X-Git-Url: http://git.pld-linux.org/?p=packages%2Fopenssl.git;a=blobdiff_plain;f=openssl.spec;h=78c7df4e982800f77ce525e3bf2235a44b743636;hp=32cb1628ddcff98df392eca0eed08eba8feee6e4;hb=474266d55b2c00ed0019c7defe132406b4b0d1df;hpb=3f83253152e593ca54259d27ffa94d5280b3dfa4 diff --git a/openssl.spec b/openssl.spec index 32cb162..78c7df4 100644 --- a/openssl.spec +++ b/openssl.spec @@ -1,16 +1,13 @@ # TODO # - consider dropping last optflags.patch hunk and return to SOMAJOR (.so.1) sonames -# - unpackaged: -#%{_mandir}/man1/dss1.1 -#%{_mandir}/man1/openssl_c_rehash.1* -#%{_mandir}/man1/sha224.1 -#%{_mandir}/man1/sha256.1 -#%{_mandir}/man1/sha384.1 -#%{_mandir}/man1/sha512.1 +# - find a way to simplify (drop) openssl-optflags.patch, it's pain to update here in pld # # Conditional build: %bcond_without tests # don't perform "make tests" -%bcond_with purify # Compile openssl with \-DPURIFY, useful when one wants to +%bcond_without zlib # zlib: note - enables CVE-2012-4929 vulnerability +%bcond_without sslv2 # SSLv2: note - many flaws http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_2.0 +%bcond_without sslv3 # SSLv3: note - enables CVE-2014-3566 vulnerability +%bcond_with purify # Compile openssl with "-DPURIFY", useful when one wants to # use valgrind debugger against openssl-linked programs %include /usr/lib/rpm/macros.perl @@ -23,28 +20,32 @@ Summary(pt_BR.UTF-8): Uma biblioteca C que fornece vários algoritmos e protocol Summary(ru.UTF-8): Библиотеки и утилиты для соединений через Secure Sockets Layer Summary(uk.UTF-8): Бібліотеки та утиліти для з'єднань через Secure Sockets Layer Name: openssl -Version: 1.0.1j +# 1.0.2 will be LTS release +# Version 1.0.2 will be supported until 2019-12-31. +# https://www.openssl.org/about/releasestrat.html +Version: 1.0.2e Release: 1 License: Apache-like Group: Libraries Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz -# Source0-md5: f7175c9cd3c39bb1907ac8bba9df8ed3 +# Source0-md5: 2218c1a6f807f7206c11eb3ee3a5ec80 +Source1: https://raw.githubusercontent.com/openssl/openssl/OpenSSL_1_0_2-stable/util/pod2mantest +# Source1-md5: 0811d285202cebe91003771475802b4f +Source11: https://raw.githubusercontent.com/openssl/openssl/OpenSSL_1_0_2-stable/test/bctest +# Source11-md5: ca85ae891de94faa821c2c6f4dba7f5a Source2: %{name}.1.pl Source3: %{name}-ssl-certificate.sh Source4: %{name}-c_rehash.sh Patch0: %{name}-alpha-ccc.patch Patch1: %{name}-optflags.patch -Patch2: %{name}-globalCA.diff -Patch3: %{name}-include.patch -Patch4: %{name}-man-namespace.patch -Patch5: %{name}-asflag.patch -Patch6: %{name}-ca-certificates.patch -Patch7: %{name}-ldflags.patch -Patch8: %{name}-find.patch -# from debian -Patch10: default_bits.patch -Patch11: pic.patch -Patch12: stddef.patch +Patch2: %{name}-include.patch +Patch3: %{name}-man-namespace.patch +Patch4: %{name}-asflag.patch +Patch5: %{name}-ca-certificates.patch +Patch6: %{name}-ldflags.patch +Patch7: %{name}-find.patch +Patch8: pic.patch +Patch10: %{name}_fix_for_x32.patch URL: http://www.openssl.org/ BuildRequires: bc BuildRequires: perl-devel >= 1:5.6.1 @@ -57,9 +58,16 @@ Obsoletes: SSLeay Obsoletes: SSLeay-devel Obsoletes: SSLeay-perl Obsoletes: libopenssl0 +%if "%{pld_release}" == "ac" +Conflicts: neon < 0.26.3-3 +Conflicts: ntpd < 4.2.4p8-10 +Conflicts: openssh-clients < 2:5.8p1-9 +Conflicts: openssh-server < 2:5.8p1-9 +%else Conflicts: neon < 0.29.6-8 Conflicts: openssh-clients < 2:6.2p2-3 Conflicts: openssh-server < 2:6.2p2-3 +%endif BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) %description @@ -261,11 +269,20 @@ RC4, RSA и SSL. Включает статические библиотеки д %patch7 -p1 %patch8 -p1 %patch10 -p1 -%patch11 -p1 -%patch12 -p1 sed -i -e 's|\$prefix/\$libdir/engines|/%{_lib}/engines|g' Configure +# fix packaging error +# https://github.com/openssl/openssl/issues/491 +ln -s . test/openssl-1.0.2e + +# also pod2man missing +# https://github.com/openssl/openssl/issues/490 +install -p %{SOURCE1} util + +# https://github.com/openssl/openssl/issues/493 +install -p %{SOURCE11} test + %build touch Makefile.* @@ -278,16 +295,21 @@ PERL="%{__perl}" \ --libdir=%{_lib} \ shared \ threads \ - zlib \ - enable-tlsext \ - enable-seed \ - enable-rfc3779 \ + %{!?with_sslv2:no-ssl2} \ + %{!?with_sslv3:no-ssl3} \ + %{!?with_zlib:no-}zlib \ enable-camelia \ enable-cms \ enable-idea \ - enable-mdc2 \ enable-md2 \ + enable-mdc2 \ enable-rc5 \ + enable-rfc3779 \ + enable-seed \ + enable-tlsext \ +%ifarch %{x8664} + enable-ec_nistp_64_gcc_128 \ +%endif %ifarch %{ix86} %ifarch i386 386 linux-elf @@ -302,6 +324,9 @@ PERL="%{__perl}" \ %ifarch %{x8664} linux-x86_64 %endif +%ifarch x32 + linux-x32 +%endif %ifarch ia64 linux-ia64 %endif @@ -363,7 +388,7 @@ mv -f $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc/* $RPM_BUILD_ROOT%{_libdir}/%{n rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/misc # not installed as individual utilities (see openssl dgst instead) -%{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/{md2,md4,md5,mdc2,ripemd160,sha,sha1}.1 +%{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/{dss1,md2,md4,md5,mdc2,ripemd160,sha,sha1,sha224,sha256,sha384,sha512}.1 cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_mandir}/pl/man1/openssl.1 install -p %{SOURCE3} $RPM_BUILD_ROOT%{_bindir}/ssl-certificate @@ -401,7 +426,7 @@ fi %files %defattr(644,root,root,755) %doc CHANGES CHANGES.SSLeay LICENSE NEWS README doc/*.txt -%doc doc/openssl_button.gif doc/openssl_button.html +#%doc doc/openssl_button.gif doc/openssl_button.html %attr(755,root,root) /%{_lib}/libcrypto.so.*.*.* %attr(755,root,root) /%{_lib}/libssl.so.*.*.* %dir %{_sysconfdir}/%{name} @@ -481,6 +506,7 @@ fi %attr(755,root,root) %{_libdir}/%{name}/CA.pl %attr(755,root,root) %{_libdir}/%{name}/tsget %{_mandir}/man1/openssl_CA.pl.1* +%{_mandir}/man1/openssl_c_rehash.1* %files devel %defattr(644,root,root,755)