%define build_compat32 %{?_with_compat32:1}%{!?_with_compat32:0} %define soversion 6 %define version 0.9.8zh %define release 1%{_dist_release} Summary: Secure Sockets Layer Toolkit Name: openssl098 Version: %{version} Release: %{release} Source: openssl-%{version}.tar.gz Source2: Makefile.certificate Source3: ca-bundle.crt Source5: make-dummy-cert # Source6: openssl-%{version}.pc Patch0: openssl-0.9.8b-soversion.patch Patch2: openssl-0.9.8e-rpm_opt.patch Patch4: openssl-0.9.8p-enginesdir.patch # security fix # nothing ;-) License: BSDish Group: System Environment/Libraries URL: http://www.openssl.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-root BuildRequires: perl, sed Requires: mktemp Packager: Daisuke SUZUKI Vendor: Project Vine Distribution: Vine Linux %define solibbase %(echo %version | sed 's/[[:alpha:]]//g') %description The OpenSSL certificate management tool and the shared libraries that provide various cryptographic algorithms and protocols. ## to build compat32 for x86_64 architecture support %package -n compat32-%{name} Summary: Secure Sockets Layer Toolkit Group: System Environment/Libraries Requires: %{name} = %{version}-%{release} %description -n compat32-%{name} The OpenSSL certificate management tool and the shared libraries that provide various cryptographic algorithms and protocols. %prep %setup -q -n openssl-%{version} %patch0 -p1 -b .soversion %patch2 -p1 -b .rpm_opt %patch4 -p1 -b .enginesdir # security fix # nothing ;-) chmod 644 FAQ LICENSE CHANGES NEWS INSTALL README chmod 644 doc/README doc/c-indentation.el doc/openssl.txt chmod 644 doc/openssl_button.html doc/openssl_button.gif chmod 644 doc/ssleay.txt # Link the configuration header to the one we're going to make. # ln -sf ../../crypto/opensslconf.h include/openssl/ %build PATH=${PATH}:${PWD}/bin TOPDIR=${PWD} LD_LIBRARY_PATH=${TOPDIR}:${TOPDIR}/bin:${PATH} ; export LD_LIBRARY_PATH # Figure out which flags we want to use. Can't use assembler because it's # not lowest-common-denominator in most cases. perl util/perlpath.pl `dirname %{__perl}` %ifarch %ix86 sslarch=linux-elf sslflags="no-asm 386" %endif %ifarch ppc sslarch=linux-ppc sslflags=no-asm %endif %ifarch sparc sslarch=linux-sparcv9 sslflags=no-asm %endif %ifarch ia64 sslarch=linux-ia64 sslflags=no-asm %endif %ifarch alpha sslarch=linux-alpha-gcc sslflags=no-asm %endif %ifarch s390 sslarch=linux-s390 %endif %ifarch s390x sslarch=linux-s390x %endif %ifarch mipsel sslarch=linux-mips sslflags=no-asm %endif ## to build for x86_64 architecture support %ifarch x86_64 sslarch=linux-x86_64 sslflags=no-asm %endif # Configure the build tree. Override OpenSSL defaults with known-good defaults # usable on all platforms. The Configure script already knows to use -fPIC and # RPM_OPT_FLAGS, so we can skip specifiying them here. ./Configure \ --prefix=%{_prefix} --openssldir=%{_datadir}/ssl ${sslflags} \ --enginesdir=%{_libdir}/openssl/engines \ shared ${sslarch} # Add -Wa,--noexecstack here so that libcrypto's assembler modules will be # marked as not requiring an executable stack. RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack" make depend make all build-shared # Generate hashes for the included certs. LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}} export LD_LIBRARY_PATH make rehash build-shared # Verify that what was compiled actually works. make -C test apps tests # Relink the main binary to get it dynamically linked. rm apps/openssl make all build-shared %install [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT # Install OpenSSL. install -d $RPM_BUILD_ROOT/{%{_lib},%{_bindir},%{_includedir},%{_libdir},%{_mandir},%{_libdir}/openssl} make INSTALL_PREFIX=$RPM_BUILD_ROOT install build-shared install -m 755 *.so.* $RPM_BUILD_ROOT%{_libdir} # added for lib64 mv $RPM_BUILD_ROOT/usr/lib/engines $RPM_BUILD_ROOT%{_libdir}/openssl || : mv $RPM_BUILD_ROOT/usr/lib/* $RPM_BUILD_ROOT%{_libdir}/ || : mv $RPM_BUILD_ROOT%{_libdir}/lib*.so.%{soversion} $RPM_BUILD_ROOT/%{_lib}/ mv $RPM_BUILD_ROOT%{_datadir}/ssl/man/* $RPM_BUILD_ROOT%{_mandir} rmdir $RPM_BUILD_ROOT%{_datadir}/ssl/man rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT/%{_lib}/*.so.%{soversion} for lib in $RPM_BUILD_ROOT/%{_lib}/*.so.%{version} ; do chmod 755 ${lib} ln -s -f ../../%{_lib}/`basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}` ln -s -f `basename ${lib}` $RPM_BUILD_ROOT/%{_lib}/`basename ${lib} .%{version}`.%{soversion} done # install -m644 -D %{SOURCE6} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/openssl.pc # Install a makefile for generating keys and self-signed certs, and a script # for generating them on the fly. mkdir -p $RPM_BUILD_ROOT%{_datadir}/ssl/certs install -m644 $RPM_SOURCE_DIR/Makefile.certificate $RPM_BUILD_ROOT%{_datadir}/ssl/certs/Makefile install -m644 $RPM_SOURCE_DIR/make-dummy-cert $RPM_BUILD_ROOT%{_datadir}/ssl/certs/make-dummy-cert # Make sure we actually include the headers we built against. for header in $RPM_BUILD_ROOT%{_includedir}/openssl/* ; do if [ -f ${header} -a -f include/openssl/$(basename ${header}) ] ; then install -m644 include/openssl/`basename ${header}` ${header} fi done # Rename man pages so that they don't conflict with system man pages. We used # to change the file extensions, but that only prevents file conflicts. The # man viewer still can't select either of the two unless we physically change # the directory. for section in 1 2 3 4 5 6 7 8 ; do if test -d $RPM_BUILD_ROOT%{_mandir}/man${section} ; then mv $RPM_BUILD_ROOT%{_mandir}/man${section} \ $RPM_BUILD_ROOT%{_mandir}/man${section}ssl fi done # Pick a CA script. pushd $RPM_BUILD_ROOT%{_datadir}/ssl/misc mv CA.sh CA popd # Install root CA stuffs. cat %{SOURCE3} > ca-bundle.crt install -m644 ca-bundle.crt $RPM_BUILD_ROOT%{_datadir}/ssl/certs/ ln -s certs/ca-bundle.crt $RPM_BUILD_ROOT%{_datadir}/ssl/cert.pem # Fix libdir. #sed 's,^libdir=${exec_prefix}/lib,libdir=${exec_prefix}/%{_lib},g' \ # sed 's,^libdir=/usr/lib,libdir=%{_libdir},g' \ # $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/openssl.pc > \ # $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/openssl.pc.tmp && \ # cat $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/openssl.pc.tmp > \ # $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/openssl.pc && \ # rm -f $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/openssl.pc.tmp %clean [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root) %doc FAQ LICENSE CHANGES NEWS INSTALL README %doc doc/README doc/c-indentation.el doc/openssl.txt %doc doc/openssl_button.html doc/openssl_button.gif %doc doc/ssleay.txt # %dir %{_datadir}/ssl # %{_datadir}/ssl/certs # %{_datadir}/ssl/cert.pem # %{_datadir}/ssl/misc/CA # %{_datadir}/ssl/misc/c_* # %{_datadir}/ssl/private # %config(noreplace) %{_datadir}/ssl/openssl.cnf # %attr(0755,root,root) %{_bindir}/openssl %attr(0755,root,root) /%{_lib}/*.so.* # %attr(0755,root,root) %{_libdir}/openssl/engines/*.so # %attr(0755,root,root) %dir %{_mandir}/man1* # %attr(0644,root,root) %{_mandir}/man1*/* # %attr(0755,root,root) %dir %{_mandir}/man5* # %attr(0644,root,root) %{_mandir}/man5*/* # %attr(0755,root,root) %dir %{_mandir}/man7* # %attr(0644,root,root) %{_mandir}/man7*/* ## to build compat32 for x86_64 architecture support %if %{build_compat32} %files -n compat32-%{name} %defattr(-,root,root) %attr(0755,root,root) /%{_lib}/*.so.* %endif %post -p /sbin/ldconfig %postun -p /sbin/ldconfig %post -n compat32-%{name} -p /sbin/ldconfig %postun -n compat32-%{name} -p /sbin/ldconfig %changelog * Sun Dec 6 2015 Satoshi IWAMOTO 0.9.8zh-1 - new upstream release with security fix * Mon Jun 15 2015 Satoshi IWAMOTO 0.9.8zg-1 - new upstream release with security fix * Fri Mar 20 2015 Satoshi IWAMOTO 0.9.8zf-1 - new upstream release with security fix * Sat Jan 10 2015 Satoshi IWAMOTO 0.9.8zd-1 - new upstream release with security fix * Thu Oct 23 2014 Satoshi IWAMOTO 0.9.8zc-1 - new upstream release with security fix * Thu Aug 7 2014 Satoshi IWAMOTO 0.9.8zb-1 - new upstream release with security fix * Sat Jun 7 2014 Satoshi IWAMOTO 0.9.8za-1 - new upstream release with security fix * Fri Feb 11 2011 Satoshi IWAMOTO 0.9.8r-1 - new upstream release with security fix * Thu Dec 30 2010 Satoshi IWAMOTO 0.9.8q-1 - new upstream release with security fix - update patch4 * Wed Mar 31 2010 Satoshi IWAMOTO 0.9.8n-2 - fix files list (unneeded files were included in package) * Tue Mar 30 2010 Satoshi IWAMOTO 0.9.8n-1 - new compatible package openssl 0.9.8n for upgrade openssl 1.0.0 * Thu Mar 18 2010 IWAI, Masaharu 0.9.8m-1 - new upstream release - update enginsdir patch (Patch4) - drop unnecessary patch: upstream fixed - dtls dos patch (Patch10) - CVE-2009-4355 (memory leak) patch (Patch11) - CVE-2009-3555 (renegotiation) patch (Patch12) - update SOURCE6 for pkgconfig - replace BuildPreReq to BuildRequires * Sun Jan 17 2010 Satoshi IWAMOTO 0.9.8k-5 - add patch12 for fix CVE-2009-3555 (renegotiation) * Fri Jan 15 2010 Satoshi IWAMOTO 0.9.8k-4 - add patch11 for fix CVE-2009-4355 (memory leak) * Tue Jun 23 2009 Satoshi IWAMOTO 0.9.8k-3 - add patch10 to fix CVE-2009-1377, 78, 79 (from fc11) * Mon Jun 22 2009 NAKAMURA Kenta 0.9.8k-2 - removed unnecessary %%if %{build_compat32} statements - removed lib*.a from devel package * Mon Mar 30 2009 Satosh IWAMOTO 0.9.8k-1 - new upstream release with security fix (CVE-2000-0590,0591,0789) * Sun Jan 11 2009 Satosh IWAMOTO 0.9.8j-1 - new upstream release with security fix (CVE-2008-5077) * Sat Sep 20 2008 Daisuke SUZUKI 0.9.8i-1 - new upstream release * Sat Jul 12 2008 Satosh IWAMOTO 0.9.8h-1 - new upstream release - new versioning policy * Fri Oct 27 2007 Daisuke SUZUKI 0.9.8g-0vl1 - new upstream release - drop patch10,20 which is merged in upstream * Fri Sep 28 2007 MATSUBAYASHI Kohji 0.9.8e-0vl3 - add security patch in advance for CVE-2007-5135 http://www.securityfocus.com/archive/1/archive/1/480855/100/0/threaded http://marc.info/?l=openssl-cvs&m=119020417919619&w=2 * Fri Aug 10 2007 MATSUBAYASHI Kohji 0.9.8e-0vl2 - add security patch for CVE-2007-3108 (http://openssl.org/news/patch-CVE-2007-3108.txt) * Tue May 15 2007 Daisuke SUZUKI 0.9.8e-0vl1 - new upstream release * Sat Dec 24 2006 Satosh IWAMOTO 0.9.7l-0vl2 - update (fix) openssl.pc * Fri Sep 29 2006 Satosh IWAMOTO 0.9.7l-0vl1 - new upstream release (with security fix) * Mon Sep 11 2006 Satosh IWAMOTO 0.9.7k-0vl1 - new upstream release - add patch2 to use RPM_OPT macro * Mon Feb 06 2006 Shu KONNO 0.9.7i-0vl3 - moved macros _lib to /usr/lib/rpm/rpmrc or macros files * Fri Feb 03 2006 Shu KONNO 0.9.7i-0vl2 - added compat32-* packages for x86_64 architecture support - added openssl-0.9.7i.Configure-compat32.patch - changed '/lib' to '/%{_lib}' * Mon Oct 17 2005 Daisuke SUZUKI 0.9.7i-0vl1 - new upstream release * Mon Jan 31 2005 Daisuke SUZUKI 0.9.7d-0vl4 - rebuild on VineSeed * Sun Jan 09 2005 IKEDA Katsumi 0.9.7d-0vl3.1 - added a security patch from Gentoo. - Patch1: openssl-0.9.7c-tempfile.patch * Sun Mar 28 2004 MATSUBAYASHI Kohji 0.9.7d-0vl3 - sslarch for ppc was missing... added. * Fri Mar 26 2004 Tomoya TAKA 0.9.7d-0vl2 - use sslarch=linux-alpha-gcc instead of alpha-gcc * Mon Mar 22 2004 Satoshi MACHINO 0.9.7d-0vl1 - new upstream version - clean up of spec file -- removed old patches * Sat Mar 20 2004 Daisuke SUZUKI 0.9.6m-0vl1 - new upstream release - SECURITY fix. - http://www.openssl.org/news/secadv_20040317.txt * Wed Oct 1 2003 Daisuke SUZUKI 0.9.6k-0vl1 - new upstream release - [Security fix] - Vulnerabilities in ASN.1 parsing http://www.openssl.org/news/secadv_20030930.txt - see %{_docdir}/%{name}-%{version}/CHANGES for other changes * Wed Jun 04 2003 HOTTA Michihide 0.9.6j-0vl2 - add openssl.pc for pkgconfig * Fri Mar 11 2003 Satoshi MACHINO 0.9.6j-0vl1 - New upstream version - dropped patch10, 11 -- merged upstream version * Sun Feb 23 2003 Daisuke SUZUKI 0.9.6i-0vl1 - rebuild for VineSeed * Sun Feb 23 2003 Daisuke SUZUKI 0.9.6i-0vl0.26.1 - [Security Fix] - Timing-based attacks on RSA keys http://www.openssl.org/news/secadv_20030317.txt - Klima-Pokorny0Rosa attack on RSA in SSL/TLS http://www.openssl.org/news/secadv_20030317.txt * Sun Feb 23 2003 Daisuke SUZUKI 0.9.6i-0vl0.26 - new upstream release 0.9.6i - [Security Fix] - build for Vine Linux 2.6 errata * Mon Nov 18 2002 Daisuke SUZUKI 0.9.6h-0vl1 - new upstream release 0.9.6h * Mon Nov 18 2002 Daisuke SUZUKI 0.9.6g-0vl1 - new upstream release 0.9.6g * Mon Oct 28 2002 IWAI Masaharu 0.9.6b-1vl6 - SECURITY: CAN-2002-0659 fixed - added Patch101 from RedHat 7.2 updates 0.9.6b-28 * Fri Aug 02 2002 Nalin Dahyabhai 0.9.6b-28 - update asn patch to fix accidental reversal of a logic check * Thu Aug 01 2002 Nalin Dahyabhai 0.9.6b-27 - update asn patch to reduce chance that compiler optimization will remove one of the added tests * Thu Aug 01 2002 Nalin Dahyabhai 0.9.6b-26 - rebuild * Tue Jul 30 2002 Nalin Dahyabhai 0.9.6b-25 - add patch to fix ASN.1 vulnerabilities * Wed Jul 31 2002 IWAI Masaharu 0.9.6b-1vl5 - rename spec file name - SECURITY: CA-2002-23 fixed - added Patch100 from RedHat 7.2 updates 0.9.6b-24 * Thu Jul 25 2002 Nalin Dahyabhai 0.9.6b-24 - add backport of Ben Laurie's patches for OpenSSL 0.9.6d * Mon Sep 10 2001 Satoshi MACHINO 0.9.6b-1vl4 - added ${PATH} in LD_LIBRARY_PATH - added install -m 755 *.so.* $RPM_BUILD_ROOT%{_libdir} in %install * Sun Jul 15 2001 Daisuke SUZUKI 0.9.6b-1vl3 - remove --no- * Sun Jul 15 2001 Daisuke SUZUKI 0.9.6b-1vl2 - add Patch10 for mipsel shared ( Configure ) * Sat Jul 14 2001 Daisuke SUZUKI 0.9.6b-1vl1 - build for Vine Linux - use openssl-engine-0.9.6b.tar.gz * Wed Jul 11 2001 Nalin Dahyabhai - update to 0.9.6b * Thu Jul 5 2001 Nalin Dahyabhai - move .so symlinks back to %%{_libdir} * Tue Jul 3 2001 Nalin Dahyabhai - move shared libraries to /lib (#38410) * Mon Jun 25 2001 Nalin Dahyabhai - switch to engine code base * Mon Jun 18 2001 Nalin Dahyabhai - add a script for creating dummy certificates - move man pages from %%{_mandir}/man?/foo.?ssl to %%{_mandir}/man?ssl/foo.? * Thu Jun 07 2001 Florian La Roche - add s390x support * Fri Jun 1 2001 Nalin Dahyabhai - change two memcpy() calls to memmove() - don't define L_ENDIAN on alpha * Tue May 15 2001 Nalin Dahyabhai - make subpackages depend on the main package * Tue May 1 2001 Nalin Dahyabhai - adjust the hobble script to not disturb symlinks in include/ (fix from Joe Orton) * Fri Apr 26 2001 Nalin Dahyabhai - drop the m2crypo patch we weren't using * Tue Apr 24 2001 Nalin Dahyabhai - configure using "shared" as well * Sun Apr 8 2001 Nalin Dahyabhai - update to 0.9.6a - use the build-shared target to build shared libraries - bump the soversion to 2 because we're no longer compatible with our 0.9.5a packages or our 0.9.6 packages - drop the patch for making rsatest a no-op when rsa null support is used - put all man pages into
ssl instead of
- break the m2crypto modules into a separate package * Tue Mar 13 2001 Nalin Dahyabhai - use BN_LLONG on s390 * Mon Mar 12 2001 Nalin Dahyabhai - fix the s390 changes for 0.9.6 (isn't supposed to be marked as 64-bit) * Sat Mar 3 2001 Nalin Dahyabhai - move c_rehash to the perl subpackage, because it's a perl script now * Fri Mar 2 2001 Nalin Dahyabhai - update to 0.9.6 - enable MD2 - use the libcrypto.so and libssl.so targets to build shared libs with - bump the soversion to 1 because we're no longer compatible with any of the various 0.9.5a packages circulating around, which provide lib*.so.0 * Wed Feb 28 2001 Florian La Roche - change hobble-openssl for disabling MD2 again * Tue Feb 27 2001 Nalin Dahyabhai - re-disable MD2 -- the EVP_MD_CTX structure would grow from 100 to 152 bytes or so, causing EVP_DigestInit() to zero out stack variables in apps built against a version of the library without it * Mon Feb 26 2001 Nalin Dahyabhai - disable some inline assembly, which on x86 is Pentium-specific - re-enable MD2 (see http://www.ietf.org/ietf/IPR/RSA-MD-all) * Thu Feb 08 2001 Florian La Roche - fix s390 patch * Fri Dec 8 2000 Than Ngo - added support s390 * Mon Nov 20 2000 Nalin Dahyabhai - remove -Wa,* and -m* compiler flags from the default Configure file (#20656) - add the CA.pl man page to the perl subpackage * Thu Nov 2 2000 Nalin Dahyabhai - always build with -mcpu=ev5 on alpha * Tue Oct 31 2000 Nalin Dahyabhai - add a symlink from cert.pem to ca-bundle.crt * Wed Oct 25 2000 Nalin Dahyabhai - add a ca-bundle file for packages like Samba to reference for CA certificates * Tue Oct 24 2000 Nalin Dahyabhai - remove libcrypto's crypt(), which doesn't handle md5crypt (#19295) * Mon Oct 2 2000 Nalin Dahyabhai - add unzip as a buildprereq (#17662) - update m2crypto to 0.05-snap4 * Tue Sep 26 2000 Bill Nottingham - fix some issues in building when it's not installed * Wed Sep 6 2000 Nalin Dahyabhai - make sure the headers we include are the ones we built with (aaaaarrgh!) * Fri Sep 1 2000 Nalin Dahyabhai - add Richard Henderson's patch for BN on ia64 - clean up the changelog * Tue Aug 29 2000 Nalin Dahyabhai - fix the building of python modules without openssl-devel already installed * Wed Aug 23 2000 Nalin Dahyabhai - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) by marking them as .PRECIOUS * Sat Aug 19 2000 Nalin Dahyabhai - break out python extensions into a subpackage * Mon Jul 17 2000 Nalin Dahyabhai - tweak the makefile some more * Tue Jul 11 2000 Nalin Dahyabhai - disable MD2 support * Thu Jul 6 2000 Nalin Dahyabhai - disable MDC2 support * Sun Jul 2 2000 Nalin Dahyabhai - tweak the disabling of RC5, IDEA support - tweak the makefile * Thu Jun 29 2000 Nalin Dahyabhai - strip binaries and libraries - rework certificate makefile to have the right parts for Apache * Wed Jun 28 2000 Nalin Dahyabhai - use %%{_perl} instead of /usr/bin/perl - disable alpha until it passes its own test suite * Fri Jun 9 2000 Nalin Dahyabhai - move the passwd.1 man page out of the passwd package's way * Fri Jun 2 2000 Nalin Dahyabhai - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - move certificate makefile to another package - disable RC5, IDEA, RSA support - remove optimizations for now * Wed Mar 1 2000 Florian La Roche - Bero told me to move the Makefile into this package * Wed Mar 1 2000 Florian La Roche - add lib*.so symlinks to link dynamically against shared libs * Tue Feb 29 2000 Florian La Roche - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ * Sat Dec 18 1999 Bernhard Rosenkrdnzer - Fix build on non-x86 platforms * Fri Nov 12 1999 Bernhard Rosenkrdnzer - move /usr/share/ssl/* from -devel to main package * Tue Oct 26 1999 Bernhard Rosenkrdnzer - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS