source: projects/specs/trunk/o/openssl/openssl-vl.spec @ 9246

%define build_compat32 %{?_with_compat32:1}%{!?_with_compat32:0}
%define soversion 10
%define version 1.0.1k
%define release 1%{_dist_release}

Summary: Secure Sockets Layer Toolkit
Name: openssl
Version: %{version}
Release: %{release}
Source: openssl-%{version}.tar.gz
Source2: Makefile.certificate
Source6: make-dummy-cert
Source7: renew-dummy-cert

Patch0: openssl-1.0.0-soversion.patch
Patch2: openssl-1.0.0-rpm_opt.patch
Patch4: openssl-1.0.0-enginesdir.patch
Patch5: openssl-0.9.8j-version-add-engines.patch
Patch8: openssl-1.0.1c-perlfind.patch

# security fix
# nothing ;-)

License: BSDish
Group: System Environment/Libraries
URL: http://www.openssl.org/

BuildRoot: %{_tmppath}/%{name}-%{version}-root
BuildRequires: perl, sed
BuildRequires: zlib-devel, krb5-devel

Requires: mktemp
Requires: ca-certificates

Vendor: Project Vine
Distribution: Vine Linux
Packager: daisuke, iwamoto

%define solibbase %(echo %version | sed 's/[[:alpha:]]//g')

%description
The OpenSSL certificate management tool and the shared libraries that
provide various cryptographic algorithms and protocols.

%package devel
Summary: OpenSSL libraries and development headers.
Group: Development/Libraries
Requires: %{name} = %{version}-%{release}
Requires: krb5-devel

%description devel
The static libraries and include files needed to compile apps
with support for various the cryptographic algorithms and protocols
supported by OpenSSL.

Patches for many networking apps can be found at:
ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps/

%package static
Summary:  Libraries for static linking of applications which will use OpenSSL
Group: Development/Libraries
Requires: %{name}-devel = %{version}-%{release}

%description static
OpenSSL is a toolkit for supporting cryptography. The openssl-static
package contains static libraries needed for static linking of
applications which support various cryptographic algorithms and
protocols.

%package perl
Summary: OpenSSL scripts which require Perl.
Group: Applications/Internet
Requires: perl
Requires: %{name} = %{version}-%{release}

%description perl
Perl scripts provided with OpenSSL for converting certificates and keys
from other formats to those used by OpenSSL.

## to build compat32 for x86_64 architecture support
%package -n compat32-%{name}
Summary: Secure Sockets Layer Toolkit
Group: System Environment/Libraries
Requires: %{name} = %{version}-%{release}
%description -n compat32-%{name}
The OpenSSL certificate management tool and the shared libraries that
provide various cryptographic algorithms and protocols.

%package -n compat32-%{name}-devel
Summary: OpenSSL libraries and development headers.
Group: Development/Libraries
Requires: compat32-%{name} = %{version}-%{release}
Requires: compat32-krb5-devel
%description -n compat32-%{name}-devel
The static libraries and include files needed to compile apps
with support for various the cryptographic algorithms and protocols
supported by OpenSSL.

%prep
%setup -q -n openssl-%{version}
%patch0 -p1 -b .soversion
%patch2 -p1 -b .rpm_opt
%patch4 -p1 -b .enginesdir
%patch5 -p1 -b .version-add-engines
%patch8 -p1 -b .perlfind

# security fix
# nothing ;-)

chmod 644 FAQ LICENSE CHANGES NEWS INSTALL README
chmod 644 doc/README doc/c-indentation.el doc/openssl.txt
chmod 644 doc/openssl_button.html doc/openssl_button.gif
chmod 644 doc/ssleay.txt

# Link the configuration header to the one we're going to make.
ln -sf ../../crypto/opensslconf.h include/openssl/

%build 
PATH=${PATH}:${PWD}/bin
TOPDIR=${PWD}
LD_LIBRARY_PATH=${TOPDIR}:${TOPDIR}/bin:${PATH} ; export LD_LIBRARY_PATH

# Modify the various perl scripts to reference perl in the right location.
perl util/perlpath.pl `dirname %{__perl}`

# Generate a table with the compile settings for my perusal.
touch Makefile
make TABLE PERL=%{__perl}

# Figure out which flags we want to use.
# default
sslarch=%{_os}-%{_target_cpu}
#
%ifarch %ix86
sslarch=linux-elf
if ! echo %{_target} | grep -q i686 ; then
   sslflags="no-asm 386"
fi
%endif
%ifarch sparcv9
sslarch=linux-sparcv9
sslflags=no-asm
%endif
%ifarch sparc64
sslarch=linux64-sparcv9
sslflags=no-asm
%endif
%ifarch alpha alphaev56 alphaev6 alphaev67
sslarch=linux-alpha-gcc
%endif
%ifarch s390 sh3eb sh4eb
sslarch="linux-generic32 -DB_ENDIAN"
%endif
%ifarch s390x
sslarch="linux64-s390x"
%endif
%ifarch %{arm} sh3 sh4
sslarch=linux-generic32
%endif
# ia64/x86_64/ppc\ppc64 are OK by default.

# Configure the build tree.  Override OpenSSL defaults with known-good defaults
# usable on all platforms.  The Configure script already knows to use -fPIC and
# RPM_OPT_FLAGS, so we can skip specifiying them here.
./Configure  \
         --prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
         zlib-dynamic enable-camellia enable-seed enable-tlsext \
         enable-rfc3779 enable-cms enable-md2 \
         --enginesdir=%{_libdir}/openssl/engines \
         --with-krb5-flavor=MIT --with-krb5-dir=/usr \
         shared ${sslarch}

# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
# marked as not requiring an executable stack.
RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack"
make depend
make all build-shared

# Generate hashes for the included certs.
LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
export LD_LIBRARY_PATH
make rehash build-shared

# Verify that what was compiled actually works.
make -C test apps tests

# Relink the main binary to get it dynamically linked.
rm apps/openssl
make all build-shared

%install
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
# Install OpenSSL.
install -d $RPM_BUILD_ROOT/{%{_lib},%{_bindir},%{_includedir},%{_libdir},%{_mandir},%{_libdir}/openssl}
make INSTALL_PREFIX=$RPM_BUILD_ROOT install build-shared
install -m 755 *.so.* $RPM_BUILD_ROOT%{_libdir}
# added for lib64
# mv $RPM_BUILD_ROOT/usr/lib/engines $RPM_BUILD_ROOT%{_libdir}/openssl || :
mv $RPM_BUILD_ROOT%{_libdir}/engines $RPM_BUILD_ROOT%{_libdir}/openssl
# mv $RPM_BUILD_ROOT/usr/lib/* $RPM_BUILD_ROOT%{_libdir}/ || :
mv $RPM_BUILD_ROOT%{_libdir}/lib*.so.%{soversion} $RPM_BUILD_ROOT/%{_lib}/
mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man/* $RPM_BUILD_ROOT%{_mandir}
rmdir $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man
rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT/%{_lib}/*.so.%{soversion}
for lib in $RPM_BUILD_ROOT/%{_lib}/*.so.%{version} ; do
        chmod 755 ${lib}
        ln -s -f ../../%{_lib}/`basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`
        ln -s -f `basename ${lib}` $RPM_BUILD_ROOT/%{_lib}/`basename ${lib} .%{version}`.%{soversion}
done
# install -m644 -D %{SOURCE6} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/openssl.pc

# Install a makefile for generating keys and self-signed certs, and a script
# for generating them on the fly.
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs
install -m644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs/Makefile
install -m755 %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs/make-dummy-cert
install -m755 %{SOURCE7} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs/renew-dummy-cert

# Make sure we actually include the headers we built against.
for header in $RPM_BUILD_ROOT%{_includedir}/openssl/* ; do
        if [ -f ${header} -a -f include/openssl/$(basename ${header}) ] ; then
                install -m644 include/openssl/`basename ${header}` ${header}
        fi
done

# Rename man pages so that they don't conflict with system man pages.  We used
# to change the file extensions, but that only prevents file conflicts.  The
# man viewer still can't select either of the two unless we physically change
# the directory.
for section in 1 2 3 4 5 6 7 8 ; do
        if test -d $RPM_BUILD_ROOT%{_mandir}/man${section} ; then
                mv $RPM_BUILD_ROOT%{_mandir}/man${section} \
                   $RPM_BUILD_ROOT%{_mandir}/man${section}ssl
        fi
done

# Pick a CA script.
pushd  $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc
mv CA.sh CA
popd

mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA
mkdir -m700 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/private
mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/certs
mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/crl
mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/newcerts

# Ensure the openssl.cnf timestamp is identical across builds to avoid
# mulitlib conflicts and unnecessary renames on upgrade
touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf

%clean
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT

%files 
%defattr(-,root,root)
%doc FAQ LICENSE CHANGES NEWS INSTALL README
%doc doc/README doc/c-indentation.el doc/openssl.txt
%doc doc/openssl_button.html doc/openssl_button.gif
%doc doc/ssleay.txt

%{_sysconfdir}/pki/tls/certs/make-dummy-cert
%{_sysconfdir}/pki/tls/certs/renew-dummy-cert
%{_sysconfdir}/pki/tls/certs/Makefile
%{_sysconfdir}/pki/tls/misc/CA
%dir %{_sysconfdir}/pki/CA
%dir %{_sysconfdir}/pki/CA/private
%dir %{_sysconfdir}/pki/CA/certs
%dir %{_sysconfdir}/pki/CA/crl
%dir %{_sysconfdir}/pki/CA/newcerts
%{_sysconfdir}/pki/tls/misc/c_*
%dir %{_sysconfdir}/pki/tls
%dir %{_sysconfdir}/pki/tls/certs
%dir %{_sysconfdir}/pki/tls/misc
%dir %{_sysconfdir}/pki/tls/private
%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf

%attr(0755,root,root) %{_bindir}/openssl
%attr(0755,root,root) /%{_lib}/*.so.*
%attr(0755,root,root) %{_libdir}/openssl/engines/*.so
%attr(0755,root,root) %dir %{_mandir}/man1*
%attr(0644,root,root) %{_mandir}/man1*/*
%attr(0755,root,root) %dir %{_mandir}/man5*
%attr(0644,root,root) %{_mandir}/man5*/*
%attr(0755,root,root) %dir %{_mandir}/man7*
%attr(0644,root,root) %{_mandir}/man7*/*

%files devel
%defattr(-,root,root)
%{_prefix}/include/openssl
%exclude %{_libdir}/lib*.a
%attr(0755,root,root) %{_libdir}/*.so
%attr(0755,root,root) %dir %{_mandir}/man3*
%attr(0644,root,root) %{_mandir}/man3*/*
%attr(0644,root,root) %{_libdir}/pkgconfig/*.pc

%files static
%defattr(-,root,root)
%attr(0644,root,root) %{_libdir}/*.a

%files perl
%defattr(-,root,root)
%attr(0755,root,root) %{_bindir}/c_rehash
%attr(0755,root,root) %dir %{_mandir}/man1*
%attr(0644,root,root) %{_mandir}/man1*/*.pl*
%{_sysconfdir}/pki/tls/misc/*.pl
#%{_sysconfdir}/pki/tls/misc/tsget
%doc apps/tsget

## to build compat32 for x86_64 architecture support
%if %{build_compat32}
%files -n compat32-%{name}
%defattr(-,root,root)
%attr(0755,root,root) /%{_lib}/*.so.*

%files -n compat32-%{name}-devel
%defattr(-,root,root)
%exclude %{_libdir}/lib*.a
%attr(0755,root,root) %{_libdir}/*.so
%attr(0644,root,root) %{_libdir}/pkgconfig/*.pc
%endif

%post -p /sbin/ldconfig

%postun -p /sbin/ldconfig

%post -n compat32-%{name} -p /sbin/ldconfig

%postun -n compat32-%{name} -p /sbin/ldconfig

%changelog
* Mon Jan 12 2015 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.1k-1
- new upstream release with security fixes  

* Mon Oct 20 2014 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.1j-1
- new upstream release with security fixes 
- add patch8 from fc21 (fix perl find.pl)

* Fri Jun 6 2014 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.0.1h-1
- new upstream release with security fixes.

* Tue Apr  8 2014 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.1g-1
- new upstream release with security fixes 

* Thu Jan  9 2014 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.1f-1
- new upstream release with security fixes

* Tue Sep 24 2013 Daisuke SUZUKI <daisuke@linux.or.jp> 1.0.1e-2
- move root CA bundle to ca-certificates package

* Tue Feb 12 2013 Daisuke SUZUKI <daisuke@linux.or.jp> 1.0.1e-1
- update to 1.0.1e
  - 1.0.1d has major regressions from 1.0.1c

* Sat Feb  9 2013 IWAI, Masaharu <iwai@alib.jp> 1.0.1d-2
- remove tsget script to delete dependency perl(WWW::Curl::Easy)
 - openssl-perl package contains it in docdir

* Fri Feb 08 2013 Toshiharu Kudoh <toshi.kd2@gmail.com> 1.0.1d-1
- new upstream release with security fix (CVE-2012-2686, CVE-2013-0166, 0169)
- fixed %%files

* Tue May 29 2012 Daisuke SUZUKI <daisuke@linux.or.jp> 1.0.1c-1
- update to 1.0.1c
- enable configure options:
  enable-camellia enable-seed enable-tlsext enable-rfc3779
  enable-cms enable-md2
- remove no-asm option from ai64/x86_64/ppc/ppc64/i686
- generate a table with the compile settings before configure

* Fri Jan 20 2012 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.0g-1
- new upstream release with security fix (CVE-2012-0050)

* Fri Jan  6 2012 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.0f-1
- new upstream release with security fix 
  (CVE-2011-4108,09, CVE-2011-4576,77, CVE-2011-4619, CVE-2012-0027) 

* Wed Sep  7 2011 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.0e-1
- new upstream release with security fix (CVE-2011-3207, 3210)

* Sun Mar 20 2011 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.0d-2
- rebuild with krb5-libs 1.8

* Fri Feb 11 2011 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.0d-1
- new upstream release with security fix

* Sat Jan 15 2011 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.0c-4
- use upstream openssl.pc instead of vine original one (SOURCE6)

* Sun Jan  9 2011 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.0c-3
- move tsget to docs to delete dependency perl(WWW::Curl::Easy)

* Sat Jan  1 2011 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.0c-2
- add R: krb5-devel into devel pkg
- add R: compat32-krb5-devel into compat32-devel pkg

* Fri Dec 31 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.0c-1
- new upstream release 1.0.0x
- separate static libs into static package
- change configure options
- change so version 10
- add tsget into perl package
- update all patches

* Thu Dec 30 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.9.8q-2
- fix changelog typo...

* Tue Dec  7 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.9.8q-1
- new upstream release with security fix (CVE-2010-4180) 

* Wed Nov 17 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.9.8p-1
- new upstream release with security fix (CVE-2010-3864)
- drop patches included in new release
- update patch4

* Sun Jan 17 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.9.8k-5
- add patch12 for fix CVE-2009-3555 (renegotiation)

* Fri Jan 15 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.9.8k-4
- add patch11 for fix CVE-2009-4355 (memory leak)

* Tue Jun 23 2009 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.9.8k-3
- add patch10 to fix CVE-2009-1377, 78, 79 (from fc11)

* Mon Jun 22 2009 NAKAMURA Kenta <kenta@vinelinux.org> 0.9.8k-2
- removed unnecessary %%if %{build_compat32} statements
- removed lib*.a from devel package

* Mon Mar 30 2009 Satosh IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.9.8k-1
- new upstream release with security fix (CVE-2000-0590,0591,0789)

* Sun Jan 11 2009 Satosh IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.9.8j-1
- new upstream release with security fix (CVE-2008-5077)

* Sat Sep 20 2008 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.8i-1
- new upstream release

* Sat Jul 12 2008 Satosh IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.9.8h-1
- new upstream release
- new versioning policy

* Sat Oct 27 2007 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.8g-0vl1
- new upstream release
- drop patch10,20 which is merged in upstream

* Fri Sep 28 2007 MATSUBAYASHI Kohji <shaolin@vinelinux.org> 0.9.8e-0vl3
- add security patch in advance for CVE-2007-5135
  http://www.securityfocus.com/archive/1/archive/1/480855/100/0/threaded
  http://marc.info/?l=openssl-cvs&m=119020417919619&w=2

* Fri Aug 10 2007 MATSUBAYASHI Kohji <shaolin@vinelinux.org> 0.9.8e-0vl2
- add security patch for CVE-2007-3108
  (http://openssl.org/news/patch-CVE-2007-3108.txt)

* Tue May 15 2007 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.8e-0vl1
- new upstream release

* Sun Dec 24 2006 Satosh IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.9.7l-0vl2
- update (fix) openssl.pc <BTS:437>

* Fri Sep 29 2006 Satosh IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.9.7l-0vl1
- new upstream release (with security fix)

* Mon Sep 11 2006 Satosh IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.9.7k-0vl1
- new upstream release
- add patch2 to use RPM_OPT macro

* Mon Feb 06 2006 Shu KONNO <owa@bg.wakwak.com> 0.9.7i-0vl3
- moved macros _lib to /usr/lib/rpm/rpmrc or macros files

* Fri Feb 03 2006 Shu KONNO <owa@bg.wakwak.com> 0.9.7i-0vl2
- added compat32-* packages for x86_64 architecture support
- added openssl-0.9.7i.Configure-compat32.patch
- changed '/lib' to '/%{_lib}'

* Mon Oct 17 2005 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.7i-0vl1
- new upstream release

* Mon Jan 31 2005 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.7d-0vl4
- rebuild on VineSeed

* Sun Jan 09 2005 IKEDA Katsumi <ikeda@webmasters.gr.jp> 0.9.7d-0vl3.1
- added a security patch from Gentoo.
  - Patch1: openssl-0.9.7c-tempfile.patch

* Sun Mar 28 2004 MATSUBAYASHI Kohji <shaolin@vinelinux.org> 0.9.7d-0vl3
- sslarch for ppc was missing... added.

* Fri Mar 26 2004 Tomoya TAKA <taka@vinelinux.org> 0.9.7d-0vl2
- use sslarch=linux-alpha-gcc instead of alpha-gcc

* Mon Mar 22 2004 Satoshi MACHINO <machino@vinelinux.org> 0.9.7d-0vl1
- new upstream version
- clean up of spec file
        -- removed old patches

* Sat Mar 20 2004 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6m-0vl1
- new upstream release
- SECURITY fix.
  - http://www.openssl.org/news/secadv_20040317.txt

* Wed Oct  1 2003 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6k-0vl1
- new upstream release
- [Security fix]
  - Vulnerabilities in ASN.1 parsing
    http://www.openssl.org/news/secadv_20030930.txt
- see %{_docdir}/%{name}-%{version}/CHANGES for other changes

* Wed Jun 04 2003 HOTTA Michihide <hotta@net-newbie.com> 0.9.6j-0vl2
- add openssl.pc for pkgconfig

* Tue Mar 11 2003 Satoshi MACHINO <machino@vinelinux.org> 0.9.6j-0vl1
- New upstream version
- dropped patch10, 11
        -- merged upstream version

* Sun Feb 23 2003 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6i-0vl1
- rebuild for VineSeed

* Sun Feb 23 2003 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6i-0vl0.26.1
- [Security Fix]
  - Timing-based attacks on RSA keys
    http://www.openssl.org/news/secadv_20030317.txt
  - Klima-Pokorny0Rosa attack on RSA in SSL/TLS
    http://www.openssl.org/news/secadv_20030317.txt

* Sun Feb 23 2003 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6i-0vl0.26
- new upstream release 0.9.6i
- [Security Fix]
- build for Vine Linux 2.6 errata

* Mon Nov 18 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6h-0vl1
- new upstream release 0.9.6h

* Mon Nov 18 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6g-0vl1
- new upstream release 0.9.6g

* Mon Oct 28 2002 IWAI Masaharu <iwai@alib.jp> 0.9.6b-1vl6
- SECURITY: CAN-2002-0659 fixed
  - added Patch101 from RedHat 7.2 updates 0.9.6b-28
    * Fri Aug 02 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-28
    - update asn patch to fix accidental reversal of a logic check
    * Thu Aug 01 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-27
    - update asn patch to reduce chance that compiler optimization will remove
      one of the added tests
    * Thu Aug 01 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-26
    - rebuild
    * Tue Jul 30 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-25
    - add patch to fix ASN.1 vulnerabilities

* Wed Jul 31 2002 IWAI Masaharu <iwai@alib.jp> 0.9.6b-1vl5
- rename spec file name
- SECURITY: CA-2002-23 fixed
  - added Patch100 from RedHat 7.2 updates 0.9.6b-24
    * Thu Jul 25 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-24
    - add backport of Ben Laurie's patches for OpenSSL 0.9.6d

* Mon Sep 10 2001 Satoshi MACHINO <machino@vinelinux.org> 0.9.6b-1vl4
- added ${PATH} in LD_LIBRARY_PATH
- added install -m 755 *.so.* $RPM_BUILD_ROOT%{_libdir} in %install
 
* Sun Jul 15 2001 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6b-1vl3
- remove --no-<cipher>

* Sun Jul 15 2001 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6b-1vl2
- add Patch10 for mipsel shared ( Configure )

* Sat Jul 14 2001 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6b-1vl1
- build for Vine Linux
- use openssl-engine-0.9.6b.tar.gz

* Wed Jul 11 2001 Nalin Dahyabhai <nalin@redhat.com>
- update to 0.9.6b

* Thu Jul  5 2001 Nalin Dahyabhai <nalin@redhat.com>
- move .so symlinks back to %%{_libdir}

* Tue Jul  3 2001 Nalin Dahyabhai <nalin@redhat.com>
- move shared libraries to /lib (#38410)

* Mon Jun 25 2001 Nalin Dahyabhai <nalin@redhat.com>
- switch to engine code base

* Mon Jun 18 2001 Nalin Dahyabhai <nalin@redhat.com>
- add a script for creating dummy certificates
- move man pages from %%{_mandir}/man?/foo.?ssl to %%{_mandir}/man?ssl/foo.?

* Thu Jun 07 2001 Florian La Roche <Florian.LaRoche@redhat.de>
- add s390x support

* Fri Jun  1 2001 Nalin Dahyabhai <nalin@redhat.com>
- change two memcpy() calls to memmove()
- don't define L_ENDIAN on alpha

* Tue May 15 2001 Nalin Dahyabhai <nalin@redhat.com>
- make subpackages depend on the main package

* Tue May  1 2001 Nalin Dahyabhai <nalin@redhat.com>
- adjust the hobble script to not disturb symlinks in include/ (fix from
  Joe Orton)

* Thu Apr 26 2001 Nalin Dahyabhai <nalin@redhat.com>
- drop the m2crypo patch we weren't using

* Tue Apr 24 2001 Nalin Dahyabhai <nalin@redhat.com>
- configure using "shared" as well

* Sun Apr  8 2001 Nalin Dahyabhai <nalin@redhat.com>
- update to 0.9.6a
- use the build-shared target to build shared libraries
- bump the soversion to 2 because we're no longer compatible with
  our 0.9.5a packages or our 0.9.6 packages
- drop the patch for making rsatest a no-op when rsa null support is used
- put all man pages into <section>ssl instead of <section>
- break the m2crypto modules into a separate package

* Tue Mar 13 2001 Nalin Dahyabhai <nalin@redhat.com>
- use BN_LLONG on s390

* Mon Mar 12 2001 Nalin Dahyabhai <nalin@redhat.com>
- fix the s390 changes for 0.9.6 (isn't supposed to be marked as 64-bit)

* Sat Mar  3 2001 Nalin Dahyabhai <nalin@redhat.com>
- move c_rehash to the perl subpackage, because it's a perl script now

* Fri Mar  2 2001 Nalin Dahyabhai <nalin@redhat.com>
- update to 0.9.6
- enable MD2
- use the libcrypto.so and libssl.so targets to build shared libs with
- bump the soversion to 1 because we're no longer compatible with any of
  the various 0.9.5a packages circulating around, which provide lib*.so.0

* Wed Feb 28 2001 Florian La Roche <Florian.LaRoche@redhat.de>
- change hobble-openssl for disabling MD2 again

* Tue Feb 27 2001 Nalin Dahyabhai <nalin@redhat.com>
- re-disable MD2 -- the EVP_MD_CTX structure would grow from 100 to 152
  bytes or so, causing EVP_DigestInit() to zero out stack variables in
  apps built against a version of the library without it

* Mon Feb 26 2001 Nalin Dahyabhai <nalin@redhat.com>
- disable some inline assembly, which on x86 is Pentium-specific
- re-enable MD2 (see http://www.ietf.org/ietf/IPR/RSA-MD-all)

* Thu Feb 08 2001 Florian La Roche <Florian.LaRoche@redhat.de>
- fix s390 patch

* Fri Dec 8 2000 Than Ngo <than@redhat.com>
- added support s390

* Mon Nov 20 2000 Nalin Dahyabhai <nalin@redhat.com>
- remove -Wa,* and -m* compiler flags from the default Configure file (#20656)
- add the CA.pl man page to the perl subpackage

* Thu Nov  2 2000 Nalin Dahyabhai <nalin@redhat.com>
- always build with -mcpu=ev5 on alpha

* Tue Oct 31 2000 Nalin Dahyabhai <nalin@redhat.com>
- add a symlink from cert.pem to ca-bundle.crt

* Wed Oct 25 2000 Nalin Dahyabhai <nalin@redhat.com>
- add a ca-bundle file for packages like Samba to reference for CA certificates

* Tue Oct 24 2000 Nalin Dahyabhai <nalin@redhat.com>
- remove libcrypto's crypt(), which doesn't handle md5crypt (#19295)

* Mon Oct  2 2000 Nalin Dahyabhai <nalin@redhat.com>
- add unzip as a buildprereq (#17662)
- update m2crypto to 0.05-snap4

* Tue Sep 26 2000 Bill Nottingham <notting@redhat.com>
- fix some issues in building when it's not installed

* Wed Sep  6 2000 Nalin Dahyabhai <nalin@redhat.com>
- make sure the headers we include are the ones we built with (aaaaarrgh!)

* Fri Sep  1 2000 Nalin Dahyabhai <nalin@redhat.com>
- add Richard Henderson's patch for BN on ia64
- clean up the changelog

* Tue Aug 29 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix the building of python modules without openssl-devel already installed

* Wed Aug 23 2000 Nalin Dahyabhai <nalin@redhat.com>
- byte-compile python extensions without the build-root
- adjust the makefile to not remove temporary files (like .key files when
  building .csr files) by marking them as .PRECIOUS

* Sat Aug 19 2000 Nalin Dahyabhai <nalin@redhat.com>
- break out python extensions into a subpackage

* Mon Jul 17 2000 Nalin Dahyabhai <nalin@redhat.com>
- tweak the makefile some more

* Tue Jul 11 2000 Nalin Dahyabhai <nalin@redhat.com>
- disable MD2 support

* Thu Jul  6 2000 Nalin Dahyabhai <nalin@redhat.com>
- disable MDC2 support

* Sun Jul  2 2000 Nalin Dahyabhai <nalin@redhat.com>
- tweak the disabling of RC5, IDEA support
- tweak the makefile

* Thu Jun 29 2000 Nalin Dahyabhai <nalin@redhat.com>
- strip binaries and libraries
- rework certificate makefile to have the right parts for Apache

* Wed Jun 28 2000 Nalin Dahyabhai <nalin@redhat.com>
- use %%{_perl} instead of /usr/bin/perl
- disable alpha until it passes its own test suite

* Fri Jun  9 2000 Nalin Dahyabhai <nalin@redhat.com>
- move the passwd.1 man page out of the passwd package's way

* Fri Jun  2 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to 0.9.5a, modified for U.S.
- add perl as a build-time requirement
- move certificate makefile to another package
- disable RC5, IDEA, RSA support
- remove optimizations for now

* Wed Mar  1 2000 Florian La Roche <Florian.LaRoche@redhat.de>
- Bero told me to move the Makefile into this package

* Wed Mar  1 2000 Florian La Roche <Florian.LaRoche@redhat.de>
- add lib*.so symlinks to link dynamically against shared libs

* Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de>
- update to 0.9.5
- run ldconfig directly in post/postun
- add FAQ

* Sat Dec 18 1999 Bernhard Rosenkrdnzer <bero@redhat.de>
- Fix build on non-x86 platforms

* Fri Nov 12 1999 Bernhard Rosenkrdnzer <bero@redhat.de>
- move /usr/share/ssl/* from -devel to main package

* Tue Oct 26 1999 Bernhard Rosenkrdnzer <bero@redhat.de>
- inital packaging
- changes from base:
  - Move /usr/local/ssl to /usr/share/ssl for FHS compliance
  - handle RPM_OPT_FLAGS