/[packages]/updates/8/openssl/current/SPECS/openssl.spec

Diff of /updates/8/openssl/current/SPECS/openssl.spec

Parent Directory | Revision Log | View Patch Patch

-revision 1132889 by akien,
Sun Jul 30 18:03:56 2017 UTC
+revision 1133938 by guillomovitch,
Wed Aug  2 13:45:32 2017 UTC
 Line 1
- %define maj 1.0.0
+ %define maj 1.1
- %define engines_name %mklibname openssl-engines %{maj}
  %define libname %mklibname openssl %{maj}
  %define develname %mklibname openssl -d
  %define staticname %mklibname openssl -s -d
-Line 7
+Line 6
  %define conflict1 %mklibname openssl 0.9.7
  %define conflict2 %mklibname openssl 0.9.8
- # Number of threads to spawn when testing some threading fixes.
- #define thread_test_threads %{?threads:%{threads}}%{!?threads:1}
  %define with_krb5 0
  Summary:        Secure Sockets Layer communications libs & utils
  Name:           openssl
- Version:        1.0.2l
+ Version:        1.1.0f
- Release:        %mkrel 2
+ Release:        %mkrel 1
  License:        BSD-like
  Group:          System/Libraries
  URL:            http://www.openssl.org/
  Source0:        http://www.openssl.org/source/%{name}-%{version}.tar.gz
  Source1:        http://www.openssl.org/source/%{name}-%{version}.tar.gz.asc
  Source2:        Makefile.certificate
- Source3:        make-dummy-cert
  Source4:        openssl-thread-test.c
- # (gb) 0.9.7b-4mdk: Handle RPM_OPT_FLAGS in Configure
+ Source6:    make-dummy-cert
- Patch2:         openssl-1.0.2e-optflags.patch
+ Source7:    renew-dummy-cert
+ Source12:   ec_curve.c
+ Source13:   ectest.c
  # (oe) support Brazilian Government OTHERNAME X509v3 field (#14158)
  # http://www.iti.gov.br/resolucoes/RESOLU__O_13_DE_26_04_2002.PDF
  Patch6:         openssl-1.0.2l-icpbrasil.diff
- # http://qa.mandriva.com/show_bug.cgi?id=32621
- # patch15 removed: https://bugs.mageia.org/show_bug.cgi?id=15027
- #Patch15:       openssl-0.9.8e-crt.patch
  # fedora patches
- Patch7:         openssl-1.0.2-defaults.patch
+ Patch1: openssl-1.1.0-build.patch
- Patch12:        openssl-1.0.2-x509.patch
+ Patch3: openssl-1.1.0-no-html.patch
- Patch13:        openssl-1.0.2-version-add-engines.patch
+ Patch21: openssl-1.1.0-issuer-hash.patch
- Patch16:        openssl-1.0.2-enginesdir.patch
+ Patch22: openssl-1.1.0-algo-doc.patch
- Patch17:        openssl-1.0.2-pkgconfig-krb5.patch
+ Patch23: openssl-1.1.0-manfix.patch
- Patch18:        openssl-1.0.2g-manfix.patch
+ Patch31: openssl-1.1.0-ca-dir.patch
- Patch19:        openssl-1.0.2g-disable-sslv2v3.patch
+ Patch32: openssl-1.1.0-version-add-engines.patch
+ Patch33: openssl-1.1.0-apps-dgst.patch
+ Patch34: openssl-1.1.0-starttls-xmpp.patch
+ Patch35: openssl-1.1.0-chil-fixes.patch
+ Patch36: openssl-1.1.0-secure-getenv.patch
+ Patch37: openssl-1.1.0-ec-curves.patch
+ Patch38: openssl-1.1.0-no-weak-verify.patch
+ Patch39: openssl-1.1.0-cc-reqs.patch
+ Patch40: openssl-1.1.0-disable-ssl3.patch
+ Patch41: openssl-1.1.0-system-cipherlist.patch
+ Patch43: openssl-1.1.0-afalg-eventfd2.patch
+ Patch44: openssl-1.1.0-bio-fd-preserve-nl.patch
+ Patch45: openssl-1.1.0-weak-ciphers.patch
+ Patch70: openssl-1.1.0-thread-local.patch
+ Patch71: openssl-1.1.0-dtls-failure.patch
  # MIPS and ARM support
  Patch300:       openssl-1.0.2a-mips.patch
-Line 53 
 BuildRequires: krb5-devel
+Line 61 
 BuildRequires: krb5-devel
  BuildRequires:  multiarch-utils >= 1.0.3
  BuildRequires:  chrpath
  BuildRequires:  zlib-devel
+ BuildRequires:  sctp-devel
  # (tv) for test suite:
  BuildRequires:  bc
-Line 61 
 The openssl certificate management tool
+Line 70 
 The openssl certificate management tool
  various encryption and decription algorithms and protocols, including DES, RC4,
  RSA and SSL.
- %package -n     %{engines_name}
- Summary:        Engines for openssl
- Group:          System/Libraries
- Obsoletes:      openssl-engines < 1.0.0a-5
- Provides:       openssl-engines = %{version}-%{release}
- %description -n %{engines_name}
- This package provides engines for openssl.
  %package -n     %{libname}
  Summary:        Secure Sockets Layer communications libs
  Group:          System/Libraries
- Requires:       %{engines_name} >= %{version}-%{release}
+ Requires:   crypto-policies
  Provides:       %{libname} = %{version}-%{release}
  %description -n %{libname}
 Line 128 
 from other formats to the formats used b
  %prep
  %setup -q
- %patch2 -p1 -b .optflags
+ cp %{SOURCE12} crypto/ec/
+ cp %{SOURCE13} test/
+ %patch1 -p1 -b .build
+ %patch3 -p1 -b .no-html
  %patch6 -p1 -b .icpbrasil
- %patch7 -p1 -b .defaults
- %patch12 -p1 -b .x509
+ %patch21 -p1 -b .issuer-hash
- %patch13 -p1 -b .version-add-engines
+ %patch22 -p1 -b .algo-doc
- #patch15 -p1 -b .crt
+ %patch23 -p1 -b .manfix
- %patch16 -p1 -b .engines
+ %patch31 -p1 -b .ca-dir
- %patch17 -p1 -b .krb5
+ %patch32 -p1 -b .version-add-engines
- %patch18 -p1 -b .manfix
+ %patch33 -p1 -b .dgst
- %patch19 -p1 -b .v2v3
+ %patch34 -p1 -b .xmpp
+ %patch35 -p1 -b .chil
- %patch300 -p1 -b .mips
+ %patch36 -p1 -b .secure-getenv
- %patch301 -p1 -b .arm
+ %patch37 -p1 -b .curves
+ %patch38 -p1 -b .no-md5-verify
- perl -pi -e "s,^(OPENSSL_LIBNAME=).+$,\1%{_lib}," Makefile.org engines/Makefile
+ %patch39 -p1 -b .cc-reqs
+ %patch40 -p1 -b .disable-ssl3
- cp %{SOURCE2} Makefile.certificate
+ %patch41 -p1 -b .system-cipherlist
- cp %{SOURCE3} make-dummy-cert
+ %patch43 -p1 -b .eventfd2
- cp %{SOURCE4} openssl-thread-test.c
+ %patch44 -p1 -b .preserve-nl
+ %patch45 -p1 -b .weak-ciphers
+ %patch70 -p1 -b .thread-local
+ %patch71 -p1 -b .dtls-failure
+ #patch300 -p1 -b .mips
+ #patch301 -p1 -b .arm
+ #perl -pi -e "s,^(OPENSSL_LIBNAME=).+$,\1%{_lib}," Makefile.org engines/Makefile
  %build
  %serverbuild
  # Figure out which flags we want to use.
  # default
- sslarch=%{_os}-%{_arch}
+ sslarch=%{_os}-%{_target_cpu}
  %ifarch %ix86
  sslarch=linux-elf
  if ! echo %{_target} | grep -q i[56]86 ; then
-     sslflags="no-asm"
+     sslflags="no-asm 386"
  fi
  %endif
- %ifarch sparcv9
+ %ifarch x86_64
- sslarch=linux-sparcv9
+ sslflags=enable-ec_nistp_64_gcc_128
- %endif
- %ifarch alpha
- sslarch=linux-alpha-gcc
- %endif
- %ifarch s390
- sslarch="linux-generic32 -DB_ENDIAN -DNO_ASM"
  %endif
- %ifarch s390x
+ %ifarch %{arm}
- sslarch="linux-generic64 -DB_ENDIAN -DNO_ASM"
+ sslarch=linux-armv4
  %endif
+ # Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
+ # marked as not requiring an executable stack.
+ # Also add -DPURIFY to make using valgrind with openssl easier as we do not
+ # want to depend on the uninitialized memory as a source of entropy anyway.
+ RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DPURIFY"
  # ia64, x86_64, ppc, ppc64 are OK by default
  # Configure the build tree.  Override OpenSSL defaults with known-good defaults
  # usable on all platforms.  The Configure script already knows to use -fPIC and
-Line 180 
 sslarch="linux-generic64 -DB_ENDIAN -DNO
+Line 193 
 sslarch="linux-generic64 -DB_ENDIAN -DNO
  ./Configure \
      --prefix=%{_prefix} \
      --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
-     --libdir=%{_lib}/ \
+     --system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \
  %if %with_krb5
      --with-krb5-flavor=MIT --with-krb5-dir=%{_prefix} \
  %endif
-     --enginesdir=%{_libdir}/openssl/%{version}/engines \
+      zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
-      zlib no-idea no-rc5 enable-camellia enable-md2 shared enable-tlsext ${sslarch} \
+      enable-cms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method \
- %ifarch x86_64
+      enable-weak-ssl-ciphers no-mdc2 no-ec2m shared ${sslarch} \
-      enable-ec_nistp_64_gcc_128
+     $RPM_OPT_FLAGS
- %endif
- # Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
+ util/mkdef.pl crypto update
- # marked as not requiring an executable stack.
- RPM_OPT_FLAGS="%{optflags} -Wa,--noexecstack"
- make depend
- make all build-shared
- # Generate hashes for the included certs.
+ make all
- make rehash build-shared
  %check
  # Verify that what was compiled actually works.
- export LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
- make -C test apps tests
+ # We must revert patch31 before tests otherwise they will fail
+ patch -p1 -R < %{PATCH31}
- gcc -o openssl-thread-test \
+ export LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
-     %{?_with_krb5:`krb5-config --cflags`} \
+ export OPENSSL_ENABLE_MD5_VERIFY=
-     -I./include \
-     %{optflags} \
-     openssl-thread-test.c \
-     -L. -lssl -lcrypto \
-     %{?_with_krb5:`krb5-config --libs`} \
-     -lpthread -lz -ldl
- ./openssl-thread-test --threads %{thread_test_threads}
+ make test
- %install
+ patch -p1 < %{PATCH31}
- %makeinstall \
-     INSTALL_PREFIX=%{buildroot} \
-     MANDIR=%{_mandir} \
-     build-shared
- install -d -m 755 %{buildroot}%{_libdir}/openssl/%{version}
+ %install
- mv %{buildroot}%{_libdir}/engines %{buildroot}%{_libdir}/openssl/%{version}
+ %make_install
  # make the rootcerts dir
  install -d %{buildroot}%{_sysconfdir}/pki/tls/rootcerts
  # Install a makefile for generating keys and self-signed certs, and a script
  # for generating them on the fly.
- install -d %{buildroot}%{_sysconfdir}/pki/tls/certs
+ mkdir -p %{buildroot}%{_sysconfdir}/pki/tls/certs
- install -m0644 Makefile.certificate %{buildroot}%{_sysconfdir}/pki/tls/certs/Makefile
+ install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pki/tls/certs/Makefile
- install -m0755 make-dummy-cert %{buildroot}%{_sysconfdir}/pki/tls/certs/make-dummy-cert
+ install -m 755 %{SOURCE6} %{buildroot}%{_bindir}/make-dummy-cert
+ install -m 755 %{SOURCE7} %{buildroot}%{_bindir}/renew-dummy-cert
- # Pick a CA script.
- mv %{buildroot}%{_sysconfdir}/pki/tls/misc/CA.sh %{buildroot}%{_sysconfdir}/pki/tls/misc/CA
+ # Move runable perl scripts to bindir
+ mv %{buildroot}%{_sysconfdir}/pki/tls/misc/*.pl %{buildroot}%{_bindir}
+ mv %{buildroot}%{_sysconfdir}/pki/tls/misc/tsget %{buildroot}%{_bindir}
  install -d %{buildroot}%{_sysconfdir}/pki/CA
  install -d %{buildroot}%{_sysconfdir}/pki/CA/private
+ install -d %{buildroot}%{_sysconfdir}/pki/CA/certs
- # openssl was named ssleay in "ancient" times.
+ install -d %{buildroot}%{_sysconfdir}/pki/CA/crl
- ln -snf openssl %{buildroot}%{_bindir}/ssleay
+ install -d %{buildroot}%{_sysconfdir}/pki/CA/newcerts
- # The man pages rand.3 and passwd.1 conflict with other packages
+ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf.dist
- # Rename them to ssl-* and also make a symlink from openssl-* to ssl-*
- mv %{buildroot}%{_mandir}/man1/passwd.1 %{buildroot}%{_mandir}/man1/ssl-passwd.1
+ # fix man pages conflicts with other packages
- ln -sf ssl-passwd.1%{_extension} %{buildroot}%{_mandir}/man1/openssl-passwd.1%{_extension}
+ for i in passwd rand ; do
+     mv %{buildroot}%{_mandir}/man1/$i.1 %{buildroot}%{_mandir}/man1/ssl-$i.1
- for i in rand err; do
-     mv %{buildroot}%{_mandir}/man3/$i.3 %{buildroot}%{_mandir}/man3/ssl-$i.3
-     ln -snf ssl-$i.3%{_extension} %{buildroot}%{_mandir}/man3/openssl-$i.3%{_extension}
  done
- rm -rf {main,devel}-doc-info
- mkdir -p {main,devel}-doc-info
- cat > main-doc-info/README.mga <<EOF
- Warning:
- The man page of passwd, passwd.1, has been renamed to ssl-passwd.1
- to avoid a conflict with passwd.1 man page from the package passwd.
- EOF
- cat > devel-doc-info/README.mga <<EOF
- Warning:
- The man page of rand, rand.3, has been renamed to ssl-rand.3
- to avoid a conflict with rand.3 from the package man-pages
- The man page of err, err.3, has been renamed to ssl-err.3
- to avoid a conflict with err.3 from the package man-pages
- EOF
- chmod 755 %{buildroot}%{_libdir}/pkgconfig
  %multiarch_includes %{buildroot}%{_includedir}/openssl/opensslconf.h
- # strip cannot touch these unless 755
- chmod 755 %{buildroot}%{_libdir}/openssl/%{version}/engines/*.so*
- chmod 755 %{buildroot}%{_libdir}/*.so*
- chmod 755 %{buildroot}%{_bindir}/*
- # nuke a mistake
- rm -f %{buildroot}%{_mandir}/man3/.3
  # nuke rpath
  chrpath -d %{buildroot}%{_bindir}/openssl
  # Fix libdir.
- pushd %{buildroot}%{_libdir}/pkgconfig
+ for i in %{buildroot}%{_libdir}/pkgconfig/*.pc; do
-     for i in *.pc ; do
+         sed -i 's,^libdir=${exec_prefix}/lib$,libdir=${exec_prefix}/%{_lib},g' $i
-         sed 's,^libdir=${exec_prefix}/lib$,libdir=${exec_prefix}/%{_lib},g' \
+ done
-             $i >$i.tmp && \
-             cat $i.tmp >$i && \
-             rm -f $i.tmp
-     done
- popd
  # adjust ssldir
- perl -pi -e "s|^CATOP=.*|CATOP=%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfdir}/pki/tls/misc/CA
+ perl -pi -e "s|^\\\$CATOP\=\".*|\\\$CATOP\=\"%{_sysconfdir}/pki/tls\";|g" %{buildroot}%{_bindir}/CA.pl
- perl -pi -e "s|^\\\$CATOP\=\".*|\\\$CATOP\=\"%{_sysconfdir}/pki/tls\";|g" %{buildroot}%{_sysconfdir}/pki/tls/misc/CA.pl
  perl -pi -e "s|\./demoCA|%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfdir}/pki/tls/openssl.cnf
  %files
- %doc FAQ INSTALL LICENSE NEWS PROBLEMS main-doc-info/README*
+ %doc FAQ INSTALL LICENSE NEWS README*
- %doc README README.ASN1 README.ENGINE
  %dir %{_sysconfdir}/pki
- %dir %{_sysconfdir}/pki/CA
- %dir %{_sysconfdir}/pki/CA/private
  %dir %{_sysconfdir}/pki/tls
  %dir %{_sysconfdir}/pki/tls/certs
  %dir %{_sysconfdir}/pki/tls/misc
  %dir %{_sysconfdir}/pki/tls/private
  %dir %{_sysconfdir}/pki/tls/rootcerts
- %{_sysconfdir}/pki/tls/misc/CA
- %{_sysconfdir}/pki/tls/misc/c_*
  %config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
- %{_sysconfdir}/pki/tls/certs/make-dummy-cert
  %{_sysconfdir}/pki/tls/certs/Makefile
- %{_bindir}/*
+ %{_bindir}/make-dummy-cert
- %exclude %{_bindir}/c_rehash
+ %{_bindir}/renew-dummy-cert
+ %{_bindir}/openssl
  %{_mandir}/man[157]/*
+ %exclude %{_mandir}/man1*/c_rehash*
+ %exclude %{_mandir}/man1*/*.pl*
+ %exclude %{_mandir}/man1*/tsget*
  %files -n %{libname}
- %doc FAQ INSTALL LICENSE NEWS PROBLEMS README*
+ %doc FAQ LICENSE NEWS README*
  %{_libdir}/lib*.so.%{maj}
+ %{_libdir}/engines-%{maj}
- %files -n %{engines_name}
- %{_libdir}/openssl
  %files -n %{develname}
- %doc CHANGES doc/* devel-doc-info/README*
+ %doc CHANGES doc/*
  %dir %{_includedir}/openssl
  %multiarch %{multiarch_includedir}/openssl/opensslconf.h
- %{_includedir}/openssl/*
+ %{_includedir}/openssl
  %{_libdir}/lib*.so
  %{_mandir}/man3/*
- %{_libdir}/pkgconfig/*
+ %{_libdir}/pkgconfig/*.pc
  %files -n %{staticname}
  %{_libdir}/lib*.a
  %files perl
- %defattr(-,root,root)
+ %{_bindir}/c_rehash
- %attr(0755,root,root) %{_bindir}/c_rehash
+ %{_bindir}/*.pl
- %attr(0644,root,root) %{_mandir}/man1*/*.pl*
+ %{_bindir}/tsget
- %{_sysconfdir}/pki/tls/misc/*.pl
+ %{_mandir}/man1*/c_rehash*
- %{_sysconfdir}/pki/tls/misc/tsget
+ %{_mandir}/man1*/*.pl*
+ %{_mandir}/man1*/tsget*
+ %dir %{_sysconfdir}/pki/CA
+ %dir %{_sysconfdir}/pki/CA/private
+ %dir %{_sysconfdir}/pki/CA/certs
+ %dir %{_sysconfdir}/pki/CA/crl
+ %dir %{_sysconfdir}/pki/CA/newcerts

 Legend:



Removed from v.1132889
 


changed lines


 
Added in v.1133938
 Legend:



Removed from v.1132889
 


changed lines


 
Added in v.1133938
-Removed from v.1132889
+Added in v.1133938

	ViewVC Help
Powered by ViewVC 1.1.30