openssl/openssl.spec

712 lines
27 KiB
RPMSpec
Raw Normal View History

# For the curious:
# 0.9.8jk + EAP-FAST soversion = 8
2009-08-20 14:18:42 +00:00
# 1.0.0 soversion = 10
2016-10-11 08:31:54 +00:00
# 1.1.0 soversion = 1.1 (same as upstream although presence of some symbols
# depends on build configuration options)
# 3.0.0 soversion = 3 (same as upstream)
%define soversion 3
# Arches on which we need to prevent arch conflicts on opensslconf.h, must
# also be handled in opensslconf-new.h.
%define multilib_arches %{ix86} ia64 %{mips} ppc ppc64 s390 s390x sparcv9 sparc64 x86_64
%define srpmhash() %{lua:
local files = rpm.expand("%_specdir/openssl.spec")
for i, p in ipairs(patches) do
files = files.." "..p
end
for i, p in ipairs(sources) do
files = files.." "..p
end
local sha256sum = assert(io.popen("cat "..files.." 2>/dev/null | sha256sum"))
local hash = sha256sum:read("*a")
sha256sum:close()
print(string.sub(hash, 0, 16))
}
%global _performance_build 1
Summary: Utilities from the general purpose cryptography library with TLS implementation
auto-import changelog data from openssl-0.9.5a-14.src.rpm Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more - disable MD2 support - disable MDC2 support - tweak the makefile - rework certificate makefile to have the right parts for Apache - strip binaries and libraries - enable actual RSA support - use /usr/bin/perl instead of /usr/bin/perl - move the passwd.1 man page out of the passwd package's way - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - disable RC5, IDEA support - break out python extensions - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) - fix the building of python modules without openssl-devel already installed Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib*.so symlinks to link dynamically against shared libs Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ Sat Dec 18 1999 Bernhard Rosenkrnzer <bero@redhat.de> - Fix build on non-x86 platforms Fri Nov 12 1999 Bernhard Rosenkrnzer <bero@redhat.de> - move /usr/share/ssl/* from -devel to main package Tue Oct 26 1999 Bernhard Rosenkrnzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS
2004-09-09 09:35:06 +00:00
Name: openssl
Version: 3.2.2
Release: 10%{?dist}
Epoch: 1
Source: openssl-%{version}.tar.gz
auto-import changelog data from openssl-0.9.5a-14.src.rpm Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more - disable MD2 support - disable MDC2 support - tweak the makefile - rework certificate makefile to have the right parts for Apache - strip binaries and libraries - enable actual RSA support - use /usr/bin/perl instead of /usr/bin/perl - move the passwd.1 man page out of the passwd package's way - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - disable RC5, IDEA support - break out python extensions - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) - fix the building of python modules without openssl-devel already installed Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib*.so symlinks to link dynamically against shared libs Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ Sat Dec 18 1999 Bernhard Rosenkrnzer <bero@redhat.de> - Fix build on non-x86 platforms Fri Nov 12 1999 Bernhard Rosenkrnzer <bero@redhat.de> - move /usr/share/ssl/* from -devel to main package Tue Oct 26 1999 Bernhard Rosenkrnzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS
2004-09-09 09:35:06 +00:00
Source2: Makefile.certificate
Source3: genpatches
Source4: openssl.rpmlintrc
Source6: make-dummy-cert
Source7: renew-dummy-cert
Source9: configuration-switch.h
Source10: configuration-prefix.h
Source14: 0025-for-tests.patch
# # Patches exported from source git
# # Aarch64 and ppc64le use lib64
Patch1: 0001-Aarch64-and-ppc64le-use-lib64.patch
# # Use more general default values in openssl.cnf
Patch2: 0002-Use-more-general-default-values-in-openssl.cnf.patch
# # Do not install html docs
Patch3: 0003-Do-not-install-html-docs.patch
# # Override default paths for the CA directory tree
Patch4: 0004-Override-default-paths-for-the-CA-directory-tree.patch
# # apps/ca: fix md option help text
Patch5: 0005-apps-ca-fix-md-option-help-text.patch
# # Disable signature verification with totally unsafe hash algorithms
Patch6: 0006-Disable-signature-verification-with-totally-unsafe-h.patch
# # Add support for PROFILE=SYSTEM system default cipherlist
Patch7: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
# # Add FIPS_mode() compatibility macro
Patch8: 0008-Add-FIPS_mode-compatibility-macro.patch
# # Add check to see if fips flag is enabled in kernel
Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch
# # Instead of replacing ectest.c and ec_curve.c, add the changes as a patch so
# # that new modifications made to these files by upstream are not lost.
Patch10: 0010-Add-changes-to-ectest-and-eccurve.patch
# # remove unsupported EC curves
Patch11: 0011-Remove-EC-curves.patch
# # Disable explicit EC curves
# # https://bugzilla.redhat.com/show_bug.cgi?id=2066412
Patch12: 0012-Disable-explicit-ec.patch
# # Skipped tests from former 0011-Remove-EC-curves.patch
Patch13: 0013-skipped-tests-EC-curves.patch
# # Instructions to load legacy provider in openssl.cnf
Patch24: 0024-load-legacy-prov.patch
# # We load FIPS provider and set FIPS properties implicitly
Patch32: 0032-Force-fips.patch
# # Embed HMAC into the fips.so
# Modify fips self test as per
# https://github.com/simo5/openssl/commit/9b95ef8bd2f5ac862e5eee74c724b535f1a8578a
Patch33: 0033-FIPS-embed-hmac.patch
# # Comment out fipsinstall command-line utility
Patch34: 0034.fipsinstall_disable.patch
# # Skip unavailable algorithms running `openssl speed`
Patch35: 0035-speed-skip-unavailable-dgst.patch
# # Extra public/private key checks required by FIPS-140-3
Patch44: 0044-FIPS-140-3-keychecks.patch
# # Minimize fips services
Patch45: 0045-FIPS-services-minimize.patch
# # Execute KATS before HMAC verification
Patch47: 0047-FIPS-early-KATS.patch
# # Selectively disallow SHA1 signatures rhbz#2070977
Patch49: 0049-Allow-disabling-of-SHA1-signatures.patch
# Originally from https://github.com/openssl/openssl/pull/18103
# As we rebased to 3.0.7 and used the version of the function
# not matching the upstream one, we have to use aliasing.
# When we eliminate this patch, the `-Wl,--allow-multiple-definition`
# should also be removed
Patch56: 0056-strcasecmp.patch
# # https://bugzilla.redhat.com/show_bug.cgi?id=2053289
Patch58: 0058-FIPS-limit-rsa-encrypt.patch
# # https://bugzilla.redhat.com/show_bug.cgi?id=2087147
Patch61: 0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch
# 0062-fips-Expose-a-FIPS-indicator.patch
Patch62: 0062-fips-Expose-a-FIPS-indicator.patch
# # https://bugzilla.redhat.com/show_bug.cgi?id=2102535
Patch73: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
# [PATCH 29/46]
# 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
Patch74: 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
# # https://bugzilla.redhat.com/show_bug.cgi?id=2102535
Patch75: 0075-FIPS-Use-FFDHE2048-in-self-test.patch
# # Downstream only. Reseed DRBG using getrandom(GRND_RANDOM)
# # https://bugzilla.redhat.com/show_bug.cgi?id=2102541
Patch76: 0076-FIPS-140-3-DRBG.patch
# # https://bugzilla.redhat.com/show_bug.cgi?id=2102542
Patch77: 0077-FIPS-140-3-zeroization.patch
# # https://bugzilla.redhat.com/show_bug.cgi?id=2114772
Patch78: 0078-KDF-Add-FIPS-indicators.patch
2023-08-22 14:39:12 +00:00
# # We believe that some changes present in CentOS are not necessary
# # because ustream has a check for FIPS version
Patch80: 0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch
# [PATCH 36/46]
2023-08-22 14:39:12 +00:00
# 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch
Patch81: 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch
# [PATCH 37/46]
2023-08-22 14:39:12 +00:00
# 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch
Patch83: 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch
# [PATCH 38/46]
2023-08-22 14:39:12 +00:00
# 0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
Patch84: 0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
# 0085-FIPS-RSA-disable-shake.patch
Patch85: 0085-FIPS-RSA-disable-shake.patch
# 0088-signature-Add-indicator-for-PSS-salt-length.patch
Patch88: 0088-signature-Add-indicator-for-PSS-salt-length.patch
# 0091-FIPS-RSA-encapsulate.patch
Patch91: 0091-FIPS-RSA-encapsulate.patch
# [PATCH 42/46]
2023-08-22 14:39:12 +00:00
# 0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
Patch93: 0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
# [PATCH 43/46]
2023-08-22 14:39:12 +00:00
# 0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch
Patch110: 0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch
# [PATCH 44/46]
2023-08-22 14:39:12 +00:00
# 0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch
Patch112: 0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch
# 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch
Patch113: 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch
# # We believe that some changes present in CentOS are not necessary
# # because ustream has a check for FIPS version
Patch114: 0114-FIPS-enforce-EMS-support.patch
# Amend tests according to Fedora/RHEL code
Patch115: 0115-skip-quic-pairwise.patch
# Add version aliasing due to
# https://github.com/openssl/openssl/issues/23534
Patch116: 0116-version-aliasing.patch
# https://github.com/openssl/openssl/issues/23050
Patch117: 0117-ignore-unknown-sigalgorithms-groups.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2160797
Patch121: 0121-FIPS-cms-defaults.patch
# HKDF regression with older provider implementations
Patch122: 0123-kdf-Preserve-backward-compatibility-with-older-provi.patch
# https://github.com/openssl/openssl/issues/24577
Patch124: 0124-PBMAC1-PKCS12-FIPS-support.patch
# Downstream patch: enforce PBMAC1 in FIPS mode
Patch125: 0125-PBMAC1-PKCS12-FIPS-default.patch
2023-08-04 11:55:50 +00:00
License: Apache-2.0
auto-import changelog data from openssl-0.9.5a-14.src.rpm Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more - disable MD2 support - disable MDC2 support - tweak the makefile - rework certificate makefile to have the right parts for Apache - strip binaries and libraries - enable actual RSA support - use /usr/bin/perl instead of /usr/bin/perl - move the passwd.1 man page out of the passwd package's way - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - disable RC5, IDEA support - break out python extensions - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) - fix the building of python modules without openssl-devel already installed Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib*.so symlinks to link dynamically against shared libs Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ Sat Dec 18 1999 Bernhard Rosenkrnzer <bero@redhat.de> - Fix build on non-x86 platforms Fri Nov 12 1999 Bernhard Rosenkrnzer <bero@redhat.de> - move /usr/share/ssl/* from -devel to main package Tue Oct 26 1999 Bernhard Rosenkrnzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS
2004-09-09 09:35:06 +00:00
URL: http://www.openssl.org/
BuildRequires: gcc g++
BuildRequires: coreutils, perl-interpreter, sed, zlib-devel, /usr/bin/cmp
2016-01-15 13:43:57 +00:00
BuildRequires: lksctp-tools-devel
2008-01-25 17:04:12 +00:00
BuildRequires: /usr/bin/rename
2015-08-12 21:16:04 +00:00
BuildRequires: /usr/bin/pod2man
BuildRequires: /usr/sbin/sysctl
2016-10-11 08:31:54 +00:00
BuildRequires: perl(Test::Harness), perl(Test::More), perl(Math::BigInt)
2018-03-29 14:40:14 +00:00
BuildRequires: perl(Module::Load::Conditional), perl(File::Temp)
BuildRequires: perl(Time::HiRes), perl(IPC::Cmd), perl(Pod::Html), perl(Digest::SHA)
BuildRequires: perl(FindBin), perl(lib), perl(File::Compare), perl(File::Copy), perl(bigint)
BuildRequires: git-core
BuildRequires: systemtap-sdt-devel
Requires: coreutils
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
auto-import changelog data from openssl-0.9.5a-14.src.rpm Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more - disable MD2 support - disable MDC2 support - tweak the makefile - rework certificate makefile to have the right parts for Apache - strip binaries and libraries - enable actual RSA support - use /usr/bin/perl instead of /usr/bin/perl - move the passwd.1 man page out of the passwd package's way - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - disable RC5, IDEA support - break out python extensions - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) - fix the building of python modules without openssl-devel already installed Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib*.so symlinks to link dynamically against shared libs Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ Sat Dec 18 1999 Bernhard Rosenkrnzer <bero@redhat.de> - Fix build on non-x86 platforms Fri Nov 12 1999 Bernhard Rosenkrnzer <bero@redhat.de> - move /usr/share/ssl/* from -devel to main package Tue Oct 26 1999 Bernhard Rosenkrnzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS
2004-09-09 09:35:06 +00:00
%description
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.
auto-import changelog data from openssl-0.9.5a-14.src.rpm Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more - disable MD2 support - disable MDC2 support - tweak the makefile - rework certificate makefile to have the right parts for Apache - strip binaries and libraries - enable actual RSA support - use /usr/bin/perl instead of /usr/bin/perl - move the passwd.1 man page out of the passwd package's way - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - disable RC5, IDEA support - break out python extensions - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) - fix the building of python modules without openssl-devel already installed Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib*.so symlinks to link dynamically against shared libs Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ Sat Dec 18 1999 Bernhard Rosenkrnzer <bero@redhat.de> - Fix build on non-x86 platforms Fri Nov 12 1999 Bernhard Rosenkrnzer <bero@redhat.de> - move /usr/share/ssl/* from -devel to main package Tue Oct 26 1999 Bernhard Rosenkrnzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS
2004-09-09 09:35:06 +00:00
%package libs
Summary: A general purpose cryptography library with TLS implementation
Requires: ca-certificates >= 2008-5
Requires: crypto-policies >= 20180730
%if ( %{defined rhel} && (! %{defined centos}) )
Requires: openssl-fips-provider
%endif
%description libs
OpenSSL is a toolkit for supporting cryptography. The openssl-libs
package contains the libraries that are used by various applications which
support cryptographic algorithms and protocols.
auto-import changelog data from openssl-0.9.5a-14.src.rpm Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more - disable MD2 support - disable MDC2 support - tweak the makefile - rework certificate makefile to have the right parts for Apache - strip binaries and libraries - enable actual RSA support - use /usr/bin/perl instead of /usr/bin/perl - move the passwd.1 man page out of the passwd package's way - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - disable RC5, IDEA support - break out python extensions - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) - fix the building of python modules without openssl-devel already installed Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib*.so symlinks to link dynamically against shared libs Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ Sat Dec 18 1999 Bernhard Rosenkrnzer <bero@redhat.de> - Fix build on non-x86 platforms Fri Nov 12 1999 Bernhard Rosenkrnzer <bero@redhat.de> - move /usr/share/ssl/* from -devel to main package Tue Oct 26 1999 Bernhard Rosenkrnzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS
2004-09-09 09:35:06 +00:00
%package devel
Summary: Files for development of applications which will use OpenSSL
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
Requires: pkgconfig
auto-import changelog data from openssl-0.9.5a-14.src.rpm Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more - disable MD2 support - disable MDC2 support - tweak the makefile - rework certificate makefile to have the right parts for Apache - strip binaries and libraries - enable actual RSA support - use /usr/bin/perl instead of /usr/bin/perl - move the passwd.1 man page out of the passwd package's way - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - disable RC5, IDEA support - break out python extensions - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) - fix the building of python modules without openssl-devel already installed Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib*.so symlinks to link dynamically against shared libs Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ Sat Dec 18 1999 Bernhard Rosenkrnzer <bero@redhat.de> - Fix build on non-x86 platforms Fri Nov 12 1999 Bernhard Rosenkrnzer <bero@redhat.de> - move /usr/share/ssl/* from -devel to main package Tue Oct 26 1999 Bernhard Rosenkrnzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS
2004-09-09 09:35:06 +00:00
%description devel
OpenSSL is a toolkit for supporting cryptography. The openssl-devel
2009-03-13 13:10:33 +00:00
package contains include files needed to develop applications which
support various cryptographic algorithms and protocols.
auto-import changelog data from openssl-0.9.5a-14.src.rpm Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more - disable MD2 support - disable MDC2 support - tweak the makefile - rework certificate makefile to have the right parts for Apache - strip binaries and libraries - enable actual RSA support - use /usr/bin/perl instead of /usr/bin/perl - move the passwd.1 man page out of the passwd package's way - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - disable RC5, IDEA support - break out python extensions - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) - fix the building of python modules without openssl-devel already installed Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib*.so symlinks to link dynamically against shared libs Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ Sat Dec 18 1999 Bernhard Rosenkrnzer <bero@redhat.de> - Fix build on non-x86 platforms Fri Nov 12 1999 Bernhard Rosenkrnzer <bero@redhat.de> - move /usr/share/ssl/* from -devel to main package Tue Oct 26 1999 Bernhard Rosenkrnzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS
2004-09-09 09:35:06 +00:00
%package perl
Summary: Perl scripts provided with OpenSSL
Requires: perl-interpreter
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
auto-import changelog data from openssl-0.9.5a-14.src.rpm Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more - disable MD2 support - disable MDC2 support - tweak the makefile - rework certificate makefile to have the right parts for Apache - strip binaries and libraries - enable actual RSA support - use /usr/bin/perl instead of /usr/bin/perl - move the passwd.1 man page out of the passwd package's way - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - disable RC5, IDEA support - break out python extensions - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) - fix the building of python modules without openssl-devel already installed Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib*.so symlinks to link dynamically against shared libs Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ Sat Dec 18 1999 Bernhard Rosenkrnzer <bero@redhat.de> - Fix build on non-x86 platforms Fri Nov 12 1999 Bernhard Rosenkrnzer <bero@redhat.de> - move /usr/share/ssl/* from -devel to main package Tue Oct 26 1999 Bernhard Rosenkrnzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS
2004-09-09 09:35:06 +00:00
%description perl
OpenSSL is a toolkit for supporting cryptography. The openssl-perl
package provides Perl scripts for converting certificates and keys
from other formats to the formats used by the OpenSSL toolkit.
auto-import changelog data from openssl-0.9.5a-14.src.rpm Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more - disable MD2 support - disable MDC2 support - tweak the makefile - rework certificate makefile to have the right parts for Apache - strip binaries and libraries - enable actual RSA support - use /usr/bin/perl instead of /usr/bin/perl - move the passwd.1 man page out of the passwd package's way - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - disable RC5, IDEA support - break out python extensions - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) - fix the building of python modules without openssl-devel already installed Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib*.so symlinks to link dynamically against shared libs Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ Sat Dec 18 1999 Bernhard Rosenkrnzer <bero@redhat.de> - Fix build on non-x86 platforms Fri Nov 12 1999 Bernhard Rosenkrnzer <bero@redhat.de> - move /usr/share/ssl/* from -devel to main package Tue Oct 26 1999 Bernhard Rosenkrnzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS
2004-09-09 09:35:06 +00:00
%prep
%autosetup -S git -n %{name}-%{version}
%build
# Figure out which flags we want to use.
# default
sslarch=%{_os}-%{_target_cpu}
auto-import changelog data from openssl-0.9.5a-14.src.rpm Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more - disable MD2 support - disable MDC2 support - tweak the makefile - rework certificate makefile to have the right parts for Apache - strip binaries and libraries - enable actual RSA support - use /usr/bin/perl instead of /usr/bin/perl - move the passwd.1 man page out of the passwd package's way - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - disable RC5, IDEA support - break out python extensions - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) - fix the building of python modules without openssl-devel already installed Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib*.so symlinks to link dynamically against shared libs Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ Sat Dec 18 1999 Bernhard Rosenkrnzer <bero@redhat.de> - Fix build on non-x86 platforms Fri Nov 12 1999 Bernhard Rosenkrnzer <bero@redhat.de> - move /usr/share/ssl/* from -devel to main package Tue Oct 26 1999 Bernhard Rosenkrnzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS
2004-09-09 09:35:06 +00:00
%ifarch %ix86
sslarch=linux-elf
if ! echo %{_target} | grep -q i686 ; then
sslflags="no-asm 386"
fi
auto-import changelog data from openssl-0.9.5a-14.src.rpm Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more - disable MD2 support - disable MDC2 support - tweak the makefile - rework certificate makefile to have the right parts for Apache - strip binaries and libraries - enable actual RSA support - use /usr/bin/perl instead of /usr/bin/perl - move the passwd.1 man page out of the passwd package's way - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - disable RC5, IDEA support - break out python extensions - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) - fix the building of python modules without openssl-devel already installed Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib*.so symlinks to link dynamically against shared libs Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ Sat Dec 18 1999 Bernhard Rosenkrnzer <bero@redhat.de> - Fix build on non-x86 platforms Fri Nov 12 1999 Bernhard Rosenkrnzer <bero@redhat.de> - move /usr/share/ssl/* from -devel to main package Tue Oct 26 1999 Bernhard Rosenkrnzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS
2004-09-09 09:35:06 +00:00
%endif
%ifarch x86_64
sslflags=enable-ec_nistp_64_gcc_128
%endif
2008-05-20 15:16:15 +00:00
%ifarch sparcv9
auto-import changelog data from openssl-0.9.5a-14.src.rpm Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more - disable MD2 support - disable MDC2 support - tweak the makefile - rework certificate makefile to have the right parts for Apache - strip binaries and libraries - enable actual RSA support - use /usr/bin/perl instead of /usr/bin/perl - move the passwd.1 man page out of the passwd package's way - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - disable RC5, IDEA support - break out python extensions - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) - fix the building of python modules without openssl-devel already installed Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib*.so symlinks to link dynamically against shared libs Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ Sat Dec 18 1999 Bernhard Rosenkrnzer <bero@redhat.de> - Fix build on non-x86 platforms Fri Nov 12 1999 Bernhard Rosenkrnzer <bero@redhat.de> - move /usr/share/ssl/* from -devel to main package Tue Oct 26 1999 Bernhard Rosenkrnzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS
2004-09-09 09:35:06 +00:00
sslarch=linux-sparcv9
auto-import changelog data from openssl-0.9.6-3.src.rpm Tue Mar 13 2001 Nalin Dahyabhai <nalin@redhat.com> - use BN_LLONG on s390 Mon Mar 12 2001 Nalin Dahyabhai <nalin@redhat.com> - fix the s390 changes for 0.9.6 (isn't supposed to be marked as 64-bit) Sat Mar 03 2001 Nalin Dahyabhai <nalin@redhat.com> - move c_rehash to the perl subpackage, because it's a perl script now Fri Mar 02 2001 Nalin Dahyabhai <nalin@redhat.com> - update to 0.9.6 - enable MD2 - use the libcrypto.so and libssl.so targets to build shared libs with - bump the soversion to 1 because we're no longer compatible with any of the various 0.9.5a packages circulating around, which provide lib*.so.0 Wed Feb 28 2001 Florian La Roche <Florian.LaRoche@redhat.de> - change hobble-openssl for disabling MD2 again Tue Feb 27 2001 Nalin Dahyabhai <nalin@redhat.com> - re-disable MD2 -- the EVP_MD_CTX structure would grow from 100 to 152 bytes or so, causing EVP_DigestInit() to zero out stack variables in apps built against a version of the library without it Mon Feb 26 2001 Nalin Dahyabhai <nalin@redhat.com> - disable some inline assembly, which on x86 is Pentium-specific - re-enable MD2 (see http://www.ietf.org/ietf/IPR/RSA-MD-all) Thu Feb 08 2001 Florian La Roche <Florian.LaRoche@redhat.de> - fix s390 patch Fri Dec 08 2000 Than Ngo <than@redhat.com> - added support s390 Mon Nov 20 2000 Nalin Dahyabhai <nalin@redhat.com> - remove -Wa,* and -m* compiler flags from the default Configure file (#20656) - add the CA.pl man page to the perl subpackage Thu Nov 02 2000 Nalin Dahyabhai <nalin@redhat.com> - always build with -mcpu=ev5 on alpha Tue Oct 31 2000 Nalin Dahyabhai <nalin@redhat.com> - add a symlink from cert.pem to ca-bundle.crt Wed Oct 25 2000 Nalin Dahyabhai <nalin@redhat.com> - add a ca-bundle file for packages like Samba to reference for CA certificates Tue Oct 24 2000 Nalin Dahyabhai <nalin@redhat.com> - remove libcrypto's crypt(), which doesn't handle md5crypt (#19295) Mon Oct 02 2000 Nalin Dahyabhai <nalin@redhat.com> - add unzip as a buildprereq (#17662) - update m2crypto to 0.05-snap4
2004-09-09 09:35:41 +00:00
sslflags=no-asm
auto-import changelog data from openssl-0.9.5a-14.src.rpm Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more - disable MD2 support - disable MDC2 support - tweak the makefile - rework certificate makefile to have the right parts for Apache - strip binaries and libraries - enable actual RSA support - use /usr/bin/perl instead of /usr/bin/perl - move the passwd.1 man page out of the passwd package's way - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - disable RC5, IDEA support - break out python extensions - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) - fix the building of python modules without openssl-devel already installed Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib*.so symlinks to link dynamically against shared libs Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ Sat Dec 18 1999 Bernhard Rosenkrnzer <bero@redhat.de> - Fix build on non-x86 platforms Fri Nov 12 1999 Bernhard Rosenkrnzer <bero@redhat.de> - move /usr/share/ssl/* from -devel to main package Tue Oct 26 1999 Bernhard Rosenkrnzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS
2004-09-09 09:35:06 +00:00
%endif
2008-05-20 15:16:15 +00:00
%ifarch sparc64
sslarch=linux64-sparcv9
sslflags=no-asm
%endif
%ifarch alpha alphaev56 alphaev6 alphaev67
sslarch=linux-alpha-gcc
auto-import changelog data from openssl-0.9.5a-14.src.rpm Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more - disable MD2 support - disable MDC2 support - tweak the makefile - rework certificate makefile to have the right parts for Apache - strip binaries and libraries - enable actual RSA support - use /usr/bin/perl instead of /usr/bin/perl - move the passwd.1 man page out of the passwd package's way - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - disable RC5, IDEA support - break out python extensions - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) - fix the building of python modules without openssl-devel already installed Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib*.so symlinks to link dynamically against shared libs Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ Sat Dec 18 1999 Bernhard Rosenkrnzer <bero@redhat.de> - Fix build on non-x86 platforms Fri Nov 12 1999 Bernhard Rosenkrnzer <bero@redhat.de> - move /usr/share/ssl/* from -devel to main package Tue Oct 26 1999 Bernhard Rosenkrnzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS
2004-09-09 09:35:06 +00:00
%endif
%ifarch s390 sh3eb sh4eb
sslarch="linux-generic32 -DB_ENDIAN"
auto-import changelog data from openssl-0.9.6-3.src.rpm Tue Mar 13 2001 Nalin Dahyabhai <nalin@redhat.com> - use BN_LLONG on s390 Mon Mar 12 2001 Nalin Dahyabhai <nalin@redhat.com> - fix the s390 changes for 0.9.6 (isn't supposed to be marked as 64-bit) Sat Mar 03 2001 Nalin Dahyabhai <nalin@redhat.com> - move c_rehash to the perl subpackage, because it's a perl script now Fri Mar 02 2001 Nalin Dahyabhai <nalin@redhat.com> - update to 0.9.6 - enable MD2 - use the libcrypto.so and libssl.so targets to build shared libs with - bump the soversion to 1 because we're no longer compatible with any of the various 0.9.5a packages circulating around, which provide lib*.so.0 Wed Feb 28 2001 Florian La Roche <Florian.LaRoche@redhat.de> - change hobble-openssl for disabling MD2 again Tue Feb 27 2001 Nalin Dahyabhai <nalin@redhat.com> - re-disable MD2 -- the EVP_MD_CTX structure would grow from 100 to 152 bytes or so, causing EVP_DigestInit() to zero out stack variables in apps built against a version of the library without it Mon Feb 26 2001 Nalin Dahyabhai <nalin@redhat.com> - disable some inline assembly, which on x86 is Pentium-specific - re-enable MD2 (see http://www.ietf.org/ietf/IPR/RSA-MD-all) Thu Feb 08 2001 Florian La Roche <Florian.LaRoche@redhat.de> - fix s390 patch Fri Dec 08 2000 Than Ngo <than@redhat.com> - added support s390 Mon Nov 20 2000 Nalin Dahyabhai <nalin@redhat.com> - remove -Wa,* and -m* compiler flags from the default Configure file (#20656) - add the CA.pl man page to the perl subpackage Thu Nov 02 2000 Nalin Dahyabhai <nalin@redhat.com> - always build with -mcpu=ev5 on alpha Tue Oct 31 2000 Nalin Dahyabhai <nalin@redhat.com> - add a symlink from cert.pem to ca-bundle.crt Wed Oct 25 2000 Nalin Dahyabhai <nalin@redhat.com> - add a ca-bundle file for packages like Samba to reference for CA certificates Tue Oct 24 2000 Nalin Dahyabhai <nalin@redhat.com> - remove libcrypto's crypt(), which doesn't handle md5crypt (#19295) Mon Oct 02 2000 Nalin Dahyabhai <nalin@redhat.com> - add unzip as a buildprereq (#17662) - update m2crypto to 0.05-snap4
2004-09-09 09:35:41 +00:00
%endif
%ifarch s390x
sslarch="linux64-s390x"
%endif
2013-04-21 13:33:34 +00:00
%ifarch %{arm}
sslarch=linux-armv4
%endif
2015-05-07 15:04:05 +00:00
%ifarch aarch64
sslarch=linux-aarch64
sslflags=enable-ec_nistp_64_gcc_128
2015-05-07 15:04:05 +00:00
%endif
2013-04-21 13:33:34 +00:00
%ifarch sh3 sh4
sslarch=linux-generic32
%endif
%ifarch ppc64 ppc64p7
sslarch=linux-ppc64
%endif
%ifarch ppc64le
sslarch="linux-ppc64le"
sslflags=enable-ec_nistp_64_gcc_128
%endif
%ifarch mips mipsel
sslarch="linux-mips32 -mips32r2"
%endif
%ifarch mips64 mips64el
sslarch="linux64-mips64 -mips64r2"
%endif
%ifarch mips64el
sslflags=enable-ec_nistp_64_gcc_128
%endif
2016-10-07 19:44:34 +00:00
%ifarch riscv64
sslarch=linux-generic64
%endif
#temporarily disable ktls to unblock c10s builds
ktlsopt=disable-ktls
%ifarch armv7hl
ktlsopt=disable-ktls
%endif
2016-10-11 08:31:54 +00:00
# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
# marked as not requiring an executable stack.
# Also add -DPURIFY to make using valgrind with openssl easier as we do not
# want to depend on the uninitialized memory as a source of entropy anyway.
RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -Wa,--generate-missing-build-notes=yes -DPURIFY $RPM_LD_FLAGS"
2016-10-11 08:31:54 +00:00
2017-11-03 15:57:03 +00:00
export HASHBANGPERL=/usr/bin/perl
%define fips %{version}-%{srpmhash}
# ia64, x86_64, ppc are OK by default
auto-import changelog data from openssl-0.9.5a-14.src.rpm Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more - disable MD2 support - disable MDC2 support - tweak the makefile - rework certificate makefile to have the right parts for Apache - strip binaries and libraries - enable actual RSA support - use /usr/bin/perl instead of /usr/bin/perl - move the passwd.1 man page out of the passwd package's way - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - disable RC5, IDEA support - break out python extensions - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) - fix the building of python modules without openssl-devel already installed Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib*.so symlinks to link dynamically against shared libs Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ Sat Dec 18 1999 Bernhard Rosenkrnzer <bero@redhat.de> - Fix build on non-x86 platforms Fri Nov 12 1999 Bernhard Rosenkrnzer <bero@redhat.de> - move /usr/share/ssl/* from -devel to main package Tue Oct 26 1999 Bernhard Rosenkrnzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS
2004-09-09 09:35:06 +00:00
# Configure the build tree. Override OpenSSL defaults with known-good defaults
auto-import changelog data from openssl-0.9.6-3.src.rpm Tue Mar 13 2001 Nalin Dahyabhai <nalin@redhat.com> - use BN_LLONG on s390 Mon Mar 12 2001 Nalin Dahyabhai <nalin@redhat.com> - fix the s390 changes for 0.9.6 (isn't supposed to be marked as 64-bit) Sat Mar 03 2001 Nalin Dahyabhai <nalin@redhat.com> - move c_rehash to the perl subpackage, because it's a perl script now Fri Mar 02 2001 Nalin Dahyabhai <nalin@redhat.com> - update to 0.9.6 - enable MD2 - use the libcrypto.so and libssl.so targets to build shared libs with - bump the soversion to 1 because we're no longer compatible with any of the various 0.9.5a packages circulating around, which provide lib*.so.0 Wed Feb 28 2001 Florian La Roche <Florian.LaRoche@redhat.de> - change hobble-openssl for disabling MD2 again Tue Feb 27 2001 Nalin Dahyabhai <nalin@redhat.com> - re-disable MD2 -- the EVP_MD_CTX structure would grow from 100 to 152 bytes or so, causing EVP_DigestInit() to zero out stack variables in apps built against a version of the library without it Mon Feb 26 2001 Nalin Dahyabhai <nalin@redhat.com> - disable some inline assembly, which on x86 is Pentium-specific - re-enable MD2 (see http://www.ietf.org/ietf/IPR/RSA-MD-all) Thu Feb 08 2001 Florian La Roche <Florian.LaRoche@redhat.de> - fix s390 patch Fri Dec 08 2000 Than Ngo <than@redhat.com> - added support s390 Mon Nov 20 2000 Nalin Dahyabhai <nalin@redhat.com> - remove -Wa,* and -m* compiler flags from the default Configure file (#20656) - add the CA.pl man page to the perl subpackage Thu Nov 02 2000 Nalin Dahyabhai <nalin@redhat.com> - always build with -mcpu=ev5 on alpha Tue Oct 31 2000 Nalin Dahyabhai <nalin@redhat.com> - add a symlink from cert.pem to ca-bundle.crt Wed Oct 25 2000 Nalin Dahyabhai <nalin@redhat.com> - add a ca-bundle file for packages like Samba to reference for CA certificates Tue Oct 24 2000 Nalin Dahyabhai <nalin@redhat.com> - remove libcrypto's crypt(), which doesn't handle md5crypt (#19295) Mon Oct 02 2000 Nalin Dahyabhai <nalin@redhat.com> - add unzip as a buildprereq (#17662) - update m2crypto to 0.05-snap4
2004-09-09 09:35:41 +00:00
# usable on all platforms. The Configure script already knows to use -fPIC and
# RPM_OPT_FLAGS, so we can skip specifiying them here.
./Configure \
2013-07-19 09:36:23 +00:00
--prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
--system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \
2016-10-11 08:31:54 +00:00
zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
enable-cms enable-md2 enable-rc5 ${ktlsopt} enable-fips -D_GNU_SOURCE\
no-mdc2 no-ec2m no-sm2 no-sm4 no-atexit enable-buildtest-c++\
shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\"" -DREDHAT_FIPS_VERSION="\"%{fips}\""'\
-Wl,--allow-multiple-definition
2018-03-29 16:13:54 +00:00
# Do not run this in a production package the FIPS symbols must be patched-in
#util/mkdef.pl crypto update
auto-import changelog data from openssl-0.9.5a-14.src.rpm Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more - disable MD2 support - disable MDC2 support - tweak the makefile - rework certificate makefile to have the right parts for Apache - strip binaries and libraries - enable actual RSA support - use /usr/bin/perl instead of /usr/bin/perl - move the passwd.1 man page out of the passwd package's way - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - disable RC5, IDEA support - break out python extensions - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) - fix the building of python modules without openssl-devel already installed Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib*.so symlinks to link dynamically against shared libs Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ Sat Dec 18 1999 Bernhard Rosenkrnzer <bero@redhat.de> - Fix build on non-x86 platforms Fri Nov 12 1999 Bernhard Rosenkrnzer <bero@redhat.de> - move /usr/share/ssl/* from -devel to main package Tue Oct 26 1999 Bernhard Rosenkrnzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS
2004-09-09 09:35:06 +00:00
make -s %{?_smp_mflags} all
# Clean up the .pc files
for i in libcrypto.pc libssl.pc openssl.pc ; do
sed -i '/^Libs.private:/{s/-L[^ ]* //;s/-Wl[^ ]* //}' $i
done
%check
auto-import changelog data from openssl-0.9.5a-14.src.rpm Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more - disable MD2 support - disable MDC2 support - tweak the makefile - rework certificate makefile to have the right parts for Apache - strip binaries and libraries - enable actual RSA support - use /usr/bin/perl instead of /usr/bin/perl - move the passwd.1 man page out of the passwd package's way - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - disable RC5, IDEA support - break out python extensions - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) - fix the building of python modules without openssl-devel already installed Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib*.so symlinks to link dynamically against shared libs Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ Sat Dec 18 1999 Bernhard Rosenkrnzer <bero@redhat.de> - Fix build on non-x86 platforms Fri Nov 12 1999 Bernhard Rosenkrnzer <bero@redhat.de> - move /usr/share/ssl/* from -devel to main package Tue Oct 26 1999 Bernhard Rosenkrnzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS
2004-09-09 09:35:06 +00:00
# Verify that what was compiled actually works.
# Hack - either enable SCTP AUTH chunks in kernel or disable sctp for check
(sysctl net.sctp.addip_enable=1 && sysctl net.sctp.auth_enable=1) || \
(echo 'Failed to enable SCTP AUTH chunks, disabling SCTP for tests...' &&
sed '/"msan" => "default",/a\ \ "sctp" => "default",' configdata.pm > configdata.pm.new && \
touch -r configdata.pm configdata.pm.new && \
mv -f configdata.pm.new configdata.pm)
# We must revert patch4 before tests otherwise they will fail
patch -p1 -R < %{PATCH4}
#We must disable default provider before tests otherwise they will fail
patch -p1 < %{SOURCE14}
OPENSSL_ENABLE_MD5_VERIFY=
export OPENSSL_ENABLE_MD5_VERIFY
OPENSSL_ENABLE_SHA1_SIGNATURES=
export OPENSSL_ENABLE_SHA1_SIGNATURES
OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file
export OPENSSL_SYSTEM_CIPHERS_OVERRIDE
#embed HMAC into fips provider for test run
LD_LIBRARY_PATH=. apps/openssl dgst -binary -sha256 -mac HMAC -macopt hexkey:f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813 < providers/fips.so > providers/fips.so.hmac
objcopy --update-section .rodata1=providers/fips.so.hmac providers/fips.so providers/fips.so.mac
mv providers/fips.so.mac providers/fips.so
#run tests itself
make test HARNESS_JOBS=8
auto-import changelog data from openssl-0.9.5a-14.src.rpm Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more - disable MD2 support - disable MDC2 support - tweak the makefile - rework certificate makefile to have the right parts for Apache - strip binaries and libraries - enable actual RSA support - use /usr/bin/perl instead of /usr/bin/perl - move the passwd.1 man page out of the passwd package's way - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - disable RC5, IDEA support - break out python extensions - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) - fix the building of python modules without openssl-devel already installed Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib*.so symlinks to link dynamically against shared libs Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ Sat Dec 18 1999 Bernhard Rosenkrnzer <bero@redhat.de> - Fix build on non-x86 platforms Fri Nov 12 1999 Bernhard Rosenkrnzer <bero@redhat.de> - move /usr/share/ssl/* from -devel to main package Tue Oct 26 1999 Bernhard Rosenkrnzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS
2004-09-09 09:35:06 +00:00
# Add generation of HMAC checksum of the final stripped library
# We manually copy standard definition of __spec_install_post
# and add hmac calculation/embedding to fips.so
%if ( %{defined rhel} && (! %{defined centos}) )
%define __spec_install_post \
rm -rf $RPM_BUILD_ROOT/%{_libdir}/ossl-modules/fips.so \
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
%{__os_install_post} \
%{nil}
%else
%define __spec_install_post \
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
%{__os_install_post} \
LD_LIBRARY_PATH=. apps/openssl dgst -binary -sha256 -mac HMAC -macopt hexkey:f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813 < $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so > $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac \
objcopy --update-section .rodata1=$RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.mac \
mv $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.mac $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so \
rm $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac \
%{nil}
%endif
%define __provides_exclude_from %{_libdir}/openssl
auto-import changelog data from openssl-0.9.5a-14.src.rpm Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more - disable MD2 support - disable MDC2 support - tweak the makefile - rework certificate makefile to have the right parts for Apache - strip binaries and libraries - enable actual RSA support - use /usr/bin/perl instead of /usr/bin/perl - move the passwd.1 man page out of the passwd package's way - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - disable RC5, IDEA support - break out python extensions - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) - fix the building of python modules without openssl-devel already installed Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib*.so symlinks to link dynamically against shared libs Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ Sat Dec 18 1999 Bernhard Rosenkrnzer <bero@redhat.de> - Fix build on non-x86 platforms Fri Nov 12 1999 Bernhard Rosenkrnzer <bero@redhat.de> - move /usr/share/ssl/* from -devel to main package Tue Oct 26 1999 Bernhard Rosenkrnzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS
2004-09-09 09:35:06 +00:00
%install
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
# Install OpenSSL.
install -d $RPM_BUILD_ROOT{%{_bindir},%{_includedir},%{_libdir},%{_mandir},%{_libdir}/openssl,%{_pkgdocdir}}
%make_install
2009-03-19 10:31:41 +00:00
rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT%{_libdir}/*.so.%{soversion}
for lib in $RPM_BUILD_ROOT%{_libdir}/*.so.%{version} ; do
chmod 755 ${lib}
2009-03-19 10:31:41 +00:00
ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`
ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`.%{soversion}
done
auto-import changelog data from openssl-0.9.5a-14.src.rpm Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more - disable MD2 support - disable MDC2 support - tweak the makefile - rework certificate makefile to have the right parts for Apache - strip binaries and libraries - enable actual RSA support - use /usr/bin/perl instead of /usr/bin/perl - move the passwd.1 man page out of the passwd package's way - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - disable RC5, IDEA support - break out python extensions - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) - fix the building of python modules without openssl-devel already installed Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib*.so symlinks to link dynamically against shared libs Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ Sat Dec 18 1999 Bernhard Rosenkrnzer <bero@redhat.de> - Fix build on non-x86 platforms Fri Nov 12 1999 Bernhard Rosenkrnzer <bero@redhat.de> - move /usr/share/ssl/* from -devel to main package Tue Oct 26 1999 Bernhard Rosenkrnzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS
2004-09-09 09:35:06 +00:00
# Remove static libraries
for lib in $RPM_BUILD_ROOT%{_libdir}/*.a ; do
rm -f ${lib}
done
# Install a makefile for generating keys and self-signed certs, and a script
# for generating them on the fly.
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.d
install -m644 %{SOURCE2} $RPM_BUILD_ROOT%{_pkgdocdir}/Makefile.certificate
2016-10-11 08:31:54 +00:00
install -m755 %{SOURCE6} $RPM_BUILD_ROOT%{_bindir}/make-dummy-cert
install -m755 %{SOURCE7} $RPM_BUILD_ROOT%{_bindir}/renew-dummy-cert
# Move runable perl scripts to bindir
mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc/*.pl $RPM_BUILD_ROOT%{_bindir}
mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc/tsget $RPM_BUILD_ROOT%{_bindir}
auto-import changelog data from openssl-0.9.5a-14.src.rpm Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more - disable MD2 support - disable MDC2 support - tweak the makefile - rework certificate makefile to have the right parts for Apache - strip binaries and libraries - enable actual RSA support - use /usr/bin/perl instead of /usr/bin/perl - move the passwd.1 man page out of the passwd package's way - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - disable RC5, IDEA support - break out python extensions - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) - fix the building of python modules without openssl-devel already installed Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib*.so symlinks to link dynamically against shared libs Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ Sat Dec 18 1999 Bernhard Rosenkrnzer <bero@redhat.de> - Fix build on non-x86 platforms Fri Nov 12 1999 Bernhard Rosenkrnzer <bero@redhat.de> - move /usr/share/ssl/* from -devel to main package Tue Oct 26 1999 Bernhard Rosenkrnzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS
2004-09-09 09:35:06 +00:00
# Rename man pages so that they don't conflict with other system man pages.
pushd $RPM_BUILD_ROOT%{_mandir}
mv man5/config.5ossl man5/openssl.cnf.5
popd
auto-import changelog data from openssl-0.9.5a-14.src.rpm Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more - disable MD2 support - disable MDC2 support - tweak the makefile - rework certificate makefile to have the right parts for Apache - strip binaries and libraries - enable actual RSA support - use /usr/bin/perl instead of /usr/bin/perl - move the passwd.1 man page out of the passwd package's way - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - disable RC5, IDEA support - break out python extensions - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) - fix the building of python modules without openssl-devel already installed Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib*.so symlinks to link dynamically against shared libs Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ Sat Dec 18 1999 Bernhard Rosenkrnzer <bero@redhat.de> - Fix build on non-x86 platforms Fri Nov 12 1999 Bernhard Rosenkrnzer <bero@redhat.de> - move /usr/share/ssl/* from -devel to main package Tue Oct 26 1999 Bernhard Rosenkrnzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS
2004-09-09 09:35:06 +00:00
mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA
mkdir -m700 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/private
mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/certs
mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/crl
mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/newcerts
# Ensure the config file timestamps are identical across builds to avoid
2008-06-02 11:31:55 +00:00
# mulitlib conflicts and unnecessary renames on upgrade
touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf
touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf
2008-06-02 11:31:55 +00:00
2016-10-11 08:31:54 +00:00
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf.dist
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf.dist
#we don't use native fipsmodule.cnf because FIPS module is loaded automatically
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/fipsmodule.cnf
2016-10-11 08:31:54 +00:00
# Determine which arch opensslconf.h is going to try to #include.
basearch=%{_arch}
%ifarch %{ix86}
basearch=i386
%endif
2008-05-20 15:16:15 +00:00
%ifarch sparcv9
basearch=sparc
%endif
%ifarch sparc64
basearch=sparc64
%endif
sed -i '/^\# ifndef OPENSSL_NO_STATIC_ENGINE/i\
# ifndef OPENSSL_NO_ENGINE\
# define OPENSSL_NO_ENGINE\
# endif' $RPM_BUILD_ROOT/%{_prefix}/include/openssl/configuration.h
%ifarch %{multilib_arches}
# Do an configuration.h switcheroo to avoid file conflicts on systems where you
# can have both a 32- and 64-bit version of the library, and they each need
# their own correct-but-different versions of opensslconf.h to be usable.
install -m644 %{SOURCE10} \
$RPM_BUILD_ROOT/%{_prefix}/include/openssl/configuration-${basearch}.h
cat $RPM_BUILD_ROOT/%{_prefix}/include/openssl/configuration.h >> \
$RPM_BUILD_ROOT/%{_prefix}/include/openssl/configuration-${basearch}.h
install -m644 %{SOURCE9} \
$RPM_BUILD_ROOT/%{_prefix}/include/openssl/configuration.h
%endif
ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/fips_local.cnf
%files
2014-07-18 23:31:16 +00:00
%{!?_licensedir:%global license %%doc}
%license LICENSE.txt
%doc NEWS.md README.md
2016-10-11 08:31:54 +00:00
%{_bindir}/make-dummy-cert
%{_bindir}/renew-dummy-cert
%{_bindir}/openssl
%{_mandir}/man1/*
%{_mandir}/man5/*
%{_mandir}/man7/*
%{_pkgdocdir}/Makefile.certificate
%exclude %{_mandir}/man1/*.pl*
%exclude %{_mandir}/man1/tsget*
%files libs
2014-07-18 23:31:16 +00:00
%{!?_licensedir:%global license %%doc}
%license LICENSE.txt
%dir %{_sysconfdir}/pki/tls
%dir %{_sysconfdir}/pki/tls/certs
%dir %{_sysconfdir}/pki/tls/misc
%dir %{_sysconfdir}/pki/tls/private
%dir %{_sysconfdir}/pki/tls/openssl.d
%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
%config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf
%config %{_sysconfdir}/pki/tls/fips_local.cnf
%attr(0755,root,root) %{_libdir}/libcrypto.so.%{version}
%{_libdir}/libcrypto.so.%{soversion}
%attr(0755,root,root) %{_libdir}/libssl.so.%{version}
%{_libdir}/libssl.so.%{soversion}
2016-10-11 08:31:54 +00:00
%attr(0755,root,root) %{_libdir}/engines-%{soversion}
%attr(0755,root,root) %{_libdir}/ossl-modules
auto-import changelog data from openssl-0.9.5a-14.src.rpm Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more - disable MD2 support - disable MDC2 support - tweak the makefile - rework certificate makefile to have the right parts for Apache - strip binaries and libraries - enable actual RSA support - use /usr/bin/perl instead of /usr/bin/perl - move the passwd.1 man page out of the passwd package's way - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - disable RC5, IDEA support - break out python extensions - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) - fix the building of python modules without openssl-devel already installed Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib*.so symlinks to link dynamically against shared libs Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ Sat Dec 18 1999 Bernhard Rosenkrnzer <bero@redhat.de> - Fix build on non-x86 platforms Fri Nov 12 1999 Bernhard Rosenkrnzer <bero@redhat.de> - move /usr/share/ssl/* from -devel to main package Tue Oct 26 1999 Bernhard Rosenkrnzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS
2004-09-09 09:35:06 +00:00
%files devel
%doc CHANGES.md doc/dir-locals.example.el doc/openssl-c-indent.el
auto-import changelog data from openssl-0.9.5a-14.src.rpm Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more - disable MD2 support - disable MDC2 support - tweak the makefile - rework certificate makefile to have the right parts for Apache - strip binaries and libraries - enable actual RSA support - use /usr/bin/perl instead of /usr/bin/perl - move the passwd.1 man page out of the passwd package's way - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - disable RC5, IDEA support - break out python extensions - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) - fix the building of python modules without openssl-devel already installed Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib*.so symlinks to link dynamically against shared libs Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ Sat Dec 18 1999 Bernhard Rosenkrnzer <bero@redhat.de> - Fix build on non-x86 platforms Fri Nov 12 1999 Bernhard Rosenkrnzer <bero@redhat.de> - move /usr/share/ssl/* from -devel to main package Tue Oct 26 1999 Bernhard Rosenkrnzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS
2004-09-09 09:35:06 +00:00
%{_prefix}/include/openssl
%exclude %{_prefix}/include/openssl/engine*.h
2016-10-11 08:31:54 +00:00
%{_libdir}/*.so
%{_mandir}/man3/*
%exclude %{_mandir}/man3/ENGINE*
2016-10-11 08:31:54 +00:00
%{_libdir}/pkgconfig/*.pc
auto-import changelog data from openssl-0.9.5a-14.src.rpm Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more - disable MD2 support - disable MDC2 support - tweak the makefile - rework certificate makefile to have the right parts for Apache - strip binaries and libraries - enable actual RSA support - use /usr/bin/perl instead of /usr/bin/perl - move the passwd.1 man page out of the passwd package's way - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - disable RC5, IDEA support - break out python extensions - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) - fix the building of python modules without openssl-devel already installed Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib*.so symlinks to link dynamically against shared libs Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ Sat Dec 18 1999 Bernhard Rosenkrnzer <bero@redhat.de> - Fix build on non-x86 platforms Fri Nov 12 1999 Bernhard Rosenkrnzer <bero@redhat.de> - move /usr/share/ssl/* from -devel to main package Tue Oct 26 1999 Bernhard Rosenkrnzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS
2004-09-09 09:35:06 +00:00
%files perl
2016-10-11 08:31:54 +00:00
%{_bindir}/c_rehash
%{_bindir}/*.pl
%{_bindir}/tsget
%{_mandir}/man1/*.pl*
%{_mandir}/man1/tsget*
2016-10-11 08:31:54 +00:00
%dir %{_sysconfdir}/pki/CA
%dir %{_sysconfdir}/pki/CA/private
%dir %{_sysconfdir}/pki/CA/certs
%dir %{_sysconfdir}/pki/CA/crl
%dir %{_sysconfdir}/pki/CA/newcerts
auto-import changelog data from openssl-0.9.5a-14.src.rpm Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more - disable MD2 support - disable MDC2 support - tweak the makefile - rework certificate makefile to have the right parts for Apache - strip binaries and libraries - enable actual RSA support - use /usr/bin/perl instead of /usr/bin/perl - move the passwd.1 man page out of the passwd package's way - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - disable RC5, IDEA support - break out python extensions - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) - fix the building of python modules without openssl-devel already installed Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib*.so symlinks to link dynamically against shared libs Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ Sat Dec 18 1999 Bernhard Rosenkrnzer <bero@redhat.de> - Fix build on non-x86 platforms Fri Nov 12 1999 Bernhard Rosenkrnzer <bero@redhat.de> - move /usr/share/ssl/* from -devel to main package Tue Oct 26 1999 Bernhard Rosenkrnzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS
2004-09-09 09:35:06 +00:00
%ldconfig_scriptlets libs
auto-import changelog data from openssl-0.9.5a-14.src.rpm Thu Sep 21 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak the makefile some more - disable MD2 support - disable MDC2 support - tweak the makefile - rework certificate makefile to have the right parts for Apache - strip binaries and libraries - enable actual RSA support - use /usr/bin/perl instead of /usr/bin/perl - move the passwd.1 man page out of the passwd package's way - update to 0.9.5a, modified for U.S. - add perl as a build-time requirement - disable RC5, IDEA support - break out python extensions - byte-compile python extensions without the build-root - adjust the makefile to not remove temporary files (like .key files when building .csr files) - fix the building of python modules without openssl-devel already installed Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - Bero told me to move the Makefile into this package Wed Mar 01 2000 Florian La Roche <Florian.LaRoche@redhat.de> - add lib*.so symlinks to link dynamically against shared libs Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de> - update to 0.9.5 - run ldconfig directly in post/postun - add FAQ Sat Dec 18 1999 Bernhard Rosenkrnzer <bero@redhat.de> - Fix build on non-x86 platforms Fri Nov 12 1999 Bernhard Rosenkrnzer <bero@redhat.de> - move /usr/share/ssl/* from -devel to main package Tue Oct 26 1999 Bernhard Rosenkrnzer <bero@redhat.de> - inital packaging - changes from base: - Move /usr/local/ssl to /usr/share/ssl for FHS compliance - handle RPM_OPT_FLAGS
2004-09-09 09:35:06 +00:00
%changelog
* Wed Aug 14 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-10
- Use PBMAC1 by default when creating PKCS#12 files in FIPS mode
Related: RHEL-36659
* Fri Aug 09 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-9
- An interface to create PKCS #12 files in FIPS compliant way
Related: RHEL-36659
* Wed Aug 07 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-8
- An interface to create PKCS #12 files in FIPS compliant way
Resolves: RHEL-36659
* Wed Jul 10 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-7
- Disallow SHA1 at SECLEVEL2 in OpenSSL
Resolves: RHEL-39962
- SHA-1 signature shouldn't work in normal mode
Resolves: RHEL-36677
* Mon Jul 01 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-6
- Do not install ENGINE headers, man pages, and define OPENSSL_NO_ENGINE
Resolves: RHEL-45704
* Mon Jul 1 2024 Daiki Ueno <dueno@redhat.com> - 1:3.2.2-5
- Replace HKDF backward compatibility patch with the official one
Related: RHEL-41261
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1:3.2.2-4
- Bump release for June 2024 mass rebuild
* Sat Jun 15 2024 Daiki Ueno <dueno@redhat.com> - 1:3.2.2-3
- Add workaround for EVP_PKEY_CTX_add1_hkdf_info with older providers
Resolves: RHEL-41261
* Wed Jun 12 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-2
- Build openssl with no-atexit
Resolves: RHEL-40408
* Wed Jun 05 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-1
- Rebase to OpenSSL 3.2.2.
Related: RHEL-31762
* Mon Jun 03 2024 Sahana Prasad <sahana@redhat.com> - 1:3.2.1-4
- Synchronize patches from c9s and Fedora
- Resolves: RHEL-31762
* Tue Feb 13 2024 Sahana Prasad <sahana@redhat.com> - 1:3.2.1-3
- Temporarily disable ktls to unblock c10s builds
- Resolves: RHEL-25259
* Fri Feb 09 2024 Sahana Prasad <sahana@redhat.com> - 1:3.2.1-2
- Fix version aliasing issue
- https://github.com/openssl/openssl/issues/23534
* Tue Feb 06 2024 Sahana Prasad <sahana@redhat.com> - 1:3.2.1-1
- Rebase to upstream version 3.2.1
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1:3.1.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1:3.1.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Jan 10 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.1.4-2
- We don't want to ship openssl-pkcs11 in RHEL10/Centos 10
* Thu Oct 26 2023 Sahana Prasad <sahana@redhat.com> - 1:3.1.4-1
- Rebase to upstream version 3.1.4
* Thu Oct 19 2023 Sahana Prasad <sahana@redhat.com> - 1:3.1.3-1
- Rebase to upstream version 3.1.3
* Thu Aug 31 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.1.1-4
- Drop duplicated patch and do some contamination
2023-08-22 14:39:12 +00:00
* Tue Aug 22 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.1.1-3
- Integrate FIPS patches from CentOS
2023-08-04 11:55:50 +00:00
* Fri Aug 04 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.1.1-2
- migrated to SPDX license
* Thu Jul 27 2023 Sahana Prasad <sahana@redhat.com> - 1:3.1.1-1
- Rebase to upstream version 3.1.1
Resolves: CVE-2023-0464
Resolves: CVE-2023-0465
Resolves: CVE-2023-0466
Resolves: CVE-2023-1255
Resolves: CVE-2023-2650
* Thu Jul 27 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.8-4
- Forbid custom EC more completely
Resolves: rhbz#2223953
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1:3.0.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Mar 21 2023 Sahana Prasad <sahana@redhat.com> - 1:3.0.8-2
- Upload new upstream sources without manually hobbling them.
- Remove the hobbling script as it is redundant. It is now allowed to ship
the sources of patented EC curves, however it is still made unavailable to use
by compiling with the 'no-ec2m' Configure option. The additional forbidden
curves such as P-160, P-192, wap-tls curves are manually removed by updating
0011-Remove-EC-curves.patch.
- Enable Brainpool curves.
- Apply the changes to ec_curve.c and ectest.c as a new patch
0010-Add-changes-to-ectest-and-eccurve.patch instead of replacing them.
- Modify 0011-Remove-EC-curves.patch to allow Brainpool curves.
- Modify 0011-Remove-EC-curves.patch to allow code under macro OPENSSL_NO_EC2M.
Resolves: rhbz#2130618, rhbz#2141672
* Thu Feb 09 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.8-1
- Rebase to upstream version 3.0.8
Resolves: CVE-2022-4203
Resolves: CVE-2022-4304
Resolves: CVE-2022-4450
Resolves: CVE-2023-0215
Resolves: CVE-2023-0216
Resolves: CVE-2023-0217
Resolves: CVE-2023-0286
Resolves: CVE-2023-0401
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1:3.0.7-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Thu Jan 05 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-3
- Backport implicit rejection for RSA PKCS#1 v1.5 encryption
Resolves: rhbz#2153470
* Thu Jan 05 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-2
- Refactor embedded mac verification in FIPS module
Resolves: rhbz#2156045
* Fri Dec 23 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-1
- Rebase to upstream version 3.0.7
- C99 compatibility in downstream-only 0032-Force-fips.patch
Resolves: rhbz#2152504
- Adjusting include for the FIPS_mode macro
Resolves: rhbz#2083876
* Wed Nov 16 2022 Simo sorce <simo@redhat.com> - 1:3.0.5-7
- Backport patches to fix external providers compatibility issues
* Tue Nov 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.5-6
- CVE-2022-3602: X.509 Email Address Buffer Overflow
- CVE-2022-3786: X.509 Email Address Buffer Overflow
Resolves: CVE-2022-3602
Resolves: CVE-2022-3786
* Mon Sep 12 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.5-5
- Update patches to make ELN build happy
Resolves: rhbz#2123755
* Fri Sep 09 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.5-4
- Fix AES-GCM on Power 8 CPUs
Resolves: rhbz#2124845
* Thu Sep 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.5-3
- Sync patches with RHEL
Related: rhbz#2123755
* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1:3.0.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Jul 05 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.5-1
- Rebase to upstream version 3.0.5
Related: rhbz#2099972, CVE-2022-2097
* Wed Jun 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.3-1
- Rebase to upstream version 3.0.3
* Thu Apr 28 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.2-5
- Instrument with USDT probes related to SHA-1 deprecation
* Wed Apr 27 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.2-4
- Support rsa_pkcs1_md5_sha1 in TLS 1.0/1.1 with rh-allow-sha1-signatures = yes
to restore TLS 1.0 and 1.1 support in LEGACY crypto-policy.
Related: rhbz#2069239
* Tue Apr 26 2022 Alexander Sosedkin <asosedkin@redhat.com> - 1:3.0.2-4
- Instrument with USDT probes related to SHA-1 deprecation
* Wed Apr 20 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.2-3
- Disable SHA-1 by default in ELN using the patches from CentOS
- Fix a FIXME in the openssl.cnf(5) manpage
* Thu Apr 07 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.2-2
- Silence a few rpmlint false positives.
* Thu Apr 07 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.2-2
- Allow disabling SHA1 signature creation and verification.
Set rh-allow-sha1-signatures = no to disable.
Allow SHA1 in TLS in SECLEVEL 1 if rh-allow-sha1-signatures = yes. This will
support SHA1 in TLS in the LEGACY crypto-policy.
Resolves: rhbz#2070977
Related: rhbz#2031742, rhbz#2062640
* Fri Mar 18 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.2-1
- Rebase to upstream version 3.0.2
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1:3.0.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Sep 09 2021 Sahana Prasad <sahana@redhat.com> - 1:3.0.0-1
- Rebase to upstream version 3.0.0