/[packages]/updates/3/openssl/current/SPECS/openssl.spec
ViewVC logotype

Contents of /updates/3/openssl/current/SPECS/openssl.spec

Parent Directory Parent Directory | Revision Log Revision Log


Revision 619695 - (show annotations) (download)
Fri May 2 18:58:23 2014 UTC (6 years, 7 months ago) by luigiwalser
File size: 10916 byte(s)
rediff patch from openbsd to fix CVE-2014-0198
1 %define maj 1.0.0
2 %define engines_name %mklibname openssl-engines %{maj}
3 %define libname %mklibname openssl %{maj}
4 %define develname %mklibname openssl -d
5 %define staticname %mklibname openssl -s -d
6
7 %define conflict1 %mklibname openssl 0.9.7
8 %define conflict2 %mklibname openssl 0.9.8
9
10 # Number of threads to spawn when testing some threading fixes.
11 #define thread_test_threads %{?threads:%{threads}}%{!?threads:1}
12
13 %define with_krb5 1
14
15 Summary: Secure Sockets Layer communications libs & utils
16 Name: openssl
17 Version: 1.0.1e
18 %define subrel 8
19 Release: %mkrel 1
20 License: BSD-like
21 Group: System/Libraries
22 URL: http://www.openssl.org/
23 Source0: http://www.openssl.org/source/%{name}-%{version}.tar.gz
24 Source1: http://www.openssl.org/source/%{name}-%{version}.tar.gz.asc
25 Source2: Makefile.certificate
26 Source3: make-dummy-cert
27 Source4: openssl-thread-test.c
28 # (gb) 0.9.7b-4mdk: Handle RPM_OPT_FLAGS in Configure
29 Patch2: openssl-1.0.1c-optflags.patch
30 # (oe) support Brazilian Government OTHERNAME X509v3 field (#14158)
31 # http://www.iti.gov.br/resolucoes/RESOLU__O_13_DE_26_04_2002.PDF
32 Patch6: openssl-0.9.8-beta6-icpbrasil.diff
33 # http://qa.mandriva.com/show_bug.cgi?id=32621
34 Patch15: openssl-0.9.8e-crt.patch
35 Patch5: openssl-1.0.1g-use-after-free.patch
36 # upstream patches
37 Patch8: openssl.git-147dbb2fe3bead7a10e2f280261b661ce7af7adc.patch
38 Patch9: openssl-1.0.1e-cve-2013-4353.patch
39 Patch10: openssl-1.0.1e-cve-2013-6450.patch
40 Patch11: openssl-1.0.0l-CVE-2014-0076.patch
41 Patch12: openssl-1.0.1f-CVE-2014-0160.patch
42 Patch19: openssl-1.0.1e-extension-checking-fixes.patch
43 Patch20: openssl-1.0.1g-CVE-2014-0198.patch
44
45 # fedora patches
46 Patch7: openssl-1.0.0f-defaults.patch
47 Patch13: openssl-0.9.6-x509.patch
48 Patch14: openssl-0.9.8j-version-add-engines.patch
49 Patch16: openssl-1.0.0-beta5-enginesdir.patch
50 Patch17: openssl-1.0.1-pkgconfig-krb5.patch
51 Patch18: openssl-1.0.1e-cve-2013-6449.patch
52
53 # MIPS and ARM support
54 Patch300: openssl-1.0.1c-mips.patch
55 Patch301: openssl-1.0.1c-arm.patch
56 Requires: %{libname} = %{version}-%{release}
57 Requires: perl-base
58 Requires: rootcerts
59 %if %with_krb5
60 BuildRequires: krb5-devel
61 %endif
62 BuildRequires: multiarch-utils >= 1.0.3
63 BuildRequires: chrpath
64 BuildRequires: zlib-devel
65 # (tv) for test suite:
66 BuildRequires: bc
67
68 %description
69 The openssl certificate management tool and the shared libraries that provide
70 various encryption and decription algorithms and protocols, including DES, RC4,
71 RSA and SSL.
72
73 %package -n %{engines_name}
74 Summary: Engines for openssl
75 Group: System/Libraries
76 Obsoletes: openssl-engines < 1.0.0a-5
77 Provides: openssl-engines = %{version}-%{release}
78
79 %description -n %{engines_name}
80 This package provides engines for openssl.
81
82 %package -n %{libname}
83 Summary: Secure Sockets Layer communications libs
84 Group: System/Libraries
85 Requires: %{engines_name} >= %{version}-%{release}
86 Provides: %{libname} = %{version}-%{release}
87
88 %description -n %{libname}
89 The libraries files are needed for various cryptographic algorithms
90 and protocols, including DES, RC4, RSA and SSL.
91
92 %package -n %{develname}
93 Summary: Secure Sockets Layer communications libs & headers & utils
94 Group: Development/Other
95 Requires: %{libname} = %{version}-%{release}
96 Provides: libopenssl-devel
97 Provides: openssl-devel = %{version}-%{release}
98 Obsoletes: openssl-devel
99 # temporary opsolete, will be a conflict later. a compat package
100 # with openssl-0.9.7 devel libs will be provided soon
101 Obsoletes: %{conflict1}-devel
102 Obsoletes: %{conflict2}-devel
103 Obsoletes: %{mklibname openssl 1.0.0}-devel
104 Provides: %{name}-devel = %{version}-%{release}
105
106 %description -n %{develname}
107 The libraries and include files needed to compile apps with support
108 for various cryptographic algorithms and protocols, including DES, RC4, RSA
109 and SSL.
110
111 %package -n %{staticname}
112 Summary: Secure Sockets Layer communications static libs
113 Group: Development/Other
114 Requires: %{develname} = %{version}-%{release}
115 Provides: libopenssl-static-devel
116 Provides: openssl-static-devel = %{version}-%{release}
117 # temporary opsolete, will be a conflict later. a compat package
118 # with openssl-0.9.7 static-devel libs will be provided soon
119 Obsoletes: %{conflict1}-static-devel
120 Obsoletes: %{conflict2}-static-devel
121 Obsoletes: %{mklibname openssl 1.0.0}-static-devel
122 Provides: %{name}-static-devel = %{version}-%{release}
123
124 %description -n %{staticname}
125 The static libraries needed to compile apps with support for various
126 cryptographic algorithms and protocols, including DES, RC4, RSA and SSL.
127
128 %prep
129
130 %setup -q -n %{name}-%{version}
131 %patch2 -p1 -b .optflags
132 %patch6 -p0 -b .icpbrasil
133 %patch7 -p1 -b .defaults
134 %patch8 -p1 -b .SSL_get_certificate
135 %patch13 -p1 -b .x509
136 %patch14 -p1 -b .version-add-engines
137 %patch15 -p1 -b .crt
138 %patch16 -p1 -b .engines
139 %patch17 -p1 -b .krb5
140 %patch18 -p1 -b .hash-crash
141 %patch9 -p1 -b .cve-2013-4353
142 %patch10 -p1 -b .cve-2013-6450
143 %patch11 -p1 -b .CVE-2014-0076
144 %patch12 -p1 -b .CVE-2014-0160
145 %patch5 -p3 -b .CVE-2010-5298
146 %patch19 -p1 -b .extension-checking-fixes
147 %patch20 -p4 -b .CVE-2014-0198
148
149 %patch300 -p1 -b .mips
150 %patch301 -p1 -b .arm
151
152 perl -pi -e "s,^(OPENSSL_LIBNAME=).+$,\1%{_lib}," Makefile.org engines/Makefile
153
154 cp %{SOURCE2} Makefile.certificate
155 cp %{SOURCE3} make-dummy-cert
156 cp %{SOURCE4} openssl-thread-test.c
157
158 %build
159 %serverbuild
160
161 # Figure out which flags we want to use.
162 # default
163 sslarch=%{_os}-%{_arch}
164 %ifarch %ix86
165 sslarch=linux-elf
166 if ! echo %{_target} | grep -q i[56]86 ; then
167 sslflags="no-asm"
168 fi
169 %endif
170 %ifarch sparcv9
171 sslarch=linux-sparcv9
172 %endif
173 %ifarch alpha
174 sslarch=linux-alpha-gcc
175 %endif
176 %ifarch s390
177 sslarch="linux-generic32 -DB_ENDIAN -DNO_ASM"
178 %endif
179 %ifarch s390x
180 sslarch="linux-generic64 -DB_ENDIAN -DNO_ASM"
181 %endif
182
183 # ia64, x86_64, ppc, ppc64 are OK by default
184 # Configure the build tree. Override OpenSSL defaults with known-good defaults
185 # usable on all platforms. The Configure script already knows to use -fPIC and
186 # RPM_OPT_FLAGS, so we can skip specifiying them here.
187 ./Configure \
188 --prefix=%{_prefix} \
189 --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
190 --libdir=%{_lib}/ \
191 %if %with_krb5
192 --with-krb5-flavor=MIT --with-krb5-dir=%{_prefix} \
193 %endif
194 --enginesdir=%{_libdir}/openssl/%{version}/engines \
195 zlib no-idea no-rc5 enable-camellia shared enable-tlsext ${sslarch}
196
197 # Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
198 # marked as not requiring an executable stack.
199 RPM_OPT_FLAGS="%{optflags} -Wa,--noexecstack"
200 make depend
201 make all build-shared
202
203 # Generate hashes for the included certs.
204 make rehash build-shared
205
206 %check
207 # Verify that what was compiled actually works.
208 export LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
209
210 make -C test apps tests
211
212 gcc -o openssl-thread-test \
213 %{?_with_krb5:`krb5-config --cflags`} \
214 -I./include \
215 %{optflags} \
216 openssl-thread-test.c \
217 -L. -lssl -lcrypto \
218 %{?_with_krb5:`krb5-config --libs`} \
219 -lpthread -lz -ldl
220
221 ./openssl-thread-test --threads %{thread_test_threads}
222
223 %install
224 rm -fr %{buildroot}
225
226 %makeinstall \
227 INSTALL_PREFIX=%{buildroot} \
228 MANDIR=%{_mandir} \
229 build-shared
230
231 install -d -m 755 %{buildroot}%{_libdir}/openssl/%{version}
232 mv %{buildroot}%{_libdir}/engines %{buildroot}%{_libdir}/openssl/%{version}
233
234 # make the rootcerts dir
235 install -d %{buildroot}%{_sysconfdir}/pki/tls/rootcerts
236
237 # Install a makefile for generating keys and self-signed certs, and a script
238 # for generating them on the fly.
239 install -d %{buildroot}%{_sysconfdir}/pki/tls/certs
240 install -m0644 Makefile.certificate %{buildroot}%{_sysconfdir}/pki/tls/certs/Makefile
241 install -m0755 make-dummy-cert %{buildroot}%{_sysconfdir}/pki/tls/certs/make-dummy-cert
242
243 # Pick a CA script.
244 mv %{buildroot}%{_sysconfdir}/pki/tls/misc/CA.sh %{buildroot}%{_sysconfdir}/pki/tls/misc/CA
245
246 install -d %{buildroot}%{_sysconfdir}/pki/CA
247 install -d %{buildroot}%{_sysconfdir}/pki/CA/private
248
249 # openssl was named ssleay in "ancient" times.
250 ln -snf openssl %{buildroot}%{_bindir}/ssleay
251
252 # The man pages rand.3 and passwd.1 conflict with other packages
253 # Rename them to ssl-* and also make a symlink from openssl-* to ssl-*
254 mv %{buildroot}%{_mandir}/man1/passwd.1 %{buildroot}%{_mandir}/man1/ssl-passwd.1
255 ln -sf ssl-passwd.1%{_extension} %{buildroot}%{_mandir}/man1/openssl-passwd.1%{_extension}
256
257 for i in rand err; do
258 mv %{buildroot}%{_mandir}/man3/$i.3 %{buildroot}%{_mandir}/man3/ssl-$i.3
259 ln -snf ssl-$i.3%{_extension} %{buildroot}%{_mandir}/man3/openssl-$i.3%{_extension}
260 done
261
262 rm -rf {main,devel}-doc-info
263 mkdir -p {main,devel}-doc-info
264 cat > main-doc-info/README.mga <<EOF
265 Warning:
266 The man page of passwd, passwd.1, has been renamed to ssl-passwd.1
267 to avoid a conflict with passwd.1 man page from the package passwd.
268 EOF
269
270 cat > devel-doc-info/README.mga <<EOF
271 Warning:
272 The man page of rand, rand.3, has been renamed to ssl-rand.3
273 to avoid a conflict with rand.3 from the package man-pages
274 The man page of err, err.3, has been renamed to ssl-err.3
275 to avoid a conflict with err.3 from the package man-pages
276 EOF
277
278 chmod 755 %{buildroot}%{_libdir}/pkgconfig
279
280 %multiarch_includes %{buildroot}%{_includedir}/openssl/opensslconf.h
281
282 # strip cannot touch these unless 755
283 chmod 755 %{buildroot}%{_libdir}/openssl/%{version}/engines/*.so*
284 chmod 755 %{buildroot}%{_libdir}/*.so*
285 chmod 755 %{buildroot}%{_bindir}/*
286
287 # nuke a mistake
288 rm -f %{buildroot}%{_mandir}/man3/.3
289
290 # nuke rpath
291 chrpath -d %{buildroot}%{_bindir}/openssl
292
293 # Fix libdir.
294 pushd %{buildroot}%{_libdir}/pkgconfig
295 for i in *.pc ; do
296 sed 's,^libdir=${exec_prefix}/lib$,libdir=${exec_prefix}/%{_lib},g' \
297 $i >$i.tmp && \
298 cat $i.tmp >$i && \
299 rm -f $i.tmp
300 done
301 popd
302
303 # adjust ssldir
304 perl -pi -e "s|^CATOP=.*|CATOP=%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfdir}/pki/tls/misc/CA
305 perl -pi -e "s|^\\\$CATOP\=\".*|\\\$CATOP\=\"%{_sysconfdir}/pki/tls\";|g" %{buildroot}%{_sysconfdir}/pki/tls/misc/CA.pl
306 perl -pi -e "s|\./demoCA|%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfdir}/pki/tls/openssl.cnf
307
308 %files
309 %doc FAQ INSTALL LICENSE NEWS PROBLEMS main-doc-info/README*
310 %doc README README.ASN1 README.ENGINE
311 %dir %{_sysconfdir}/pki
312 %dir %{_sysconfdir}/pki/CA
313 %dir %{_sysconfdir}/pki/CA/private
314 %dir %{_sysconfdir}/pki/tls
315 %dir %{_sysconfdir}/pki/tls/certs
316 %dir %{_sysconfdir}/pki/tls/misc
317 %dir %{_sysconfdir}/pki/tls/private
318 %dir %{_sysconfdir}/pki/tls/rootcerts
319 %config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
320 %{_sysconfdir}/pki/tls/certs/make-dummy-cert
321 %{_sysconfdir}/pki/tls/certs/Makefile
322 %{_sysconfdir}/pki/tls/misc/*
323 %{_bindir}/*
324 %{_mandir}/man[157]/*
325
326 %files -n %{libname}
327 %doc FAQ INSTALL LICENSE NEWS PROBLEMS README*
328 %{_libdir}/lib*.so.%{maj}
329
330 %files -n %{engines_name}
331 %{_libdir}/openssl
332
333 %files -n %{develname}
334 %doc CHANGES doc/* devel-doc-info/README*
335 %dir %{_includedir}/openssl
336 %multiarch %{multiarch_includedir}/openssl/opensslconf.h
337 %{_includedir}/openssl/*
338 %{_libdir}/lib*.so
339 %{_mandir}/man3/*
340 %{_libdir}/pkgconfig/*
341
342 %files -n %{staticname}
343 %{_libdir}/lib*.a

  ViewVC Help
Powered by ViewVC 1.1.28