑÐ±Ð»ÑÐ¾ÑÐµÐºÐ¸ ÑÐ° ÑÑÐ¸Ð»ÑÑÐ¸ Ð´Ð»Ñ Ð·'ÑÐ´Ð½Ð°Ð½Ñ ÑÐµÑÐµÐ· Secure Sockets Layer
 Name:		openssl
-Version:	1.0.0
-Release:	0.1
+Version:	1.0.1j
+Release:	3
 License:	Apache-like
 Group:		Libraries
 Source0:	ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
-# Source0-md5:	89eaa86e25b2845f920ec00ae4c864ed
+# Source0-md5:	f7175c9cd3c39bb1907ac8bba9df8ed3
 Source2:	%{name}.1.pl
 Source3:	%{name}-ssl-certificate.sh
 Source4:	%{name}-c_rehash.sh
@@ -30,8 +35,13 @@ Patch3:		%{name}-include.patch
 Patch4:		%{name}-man-namespace.patch
 Patch5:		%{name}-asflag.patch
 Patch6:		%{name}-ca-certificates.patch
-Patch7:		%{name}-fips_install.patch
-Patch8:		%{name}-ldflags.patch
+Patch7:		%{name}-ldflags.patch
+Patch8:		%{name}-find.patch
+# from debian
+Patch10:	default_bits.patch
+Patch11:	pic.patch
+Patch12:	stddef.patch
+Patch13:	openssl_fix_for_x32.patch
 URL:		http://www.openssl.org/
 BuildRequires:	bc
 BuildRequires:	perl-devel >= 1:5.6.1
@@ -44,6 +54,11 @@ Obsoletes:	SSLeay
 Obsoletes:	SSLeay-devel
 Obsoletes:	SSLeay-perl
 Obsoletes:	libopenssl0
+%if "%{pld_release}" != "ac"
+Conflicts:	neon < 0.29.6-8
+Conflicts:	openssh-clients < 2:6.2p2-3
+Conflicts:	openssh-server < 2:6.2p2-3
+%endif
 BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)
 
 %description
@@ -97,6 +112,48 @@ RC4, RSA Ð¸ SSL.
 ÐºÐ¾ÑÐ¸ÑÑÑÐ²Ð°Ð½Ð½Ñ, ÑÐ¾ ÑÐµÐ°Ð»ÑÐ·ÑÑÑÑ Ð²ÐµÐ»Ð¸ÐºÑ ÐºÑÐ»ÑÐºÑÑÑÑ ÐºÑÐ¸Ð¿ÑÐ¾Ð³ÑÐ°ÑÑÑÐ½Ð¸Ñ
 Ð°Ð»Ð³Ð¾ÑÐ¸ÑÐ¼ÑÐ², Ð²ÐºÐ»ÑÑÐ°ÑÑÐ¸ DES, RC4, RSA ÑÐ° SSL.
 
+%package engines
+Summary:	OpenSSL optional crypto engines
+Summary(pl.UTF-8):	Opcjonalne silniki kryptograficzne dla OpenSSL-a
+Group:		Libraries
+Requires:	%{name} = %{version}-%{release}
+
+%description engines
+With OpenSSL 0.9.6, a new component was added to support alternative
+cryptography implementations, most commonly for interfacing with
+external crypto devices (eg. accelerator cards). This component is
+called ENGINE.
+
+There are currently built-in ENGINE implementations for the following
+crypto devices:
+
+- CryptoSwift
+- Compaq Atalla
+- nCipher CHIL
+- Nuron
+- Broadcom uBSec
+
+In addition, dynamic binding to external ENGINE implementations is now
+provided by a special ENGINE called "dynamic".
+
+%description engines -l pl.UTF-8
+PoczÄwszy od OpenSSL-a 0.9.6 zostaÅ dodany nowy komponent, majÄcy
+wspieraÄ alternatywne implementacje kryptografii, przewaÅ¼nie
+wspÃ³ÅpracujÄce z zewnÄtrznymi urzÄdzeniami kryptograficznymi (np.
+kartami akceleratorÃ³w). Komponent ten jest nazywany SILNIKIEM (ang.
+ENGINE).
+
+Obecnie istniejÄ wbudowane implementacje silnikÃ³w dla nastÄpujÄcych
+urzÄdzeÅ kryptograficznych:
+- CryptoSwift
+- Compaq Atalla
+- nCipher CHIL
+- Nuron
+- Broadcom uBSec
+
+Ponadto zapewnione jest dynamiczne wiÄzanie dla zewnÄtrznych
+implementacji silnikÃ³w poprzez specjalny silnik o nazwie "dynamic".
+
 %package tools
 Summary:	OpenSSL command line tool and utilities
 Summary(pl.UTF-8):	Zestaw narzÄdzi i skryptÃ³w
@@ -193,42 +250,49 @@ RC4, RSA Ð¸ SSL. ÐÐºÐ»ÑÑÐ°ÐµÑ ÑÑÐ°ÑÐ¸ÑÐµÑÐºÐ¸Ðµ Ð±Ð¸Ð±Ð»Ð¸Ð¾ÑÐµÐºÐ¸ Ð´
 
 %prep
 %setup -q
-#%patch0 -p1
-#%patch1 -p1
+%patch0 -p1
+%patch1 -p1
 %patch2 -p1
 %patch3 -p1
-#%patch4 -p1
-#%patch5 -p1
+%patch4 -p1
+%patch5 -p1
 %patch6 -p1
-#%patch7 -p1
-#%patch8 -p1
+%patch7 -p1
+%patch8 -p1
+%patch10 -p1
+%patch11 -p1
+%patch12 -p1
+%patch13 -p1
 
-%{__perl} -pi -e 's#%{_prefix}/local/bin/perl#%{__perl}#g' \
-	`grep -l -r "%{_prefix}/local/bin/perl" *`
-
-sed -i -e 's|$prefix/lib/engines|/%{_lib}/engines|g' Configure
+sed -i -e 's|\$prefix/\$libdir/engines|/%{_lib}/engines|g' Configure
 
 %build
 touch Makefile.*
 
 %{__perl} util/perlpath.pl %{__perl}
 
-OPTFLAGS="%{rpmcflags} %{?with_purify:-DPURIFY}" \
-./Configure \
-%if "%{pld_release}" == "ti"
-	--openssldir=%{_var}/lib/%{name} \
-%else
+OPTFLAGS="%{rpmcflags} %{rpmcppflags} %{?with_purify:-DPURIFY}" \
+PERL="%{__perl}" \
+%{__perl} ./Configure \
 	--openssldir=%{_sysconfdir}/%{name} \
-%endif
 	--libdir=%{_lib} \
-	shared threads \
-	enable-tlsext \
-	enable-seed \
-	enable-rfc3779 \
+	shared \
+	threads \
+	%{!?with_sslv2:no-ssl2} \
+	%{!?with_sslv3:no-ssl3} \
+	%{!?with_zlib:no-}zlib \
+	enable-camelia \
 	enable-cms \
 	enable-idea \
+	enable-md2 \
 	enable-mdc2 \
 	enable-rc5 \
+	enable-rfc3779 \
+	enable-seed \
+	enable-tlsext \
+%ifarch %{x8664}
+	enable-ec_nistp_64_gcc_128 \
+%endif
 %ifarch %{ix86}
 %ifarch i386
 	386 linux-elf
@@ -243,6 +307,9 @@ OPTFLAGS="%{rpmcflags} %{?with_purify:-DPURIFY}" \
 %ifarch %{x8664}
 	linux-x86_64
 %endif
+%ifarch x32
+	linux-x32
+%endif
 %ifarch ia64
 	linux-ia64
 %endif
@@ -261,10 +328,13 @@ OPTFLAGS="%{rpmcflags} %{?with_purify:-DPURIFY}" \
 %ifarch sparc64
 	linux64-sparcv9
 %endif
+%ifarch armv4 armv5 armv5t armv5te armv5tel
+	linux-armv4
+%endif
 
 %{__make} -j1 all rehash %{?with_tests:tests} \
 	CC="%{__cc}" \
-	ASFLAG='$(CFLAG) -c -Wa,--noexecstack' \
+	ASFLAG='$(CFLAG) -Wa,--noexecstack' \
 	INSTALLTOP=%{_prefix}
 
 # Rename POD sources of man pages. "openssl_" prefix is added to each
@@ -287,34 +357,23 @@ install -d $RPM_BUILD_ROOT{%{_sysconfdir}/%{name},%{_libdir}/%{name}} \
 	$RPM_BUILD_ROOT/%{_lib}/engines \
 	$RPM_BUILD_ROOT%{_pkgconfigdir}
 
-%{__make} install \
+%{__make} -j1 install \
 	INSTALLTOP=%{_prefix} \
 	INSTALL_PREFIX=$RPM_BUILD_ROOT \
 	MANDIR=%{_mandir}
 
-mv -f $RPM_BUILD_ROOT/%{_libdir}/engines/* $RPM_BUILD_ROOT/%{_lib}/engines
-mv -f $RPM_BUILD_ROOT/%{_libdir}/lib*.so.*.* $RPM_BUILD_ROOT/%{_lib}
+mv -f $RPM_BUILD_ROOT%{_libdir}/engines/* $RPM_BUILD_ROOT/%{_lib}/engines
+mv -f $RPM_BUILD_ROOT%{_libdir}/lib*.so.*.* $RPM_BUILD_ROOT/%{_lib}
 ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libcrypto.*.*) $RPM_BUILD_ROOT%{_libdir}/libcrypto.so
 ln -sf /%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libssl.*.*) $RPM_BUILD_ROOT%{_libdir}/libssl.so
 
-%if "%{pld_release}" == "ti"
-ln -sf %{_var}/lib/%{name}/%{name}.cnf \
-	$RPM_BUILD_ROOT%{_sysconfdir}/%{name}/openssl.cnf
-ln -sf %{_var}/lib/%{name}/certs \
-	$RPM_BUILD_ROOT%{_sysconfdir}/%{name}/certs
-ln -sf %{_var}/lib/%{name}/private \
-	$RPM_BUILD_ROOT%{_sysconfdir}/%{name}/private
-mv -f $RPM_BUILD_ROOT%{_var}/lib/%{name}/misc/* $RPM_BUILD_ROOT%{_libdir}/%{name}
-rm -rf $RPM_BUILD_ROOT%{_var}/lib/%{name}/misc
-%else
 mv -f $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc/* $RPM_BUILD_ROOT%{_libdir}/%{name}
 rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc
-%endif
 
 # not installed as individual utilities (see openssl dgst instead)
-%{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/{md2,md4,md5,mdc2,ripemd160,sha,sha1}.1
+%{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/{dss1,md2,md4,md5,mdc2,ripemd160,sha,sha1,sha224,sha256,sha384,sha512}.1
 
-cp -a %{SOURCE2} $RPM_BUILD_ROOT%{_mandir}/pl/man1/openssl.1
+cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_mandir}/pl/man1/openssl.1
 install -p %{SOURCE3} $RPM_BUILD_ROOT%{_bindir}/ssl-certificate
 install -p %{SOURCE4} $RPM_BUILD_ROOT%{_bindir}/c_rehash.sh
 
@@ -324,15 +383,15 @@ rm -rf $RPM_BUILD_ROOT
 %post   -p /sbin/ldconfig
 %postun -p /sbin/ldconfig
 
-%if "%{pld_release}" == "ti"
-%triggerin -- %{name}-tools < 0.9.8i-2
-if [ -L /var/lib/openssl/openssl.cnf ] ; then
-	echo "Saving old configuration as /var/lib/openssl/openssl.cnf.rpmsave"
-	rm /var/lib/openssl/openssl.cnf
-	mv %{_sysconfdir}/%{name}/openssl.cnf /var/lib/openssl/openssl.cnf.rpmsave 2>/dev/null || :
-fi
-%else
+%triggerpostun -- %{name}-tools < 1.0.0-5
+# the hashing format has changed in 1.0.0
+[ ! -x %{_sbindir}/update-ca-certificates ] || %{_sbindir}/update-ca-certificates --fresh || :
+
 %triggerpostun -- %{name} < 0.9.8i-2
+# don't do anything on --downgrade
+if [ $1 -le 1 ]; then
+	exit 0
+fi
 if [ -d /var/lib/openssl/certs ] ; then
 	mv /var/lib/openssl/certs/* %{_sysconfdir}/%{name}/certs 2>/dev/null || :
 fi
@@ -343,8 +402,9 @@ if [ -d /var/lib/openssl ] ; then
 	for f in /var/lib/openssl/* ; do
 		[ -f "$f" ] && mv "$f" %{_sysconfdir}/%{name} 2>/dev/null || :
 	done
+	rmdir /var/lib/openssl/* 2>/dev/null || :
+	rmdir /var/lib/openssl 2>/dev/null || :
 fi
-%endif
 
 %files
 %defattr(644,root,root,755)
@@ -352,32 +412,21 @@ fi
 %doc doc/openssl_button.gif doc/openssl_button.html
 %attr(755,root,root) /%{_lib}/libcrypto.so.*.*.*
 %attr(755,root,root) /%{_lib}/libssl.so.*.*.*
-%dir /%{_lib}/engines
-%attr(755,root,root) /%{_lib}/engines/*.so
-%if "%{pld_release}" == "ti"
-%dir %{_var}/lib/%{name}
-%dir %{_var}/lib/%{name}/certs
-%dir %{_var}/lib/%{name}/private
-%dir %{_sysconfdir}/%{name}
-%attr(755,root,root) %{_sysconfdir}/%{name}/certs
-%attr(755,root,root) %{_sysconfdir}/%{name}/private
-%else
 %dir %{_sysconfdir}/%{name}
 %dir %{_sysconfdir}/%{name}/certs
 %dir %{_sysconfdir}/%{name}/private
-%endif
 %dir %{_datadir}/ssl
 
+%files engines
+%defattr(644,root,root,755)
+%dir /%{_lib}/engines
+%attr(755,root,root) /%{_lib}/engines/*.so
+
 %files tools
 %defattr(644,root,root,755)
-%if "%{pld_release}" == "ti"
-%{_sysconfdir}/%{name}/openssl.cnf
-%config(noreplace) %verify(not md5 mtime size) %{_var}/lib/%{name}/openssl.cnf
-%else
 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/openssl.cnf
-%endif
-%attr(755,root,root) %{_bindir}/%{name}
 %attr(755,root,root) %{_bindir}/c_rehash.sh
+%attr(755,root,root) %{_bindir}/openssl
 %attr(754,root,root) %{_bindir}/ssl-certificate
 
 %dir %{_libdir}/%{name}
@@ -391,6 +440,7 @@ fi
 %{_mandir}/man1/openssl_asn1parse.1*
 %{_mandir}/man1/openssl_ca.1*
 %{_mandir}/man1/openssl_ciphers.1*
+%{_mandir}/man1/openssl_cms.1*
 %{_mandir}/man1/openssl_crl.1*
 %{_mandir}/man1/openssl_crl2pkcs7.1*
 %{_mandir}/man1/openssl_dgst.1*
@@ -402,6 +452,7 @@ fi
 %{_mandir}/man1/openssl_enc.1*
 %{_mandir}/man1/openssl_errstr.1*
 %{_mandir}/man1/openssl_gendsa.1*
+%{_mandir}/man1/openssl_genpkey.1*
 %{_mandir}/man1/openssl_genrsa.1*
 %{_mandir}/man1/openssl_nseq.1*
 %{_mandir}/man1/openssl_ocsp.1*
@@ -409,6 +460,9 @@ fi
 %{_mandir}/man1/openssl_pkcs12.1*
 %{_mandir}/man1/openssl_pkcs7.1*
 %{_mandir}/man1/openssl_pkcs8.1*
+%{_mandir}/man1/openssl_pkey.1*
+%{_mandir}/man1/openssl_pkeyparam.1*
+%{_mandir}/man1/openssl_pkeyutl.1*
 %{_mandir}/man1/openssl_rand.1*
 %{_mandir}/man1/openssl_req.1*
 %{_mandir}/man1/openssl_rsa.1*
@@ -420,6 +474,8 @@ fi
 %{_mandir}/man1/openssl_smime.1*
 %{_mandir}/man1/openssl_speed.1*
 %{_mandir}/man1/openssl_spkac.1*
+%{_mandir}/man1/openssl_ts.1*
+%{_mandir}/man1/openssl_tsget.1*
 %{_mandir}/man1/openssl_verify.1*
 %{_mandir}/man1/openssl_version.1*
 %{_mandir}/man1/openssl_x509.1*
@@ -431,7 +487,9 @@ fi
 %defattr(644,root,root,755)
 %attr(755,root,root) %{_bindir}/c_rehash
 %attr(755,root,root) %{_libdir}/%{name}/CA.pl
+%attr(755,root,root) %{_libdir}/%{name}/tsget
 %{_mandir}/man1/openssl_CA.pl.1*
+%{_mandir}/man1/openssl_c_rehash.1*
 
 %files devel
 %defattr(644,root,root,755)
@@ -446,4 +504,5 @@ fi
 
 %files static
 %defattr(644,root,root,755)
-%{_libdir}/lib*.a
+%{_libdir}/libcrypto.a
+%{_libdir}/libssl.a