/[packages]/updates/8/openssl/current/SPECS/openssl.spec
ViewVC logotype

Annotation of /updates/8/openssl/current/SPECS/openssl.spec

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1762133 - (hide annotations) (download)
Tue Dec 14 22:39:38 2021 UTC (2 years, 3 months ago) by luigiwalser
File size: 9667 byte(s)
- 1.1.1m
- rediff patches 41 and 49

1 guillomovitch 1431659 %define maj 1.1
2     %define libname %mklibname openssl %{maj}
3     %define develname %mklibname openssl -d
4     %define staticname %mklibname openssl -s -d
5 blino 733
6 guillomovitch 1431659 %define with_krb5 0
7 blino 733
8 guillomovitch 1431659 Summary: Secure Sockets Layer communications libs & utils
9     Name: openssl
10 luigiwalser 1762133 Version: 1.1.1m
11 ns80 1559124 Release: %mkrel 1
12 guillomovitch 1431659 License: BSD-like
13     Group: System/Libraries
14     URL: http://www.openssl.org/
15     Source0: http://www.openssl.org/source/%{name}-%{version}.tar.gz
16     Source1: http://www.openssl.org/source/%{name}-%{version}.tar.gz.asc
17     Source2: Makefile.certificate
18     Source4: openssl-thread-test.c
19     Source6: make-dummy-cert
20     Source7: renew-dummy-cert
21     Source12: ec_curve.c
22     Source13: ectest.c
23 blino 733
24 guillomovitch 256937 # fedora patches
25 guillomovitch 1431659 Patch1: openssl-1.1.1-build.patch
26     Patch2: openssl-1.1.1-defaults.patch
27     Patch3: openssl-1.1.0-no-html.patch
28     Patch4: openssl-1.1.1-man-rename.patch
29     Patch21: openssl-1.1.0-issuer-hash.patch
30     Patch31: openssl-1.1.1-conf-paths.patch
31     Patch32: openssl-1.1.1-version-add-engines.patch
32     Patch33: openssl-1.1.1-apps-dgst.patch
33     Patch36: openssl-1.1.1-no-brainpool.patch
34     Patch37: openssl-1.1.1-ec-curves.patch
35     Patch38: openssl-1.1.1-no-weak-verify.patch
36     Patch40: openssl-1.1.1-disable-ssl3.patch
37     Patch41: openssl-1.1.1-system-cipherlist.patch
38     Patch45: openssl-1.1.1-weak-ciphers.patch
39     Patch46: openssl-1.1.1-seclevel.patch
40     Patch47: openssl-1.1.1-ts-sha256-default.patch
41     Patch49: openssl-1.1.1-evp-kdf.patch
42     Patch50: openssl-1.1.1-ssh-kdf.patch
43     # Backported fixes including security fixes
44 guillomovitch 256937
45 blino 733 # MIPS and ARM support
46 guillomovitch 1431659 Patch300: openssl-1.0.2a-mips.patch
47     Patch301: openssl-1.0.2a-arm.patch
48 wally 1228710
49 neoclust 1693005 #
50     # Security patches
51     # Patches 1000 -> ...
52     #
53     Patch1000: openssl-1.1.0-CVE-2021-23840.patch
54    
55 guillomovitch 1431659 Requires: %{libname} = %{version}-%{release}
56     Requires: rootcerts
57 guillomovitch 337573 %if %with_krb5
58 guillomovitch 1431659 BuildRequires: krb5-devel
59 guillomovitch 337573 %endif
60 guillomovitch 1431659 BuildRequires: multiarch-utils >= 1.0.3
61     BuildRequires: chrpath
62     BuildRequires: pkgconfig(zlib)
63     BuildRequires: pkgconfig(libsctp)
64 blino 733 # (tv) for test suite:
65 guillomovitch 1431659 BuildRequires: bc
66 blino 733
67     %description
68     The openssl certificate management tool and the shared libraries that provide
69     various encryption and decription algorithms and protocols, including DES, RC4,
70     RSA and SSL.
71    
72 guillomovitch 1431659 %package -n %{libname}
73     Summary: Secure Sockets Layer communications libs
74     Group: System/Libraries
75     Requires: crypto-policies
76     Provides: %{libname} = %{version}-%{release}
77 blino 733
78 guillomovitch 1431659 %description -n %{libname}
79 blino 733 The libraries files are needed for various cryptographic algorithms
80     and protocols, including DES, RC4, RSA and SSL.
81    
82 guillomovitch 1431659 %package -n %{develname}
83     Summary: Secure Sockets Layer communications libs & headers & utils
84     Group: Development/Other
85     Requires: %{libname} = %{version}-%{release}
86     Provides: libopenssl-devel
87     Provides: %{name}-devel = %{version}-%{release}
88     Obsoletes: %{mklibname openssl 1.0.0}-devel
89 blino 733
90 guillomovitch 1431659 %description -n %{develname}
91 blino 733 The libraries and include files needed to compile apps with support
92     for various cryptographic algorithms and protocols, including DES, RC4, RSA
93     and SSL.
94    
95 guillomovitch 1431659 %package -n %{staticname}
96     Summary: Secure Sockets Layer communications static libs
97     Group: Development/Other
98     Requires: %{develname} = %{version}-%{release}
99     Provides: libopenssl-static-devel
100     Provides: %{name}-static-devel = %{version}-%{release}
101     Obsoletes: %{mklibname openssl 1.0.0}-static-devel
102 blino 733
103 guillomovitch 1431659 %description -n %{staticname}
104 blino 733 The static libraries needed to compile apps with support for various
105     cryptographic algorithms and protocols, including DES, RC4, RSA and SSL.
106    
107 guillomovitch 1431659 %package perl
108     Summary: Perl scripts provided with OpenSSL
109     Group: System/Libraries
110     Requires: %{name}%{?_isa} = %{version}-%{release}
111     Conflicts: %name <= 1.0.2h-1.mga6
112 tv 1020393
113 guillomovitch 1431659 %description perl
114 tv 1020393 OpenSSL is a toolkit for supporting cryptography. The openssl-perl
115     package provides Perl scripts for converting certificates and keys
116     from other formats to the formats used by the OpenSSL toolkit.
117    
118 blino 733 %prep
119 ovitters 877880 %setup -q
120 guillomovitch 1133938
121     cp %{SOURCE12} crypto/ec/
122     cp %{SOURCE13} test/
123    
124 guillomovitch 1431659 %patch1 -p1 -b .build
125     %patch2 -p1 -b .default
126 guillomovitch 1133938 %patch3 -p1 -b .no-html
127 guillomovitch 1431659 %patch4 -p1 -b .man-rename
128 blino 733
129 guillomovitch 1133938 %patch21 -p1 -b .issuer-hash
130 guillomovitch 1431659
131 guillomovitch 1133938 %patch31 -p1 -b .ca-dir
132     %patch32 -p1 -b .version-add-engines
133     %patch33 -p1 -b .dgst
134 guillomovitch 1431659 %patch36 -p1 -b .no-brainpool
135 guillomovitch 1133938 %patch37 -p1 -b .curves
136 guillomovitch 1431659 %patch38 -p1 -b .no-weak-verify
137 guillomovitch 1133938 %patch40 -p1 -b .disable-ssl3
138     %patch41 -p1 -b .system-cipherlist
139     %patch45 -p1 -b .weak-ciphers
140 guillomovitch 1431659 %patch46 -p1 -b .seclevel
141     %patch47 -p1 -b .ts-sha256-defaul
142     %patch49 -p1 -b .evp-kdf
143     %patch50 -p1 -b .ssh-kdf
144 blino 733
145 neoclust 1693005 #patch1000 -p1
146    
147 guillomovitch 1133938 #perl -pi -e "s,^(OPENSSL_LIBNAME=).+$,\1%{_lib}," Makefile.org engines/Makefile
148 blino 733
149 akien 1104774 %build
150 blino 733 %serverbuild
151    
152     # Figure out which flags we want to use.
153     # default
154 guillomovitch 1133938 sslarch=%{_os}-%{_target_cpu}
155 blino 733 %ifarch %ix86
156     sslarch=linux-elf
157     if ! echo %{_target} | grep -q i[56]86 ; then
158 guillomovitch 1133938 sslflags="no-asm 386"
159 blino 733 fi
160     %endif
161 guillomovitch 1133938 %ifarch x86_64
162     sslflags=enable-ec_nistp_64_gcc_128
163 blino 733 %endif
164 guillomovitch 1133938 %ifarch %{arm}
165     sslarch=linux-armv4
166 blino 733 %endif
167    
168 guillomovitch 1133938 # Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
169     # marked as not requiring an executable stack.
170     # Also add -DPURIFY to make using valgrind with openssl easier as we do not
171     # want to depend on the uninitialized memory as a source of entropy anyway.
172 guillomovitch 1431659 RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -Wa,--generate-missing-build-notes=yes -DPURIFY $RPM_LD_FLAGS"
173 guillomovitch 1133938
174 blino 733 # ia64, x86_64, ppc, ppc64 are OK by default
175     # Configure the build tree. Override OpenSSL defaults with known-good defaults
176     # usable on all platforms. The Configure script already knows to use -fPIC and
177     # RPM_OPT_FLAGS, so we can skip specifiying them here.
178     ./Configure \
179 guillomovitch 256937 --prefix=%{_prefix} \
180 blino 733 --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
181 guillomovitch 1133938 --system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \
182 guillomovitch 337573 %if %with_krb5
183 guillomovitch 256938 --with-krb5-flavor=MIT --with-krb5-dir=%{_prefix} \
184 guillomovitch 337573 %endif
185 guillomovitch 1431659 zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
186 guillomovitch 1133938 enable-cms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method \
187 guillomovitch 1431659 enable-weak-ssl-ciphers \
188     no-mdc2 no-ec2m no-sm2 no-sm4 \
189     shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\""'
190 blino 733
191 guillomovitch 1133938 util/mkdef.pl crypto update
192 blino 733
193 guillomovitch 1133938 make all
194 blino 733
195     %check
196 guillomovitch 1431659 %ifnarch %ix86
197 guillomovitch 1133938
198 guillomovitch 1431659 (sysctl net.sctp.addip_enable=1 && sysctl net.sctp.auth_enable=1) || \
199     (echo 'Failed to enable SCTP AUTH chunks, disabling SCTP for tests...' &&
200     sed '/"zlib-dynamic" => "default",/a\ \ "sctp" => "default",' configdata.pm > configdata.pm.new && \
201     touch -r configdata.pm configdata.pm.new && \
202     mv -f configdata.pm.new configdata.pm)
203    
204 guillomovitch 1133938 # We must revert patch31 before tests otherwise they will fail
205     patch -p1 -R < %{PATCH31}
206    
207 blino 733 export LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
208 guillomovitch 1133938 export OPENSSL_ENABLE_MD5_VERIFY=
209 guillomovitch 1431659 export OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file
210 blino 733
211 ns80 1256515 make test
212     %endif
213 blino 733
214     %install
215 guillomovitch 1133938 %make_install
216 blino 733
217     # make the rootcerts dir
218     install -d %{buildroot}%{_sysconfdir}/pki/tls/rootcerts
219    
220     # Install a makefile for generating keys and self-signed certs, and a script
221     # for generating them on the fly.
222 guillomovitch 1133938 mkdir -p %{buildroot}%{_sysconfdir}/pki/tls/certs
223     install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pki/tls/certs/Makefile
224     install -m 755 %{SOURCE6} %{buildroot}%{_bindir}/make-dummy-cert
225     install -m 755 %{SOURCE7} %{buildroot}%{_bindir}/renew-dummy-cert
226 blino 733
227 guillomovitch 1133938 # Move runable perl scripts to bindir
228     mv %{buildroot}%{_sysconfdir}/pki/tls/misc/*.pl %{buildroot}%{_bindir}
229     mv %{buildroot}%{_sysconfdir}/pki/tls/misc/tsget %{buildroot}%{_bindir}
230 blino 733
231     install -d %{buildroot}%{_sysconfdir}/pki/CA
232     install -d %{buildroot}%{_sysconfdir}/pki/CA/private
233 guillomovitch 1133938 install -d %{buildroot}%{_sysconfdir}/pki/CA/certs
234     install -d %{buildroot}%{_sysconfdir}/pki/CA/crl
235     install -d %{buildroot}%{_sysconfdir}/pki/CA/newcerts
236 blino 733
237 guillomovitch 1133938 rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf.dist
238 guillomovitch 1431659 rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf.dist
239 blino 733
240 guillomovitch 1133938 # fix man pages conflicts with other packages
241     for i in passwd rand ; do
242     mv %{buildroot}%{_mandir}/man1/$i.1 %{buildroot}%{_mandir}/man1/ssl-$i.1
243 blino 733 done
244    
245     %multiarch_includes %{buildroot}%{_includedir}/openssl/opensslconf.h
246    
247     # nuke rpath
248     chrpath -d %{buildroot}%{_bindir}/openssl
249    
250     # Fix libdir.
251 guillomovitch 1133938 for i in %{buildroot}%{_libdir}/pkgconfig/*.pc; do
252 guillomovitch 1431659 sed -i 's,^libdir=${exec_prefix}/lib$,libdir=${exec_prefix}/%{_lib},g' $i
253 guillomovitch 1133938 done
254 blino 733
255     # adjust ssldir
256 guillomovitch 1133938 perl -pi -e "s|^\\\$CATOP\=\".*|\\\$CATOP\=\"%{_sysconfdir}/pki/tls\";|g" %{buildroot}%{_bindir}/CA.pl
257 blino 733 perl -pi -e "s|\./demoCA|%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfdir}/pki/tls/openssl.cnf
258    
259 akien 1104774 %files
260 guillomovitch 1133938 %doc FAQ INSTALL LICENSE NEWS README*
261 blino 733 %dir %{_sysconfdir}/pki
262     %dir %{_sysconfdir}/pki/tls
263     %dir %{_sysconfdir}/pki/tls/certs
264     %dir %{_sysconfdir}/pki/tls/misc
265     %dir %{_sysconfdir}/pki/tls/private
266     %dir %{_sysconfdir}/pki/tls/rootcerts
267 guillomovitch 191620 %config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
268 guillomovitch 1431659 %config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf
269 guillomovitch 191620 %{_sysconfdir}/pki/tls/certs/Makefile
270 guillomovitch 1133938 %{_bindir}/make-dummy-cert
271     %{_bindir}/renew-dummy-cert
272     %{_bindir}/openssl
273 guillomovitch 191620 %{_mandir}/man[157]/*
274 daviddavid 1206027 %exclude %{_mandir}/man1*/*rehash*
275 guillomovitch 1133938 %exclude %{_mandir}/man1*/*.pl*
276 daviddavid 1204885 %exclude %{_mandir}/man1*/*tsget*
277 blino 733
278     %files -n %{libname}
279 guillomovitch 1133938 %doc FAQ LICENSE NEWS README*
280 fwang 257304 %{_libdir}/lib*.so.%{maj}
281 guillomovitch 1133938 %{_libdir}/engines-%{maj}
282 blino 733
283     %files -n %{develname}
284 guillomovitch 1133938 %doc CHANGES doc/*
285 guillomovitch 191620 %dir %{_includedir}/openssl
286 blino 733 %multiarch %{multiarch_includedir}/openssl/opensslconf.h
287 guillomovitch 1133938 %{_includedir}/openssl
288 guillomovitch 191620 %{_libdir}/lib*.so
289     %{_mandir}/man3/*
290 guillomovitch 1133938 %{_libdir}/pkgconfig/*.pc
291 blino 733
292     %files -n %{staticname}
293 fwang 395433 %{_libdir}/lib*.a
294 tv 1020393
295     %files perl
296 guillomovitch 1133938 %{_bindir}/c_rehash
297     %{_bindir}/*.pl
298     %{_bindir}/tsget
299 daviddavid 1206027 %{_mandir}/man1*/*rehash*
300 guillomovitch 1133938 %{_mandir}/man1*/*.pl*
301 daviddavid 1204885 %{_mandir}/man1*/*tsget*
302 guillomovitch 1133938 %dir %{_sysconfdir}/pki/CA
303     %dir %{_sysconfdir}/pki/CA/private
304     %dir %{_sysconfdir}/pki/CA/certs
305     %dir %{_sysconfdir}/pki/CA/crl
306     %dir %{_sysconfdir}/pki/CA/newcerts

  ViewVC Help
Powered by ViewVC 1.1.30