jonathan/openssl
1
0
Fork 0
forked from rpms/openssl
Code Pull Requests Activity

new upstream release from the 1.0.1 branch

Browse Source 
- epoch bumped to 1 due to revert to 1.0.0g on Fedora 17
- fix s390x build (#798411)
- versioning for the SSLeay symbol (#794950)
- add -DPURIFY to build flags (#797323)
- filter engine provides
- split the libraries to a separate -libs package
- add make to requires on the base package (#783446)
This commit is contained in:
Tomas Mraz 2012-02-29 21:54:08 +01:00
parent ad05b50537
commit 00c4986d53
12 changed files with 486 additions and 543 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -6,3 +6,4 @@ openssl-1.0.0a-usa.tar.bz2
/openssl-1.0.0f-usa.tar.bz2
/openssl-1.0.0g-usa.tar.xz
/openssl-1.0.1-beta2-usa.tar.xz
/openssl-1.0.1-beta3-usa.tar.xz

2
hobble-openssl
View File

@ -11,7 +11,7 @@ set -e
# SRP: ????????? ??/??/20??
# Remove assembler portions of IDEA, MDC2, and RC5.
(find crypto/{rc5}/asm -type f | xargs -r rm -fv)
(find crypto/rc5/asm -type f | xargs -r rm -fv)
# RC5, EC, SRP.
for a in rc5 ec ecdh ecdsa srp; do

14
openssl-0.9.8j-bad-mime.patch
View File

@ -1,14 +0,0 @@
diff -up openssl-0.9.8j/crypto/asn1/asn_mime.c.bad-mime openssl-0.9.8j/crypto/asn1/asn_mime.c
--- openssl-0.9.8j/crypto/asn1/asn_mime.c.bad-mime 2008-08-05 17:56:11.000000000 +0200
+++ openssl-0.9.8j/crypto/asn1/asn_mime.c 2009-01-14 22:08:34.000000000 +0100
@@ -792,6 +792,10 @@ static int mime_hdr_addparam(MIME_HEADER
static int mime_hdr_cmp(const MIME_HEADER * const *a,
const MIME_HEADER * const *b)
{
+ if ((*a)->name == NULL || (*b)->name == NULL)
+ return (*a)->name - (*b)->name < 0 ? -1 :
+ (*a)->name - (*b)->name > 0 ? 1 : 0;
+
return(strcmp((*a)->name, (*b)->name));
}

23
openssl-1.0.0a-load-certs.patch
View File

@ -1,23 +0,0 @@
diff -up openssl-1.0.0a/apps/apps.c.load-certs openssl-1.0.0a/apps/apps.c
--- openssl-1.0.0a/apps/apps.c.load-certs 2010-05-27 16:09:13.000000000 +0200
+++ openssl-1.0.0a/apps/apps.c 2011-04-28 21:24:06.000000000 +0200
@@ -1208,7 +1208,8 @@ STACK_OF(X509) *load_certs(BIO *err, con
const char *pass, ENGINE *e, const char *desc)
{
STACK_OF(X509) *certs;
- load_certs_crls(err, file, format, pass, e, desc, &certs, NULL);
+ if (!load_certs_crls(err, file, format, pass, e, desc, &certs, NULL))
+ return NULL;
return certs;
}
@@ -1216,7 +1217,8 @@ STACK_OF(X509_CRL) *load_crls(BIO *err,
const char *pass, ENGINE *e, const char *desc)
{
STACK_OF(X509_CRL) *crls;
- load_certs_crls(err, file, format, pass, e, desc, NULL, &crls);
+ if (!load_certs_crls(err, file, format, pass, e, desc, NULL, &crls))
+ return NULL;
return crls;
}

33
openssl-1.0.0e-pkgconfig-private.patch
View File

@ -1,33 +0,0 @@
diff -up openssl-1.0.0e/Makefile.org.private openssl-1.0.0e/Makefile.org
--- openssl-1.0.0e/Makefile.org.private 2011-11-03 10:01:53.000000000 +0100
+++ openssl-1.0.0e/Makefile.org 2011-11-22 11:50:27.000000000 +0100
@@ -326,7 +326,8 @@ libcrypto.pc: Makefile
echo 'Description: OpenSSL cryptography library'; \
echo 'Version: '$(VERSION); \
echo 'Requires: '; \
- echo 'Libs: -L$${libdir} -lcrypto $(EX_LIBS)'; \
+ echo 'Libs: -L$${libdir} -lcrypto'; \
+ echo 'Libs.private: $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
libssl.pc: Makefile
@@ -339,7 +340,8 @@ libssl.pc: Makefile
echo 'Description: Secure Sockets Layer and cryptography libraries'; \
echo 'Version: '$(VERSION); \
echo 'Requires: '; \
- echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
+ echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
+ echo 'Libs.private: $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
openssl.pc: Makefile
@@ -352,7 +354,8 @@ openssl.pc: Makefile
echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
echo 'Version: '$(VERSION); \
echo 'Requires: '; \
- echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
+ echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
+ echo 'Libs.private: $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
Makefile: Makefile.org Configure config

80
openssl-1.0.1-beta2-no-srp.patch
View File

@ -1,80 +0,0 @@
diff -up openssl-1.0.1-beta2/apps/progs.pl.no-srp openssl-1.0.1-beta2/apps/progs.pl
--- openssl-1.0.1-beta2/apps/progs.pl.no-srp 2009-06-30 17:08:38.000000000 +0200
+++ openssl-1.0.1-beta2/apps/progs.pl 2012-02-07 01:14:08.979758307 +0100
@@ -51,6 +51,8 @@ foreach (@ARGV)
{ print "#ifndef OPENSSL_NO_CMS\n${str}#endif\n"; }
elsif ( ($_ =~ /^ocsp$/))
{ print "#ifndef OPENSSL_NO_OCSP\n${str}#endif\n"; }
+ elsif ( ($_ =~ /^srp$/))
+ { print "#ifndef OPENSSL_NO_SRP\n${str}#endif\n"; }
else
{ print $str; }
}
diff -up openssl-1.0.1-beta2/apps/s_server.c.no-srp openssl-1.0.1-beta2/apps/s_server.c
--- openssl-1.0.1-beta2/apps/s_server.c.no-srp 2012-02-07 01:04:12.000000000 +0100
+++ openssl-1.0.1-beta2/apps/s_server.c 2012-02-07 01:13:21.573362310 +0100
@@ -2248,6 +2248,7 @@ static int sv_body(char *hostname, int s
{ static count=0; if (++count == 100) { count=0; SSL_renegotiate(con); } }
#endif
k=SSL_write(con,&(buf[l]),(unsigned int)i);
+#ifndef OPENSSL_NO_SRP
while (SSL_get_error(con,k) == SSL_ERROR_WANT_X509_LOOKUP)
{
BIO_printf(bio_s_out,"LOOKUP renego during write\n");
@@ -2258,6 +2259,7 @@ static int sv_body(char *hostname, int s
BIO_printf(bio_s_out,"LOOKUP not successful\n");
k=SSL_write(con,&(buf[l]),(unsigned int)i);
}
+#endif
switch (SSL_get_error(con,k))
{
case SSL_ERROR_NONE:
@@ -2305,6 +2307,7 @@ static int sv_body(char *hostname, int s
{
again:
i=SSL_read(con,(char *)buf,bufsize);
+#ifndef OPENSSL_NO_SRP
while (SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP)
{
BIO_printf(bio_s_out,"LOOKUP renego during read\n");
@@ -2315,6 +2318,7 @@ again:
BIO_printf(bio_s_out,"LOOKUP not successful\n");
i=SSL_read(con,(char *)buf,bufsize);
}
+#endif
switch (SSL_get_error(con,i))
{
case SSL_ERROR_NONE:
@@ -2392,6 +2396,7 @@ static int init_ssl_connection(SSL *con)
i=SSL_accept(con);
+#ifndef OPENSSL_NO_SRP
while (i <= 0 && SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP)
{
BIO_printf(bio_s_out,"LOOKUP during accept %s\n",srp_callback_parm.login);
@@ -2402,6 +2407,7 @@ static int init_ssl_connection(SSL *con)
BIO_printf(bio_s_out,"LOOKUP not successful\n");
i=SSL_accept(con);
}
+#endif
if (i <= 0)
{
if (BIO_sock_should_retry(i))
@@ -2626,6 +2632,7 @@ static int www_body(char *hostname, int
if (hack)
{
i=SSL_accept(con);
+#ifndef OPENSSL_NO_SRP
while (i <= 0 && SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP)
{
BIO_printf(bio_s_out,"LOOKUP during accept %s\n",srp_callback_parm.login);
@@ -2636,7 +2643,7 @@ static int www_body(char *hostname, int
BIO_printf(bio_s_out,"LOOKUP not successful\n");
i=SSL_accept(con);
}
-
+#endif
switch (SSL_get_error(con,i))
{
case SSL_ERROR_NONE:

21
openssl-1.0.1-beta2-version.patch
View File

@ -1,21 +0,0 @@
diff -up openssl-1.0.1-beta2/crypto/opensslv.h.version openssl-1.0.1-beta2/crypto/opensslv.h
--- openssl-1.0.1-beta2/crypto/opensslv.h.version 2012-02-06 17:16:55.529944485 +0100
+++ openssl-1.0.1-beta2/crypto/opensslv.h 2012-02-06 17:16:53.161924733 +0100
@@ -25,7 +25,7 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x10001002L
+#define OPENSSL_VERSION_NUMBER 0x10000003L
#ifdef OPENSSL_FIPS
#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1-fips-beta2 19 Jan 2012"
#else
@@ -83,7 +83,7 @@
* should only keep the versions that are binary compatible with the current.
*/
#define SHLIB_VERSION_HISTORY ""
-#define SHLIB_VERSION_NUMBER "1.0.0"
+#define SHLIB_VERSION_NUMBER "1.0.1"
#endif /* HEADER_OPENSSLV_H */

676
openssl-1.0.1-beta2-fips.patch → openssl-1.0.1-beta3-fips.patch
View File

File diff suppressed because it is too large Load Diff

26
openssl-1.0.1-beta3-s390xbuild.patch Normal file
View File

@ -0,0 +1,26 @@
diff -up openssl-1.0.1-beta3/crypto/rc4/asm/rc4-s390x.pl.s390xbuild openssl-1.0.1-beta3/crypto/rc4/asm/rc4-s390x.pl
--- openssl-1.0.1-beta3/crypto/rc4/asm/rc4-s390x.pl.s390xbuild 2012-02-29 17:40:30.000000000 +0100
+++ openssl-1.0.1-beta3/crypto/rc4/asm/rc4-s390x.pl 2012-02-29 20:03:39.642182906 +0100
@@ -171,10 +171,10 @@ $ikey="%r7";
$iinp="%r8";
$code.=<<___;
-.globl RC4_set_key
-.type RC4_set_key,\@function
+.globl private_RC4_set_key
+.type private_RC4_set_key,\@function
.align 64
-RC4_set_key:
+private_RC4_set_key:
stm${g} %r6,%r8,6*$SIZE_T($sp)
lhi $cnt,256
la $idx,0(%r0)
@@ -210,7 +210,7 @@ RC4_set_key:
.Ldone:
lm${g} %r6,%r8,6*$SIZE_T($sp)
br $rp
-.size RC4_set_key,.-RC4_set_key
+.size private_RC4_set_key,.-private_RC4_set_key
___
}

64
openssl-1.0.1-beta3-version.patch Normal file
View File

@ -0,0 +1,64 @@
diff -up openssl-1.0.1-beta3/crypto/cversion.c.version openssl-1.0.1-beta3/crypto/cversion.c
--- openssl-1.0.1-beta3/crypto/cversion.c.version 2004-04-19 20:09:22.000000000 +0200
+++ openssl-1.0.1-beta3/crypto/cversion.c 2012-02-29 11:53:50.650380234 +0100
@@ -110,8 +110,15 @@ const char *SSLeay_version(int t)
return("not available");
}
-unsigned long SSLeay(void)
+unsigned long _original_SSLeay(void)
+ {
+ return(0x10000003);
+ }
+
+unsigned long _current_SSLeay(void)
{
return(SSLEAY_VERSION_NUMBER);
}
+__asm__(".symver _original_SSLeay,SSLeay@");
+__asm__(".symver _current_SSLeay,SSLeay@@OPENSSL_1.0.1");
diff -up openssl-1.0.1-beta3/crypto/opensslv.h.version openssl-1.0.1-beta3/crypto/opensslv.h
--- openssl-1.0.1-beta3/crypto/opensslv.h.version 2012-02-29 11:53:49.952374261 +0100
+++ openssl-1.0.1-beta3/crypto/opensslv.h 2012-02-29 11:53:50.650380234 +0100
@@ -25,7 +25,7 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x10001003L
+#define OPENSSL_VERSION_NUMBER 0x1000100fL
#ifdef OPENSSL_FIPS
#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1-fips-beta3 23 Feb 2012"
#else
@@ -83,7 +83,7 @@
* should only keep the versions that are binary compatible with the current.
*/
#define SHLIB_VERSION_HISTORY ""
-#define SHLIB_VERSION_NUMBER "1.0.0"
+#define SHLIB_VERSION_NUMBER "1.0.1"
#endif /* HEADER_OPENSSLV_H */
diff -up openssl-1.0.1-beta3/Makefile.shared.version openssl-1.0.1-beta3/Makefile.shared
--- openssl-1.0.1-beta3/Makefile.shared.version 2012-02-29 11:53:50.511379043 +0100
+++ openssl-1.0.1-beta3/Makefile.shared 2012-02-29 11:54:47.794869236 +0100
@@ -151,7 +151,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,--default-symver,--version-script=version.map -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
DO_GNU_APP=LDFLAGS="$(CFLAGS)"
diff -up openssl-1.0.1-beta3/version.map.version openssl-1.0.1-beta3/version.map
--- openssl-1.0.1-beta3/version.map.version 2012-02-29 11:53:50.651380242 +0100
+++ openssl-1.0.1-beta3/version.map 2012-02-29 11:55:28.110214232 +0100
@@ -0,0 +1,7 @@
+OPENSSL_1.0.1 {
+ global:
+ SSLeay;
+ local:
+ _original*;
+ _current*;
+};

87
openssl.spec
View File

@ -18,14 +18,15 @@
# also be handled in opensslconf-new.h.
%define multilib_arches %{ix86} ia64 ppc ppc64 s390 s390x sparcv9 sparc64 x86_64
Summary: A general purpose cryptography library with TLS implementation
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
Version: 1.0.1
Release: 0.1.beta2%{?dist}
Release: 0.2.beta3%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
# The original openssl upstream tarball cannot be shipped in the .src.rpm.
Source: openssl-%{version}-beta2-usa.tar.xz
Source: openssl-%{version}-beta3-usa.tar.xz
Source1: hobble-openssl
Source2: Makefile.certificate
Source6: make-dummy-cert
@ -42,8 +43,7 @@ Patch6: openssl-0.9.8b-test-use-localhost.patch
Patch7: openssl-1.0.0-timezone.patch
# Bug fixes
Patch23: openssl-1.0.0-beta4-default-paths.patch
Patch24: openssl-0.9.8j-bad-mime.patch
Patch26: openssl-1.0.0a-load-certs.patch
Patch24: openssl-1.0.1-beta3-s390xbuild.patch
# Functionality changes
Patch33: openssl-1.0.0-beta4-ca-dir.patch
Patch34: openssl-0.9.6-x509.patch
@ -51,19 +51,17 @@ Patch35: openssl-0.9.8j-version-add-engines.patch
Patch36: openssl-1.0.0e-doc-noeof.patch
Patch38: openssl-1.0.1-beta2-ssl-op-all.patch
Patch39: openssl-1.0.1-beta2-ipv6-apps.patch
Patch40: openssl-1.0.1-beta2-fips.patch
Patch42: openssl-1.0.1-beta2-no-srp.patch
Patch40: openssl-1.0.1-beta3-fips.patch
Patch45: openssl-0.9.8j-env-nozlib.patch
Patch47: openssl-1.0.0-beta5-readme-warning.patch
Patch49: openssl-1.0.0-beta4-algo-doc.patch
Patch50: openssl-1.0.1-beta2-dtls1-abi.patch
Patch51: openssl-1.0.1-beta2-version.patch
Patch51: openssl-1.0.1-beta3-version.patch
Patch56: openssl-1.0.0c-rsa-x931.patch
Patch58: openssl-1.0.1-beta2-fips-md5-allow.patch
Patch60: openssl-1.0.0d-apps-dgst.patch
Patch63: openssl-1.0.0d-xmpp-starttls.patch
Patch65: openssl-1.0.0e-chil-fixes.patch
Patch67: openssl-1.0.0e-pkgconfig-private.patch
# Backported fixes including security fixes
Patch81: openssl-1.0.1-beta2-padlock64.patch
@ -73,7 +71,8 @@ URL: http://www.openssl.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-root
BuildRequires: coreutils, krb5-devel, perl, sed, zlib-devel, /usr/bin/cmp
BuildRequires: /usr/bin/rename
Requires: coreutils, ca-certificates >= 2008-5
Requires: coreutils, make
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
%description
The OpenSSL toolkit provides support for secure communications between
@ -81,10 +80,21 @@ machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.
%package libs
Summary: A general purpose cryptography library with TLS implementation
Group: System Environment/Libraries
Requires: ca-certificates >= 2008-5
%description libs
OpenSSL is a toolkit for supporting cryptography. The openssl-libs
package contains the libraries that are used by various applications which
support cryptographic algorithms and protocols.
%package devel
Summary: Files for development of applications which will use OpenSSL
Group: Development/Libraries
Requires: %{name} = %{version}-%{release}, krb5-devel, zlib-devel
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
Requires: krb5-devel%{?_isa}, zlib-devel%{?_isa}
Requires: pkgconfig
%description devel
@ -95,7 +105,7 @@ support various cryptographic algorithms and protocols.
%package static
Summary: Libraries for static linking of applications which will use OpenSSL
Group: Development/Libraries
Requires: %{name}-devel = %{version}-%{release}
Requires: %{name}-devel%{?_isa} = %{epoch}:%{version}-%{release}
%description static
OpenSSL is a toolkit for supporting cryptography. The openssl-static
@ -107,7 +117,7 @@ protocols.
Summary: Perl scripts provided with OpenSSL
Group: Applications/Internet
Requires: perl
Requires: %{name} = %{version}-%{release}
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
%description perl
OpenSSL is a toolkit for supporting cryptography. The openssl-perl
@ -115,7 +125,7 @@ package provides Perl scripts for converting certificates and keys
from other formats to the formats used by the OpenSSL toolkit.
%prep
%setup -q -n %{name}-%{version}-beta2
%setup -q -n %{name}-%{version}-beta3
# The hobble_openssl is called here redundantly, just to be sure.
# The tarball has already the sources removed.
@ -128,8 +138,7 @@ from other formats to the formats used by the OpenSSL toolkit.
%patch7 -p1 -b .timezone
%patch23 -p1 -b .default-paths
%patch24 -p1 -b .bad-mime
%patch26 -p1 -b .load-certs
%patch24 -p1 -b .s390xbuild
%patch33 -p1 -b .ca-dir
%patch34 -p1 -b .x509
@ -138,7 +147,6 @@ from other formats to the formats used by the OpenSSL toolkit.
%patch38 -p1 -b .op-all
%patch39 -p1 -b .ipv6-apps
%patch40 -p1 -b .fips
%patch42 -p1 -b .no-srp
%patch45 -p1 -b .env-nozlib
%patch47 -p1 -b .warning
%patch49 -p1 -b .algo-doc
@ -149,7 +157,6 @@ from other formats to the formats used by the OpenSSL toolkit.
%patch60 -p1 -b .dgst
%patch63 -p1 -b .starttls
%patch65 -p1 -b .chil
%patch67 -p1 -b .private
%patch81 -p1 -b .padlock64
# Modify the various perl scripts to reference perl in the right location.
@ -184,7 +191,7 @@ sslarch=linux-alpha-gcc
sslarch="linux-generic32 -DB_ENDIAN"
%endif
%ifarch s390x
sslarch="linux-s390x"
sslarch="linux64-s390x"
%endif
%ifarch %{arm} sh3 sh4
sslarch=linux-generic32
@ -202,7 +209,9 @@ sslarch=linux-generic32
# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
# marked as not requiring an executable stack.
RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack"
# Also add -DPURIFY to make using valgrind with openssl easier as we do not
# want to depend on the uninitialized memory as a source of entropy anyway.
RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DPURIFY"
make depend
make all
@ -243,6 +252,8 @@ make -C test apps tests
ln -sf .libssl.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{soversion}.hmac \
%{nil}
%define __provides_exclude_from %{_libdir}/openssl
%install
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
# Install OpenSSL.
@ -349,11 +360,8 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%doc doc/openssl_button.html doc/openssl_button.gif
%doc doc/ssleay.txt
%doc README.FIPS
%dir %{_sysconfdir}/pki/tls
%dir %{_sysconfdir}/pki/tls/certs
%{_sysconfdir}/pki/tls/certs/make-dummy-cert
%{_sysconfdir}/pki/tls/certs/Makefile
%dir %{_sysconfdir}/pki/tls/misc
%{_sysconfdir}/pki/tls/misc/CA
%dir %{_sysconfdir}/pki/CA
%dir %{_sysconfdir}/pki/CA/private
@ -361,11 +369,19 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%dir %{_sysconfdir}/pki/CA/crl
%dir %{_sysconfdir}/pki/CA/newcerts
%{_sysconfdir}/pki/tls/misc/c_*
%{_sysconfdir}/pki/tls/private
%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
%attr(0755,root,root) %{_bindir}/openssl
%attr(0644,root,root) %{_mandir}/man1*/[ABD-Zabcd-z]*
%attr(0644,root,root) %{_mandir}/man5*/*
%attr(0644,root,root) %{_mandir}/man7*/*
%files libs
%defattr(-,root,root)
%doc LICENSE
%dir %{_sysconfdir}/pki/tls
%dir %{_sysconfdir}/pki/tls/certs
%dir %{_sysconfdir}/pki/tls/misc
%dir %{_sysconfdir}/pki/tls/private
%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
%attr(0755,root,root) /%{_lib}/libcrypto.so.%{version}
%attr(0755,root,root) /%{_lib}/libcrypto.so.%{soversion}
%attr(0755,root,root) %{_libdir}/libssl.so.%{version}
@ -373,9 +389,6 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%attr(0644,root,root) /%{_lib}/.libcrypto.so.*.hmac
%attr(0644,root,root) %{_libdir}/.libssl.so.*.hmac
%attr(0755,root,root) %{_libdir}/openssl
%attr(0644,root,root) %{_mandir}/man1*/[ABD-Zabcd-z]*
%attr(0644,root,root) %{_mandir}/man5*/*
%attr(0644,root,root) %{_mandir}/man7*/*
%files devel
%defattr(-,root,root)
@ -395,11 +408,21 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%{_sysconfdir}/pki/tls/misc/*.pl
%{_sysconfdir}/pki/tls/misc/tsget
%post -p /sbin/ldconfig
%post libs -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%postun libs -p /sbin/ldconfig
%changelog
* Wed Feb 29 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1-0.2.beta3
- epoch bumped to 1 due to revert to 1.0.0g on Fedora 17
- new upstream release from the 1.0.1 branch
- fix s390x build (#798411)
- versioning for the SSLeay symbol (#794950)
- add -DPURIFY to build flags (#797323)
- filter engine provides
- split the libraries to a separate -libs package
- add make to requires on the base package (#783446)
* Tue Feb 7 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1-0.1.beta2
- new upstream release from the 1.0.1 branch, ABI compatible
- add documentation for the -no_ign_eof option

2
sources
View File

@ -1 +1 @@
08cff5d4024ab8ff1a52d261d7d49623 openssl-1.0.1-beta2-usa.tar.xz
3112d56b828c44258f34d6ab54474da8 openssl-1.0.1-beta3-usa.tar.xz