jonathan/openssl
1
0
Fork 0
forked from rpms/openssl
Code Pull Requests Activity

reenable SSL2 in the build to avoid ABI break

Browse Source 
(it does not make the openssl vulnerable to DROWN attack)
This commit is contained in:
Tomas Mraz 2016-03-02 09:33:35 +01:00
parent e7a0ff581f
commit 8f6be98bf7
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
openssl.spec
View File

@ -23,7 +23,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl Name: openssl
Version: 1.0.2g Version: 1.0.2g
Release: 1%{?dist} Release: 2%{?dist}
Epoch: 1 Epoch: 1
# We have to remove certain patented algorithms from the openssl source # We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below. # tarball with the hobble-openssl script which is included below.
@ -287,7 +287,7 @@ sslflags=enable-ec_nistp_64_gcc_128
--prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \ --prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
--system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \ --system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \
zlib sctp enable-camellia enable-seed enable-tlsext enable-rfc3779 \ zlib sctp enable-camellia enable-seed enable-tlsext enable-rfc3779 \
enable-cms enable-md2 \ enable-cms enable-md2 enable-ssl2 \
no-mdc2 no-rc5 no-ec2m no-gost no-srp \ no-mdc2 no-rc5 no-ec2m no-gost no-srp \
--with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines \ --with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines \
--with-krb5-dir=/usr shared ${sslarch} %{?!nofips:fips} --with-krb5-dir=/usr shared ${sslarch} %{?!nofips:fips}
@ -502,6 +502,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun libs -p /sbin/ldconfig %postun libs -p /sbin/ldconfig
%changelog %changelog
* Wed Mar 2 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.2g-2
- reenable SSL2 in the build to avoid ABI break (it does not
make the openssl vulnerable to DROWN attack)
* Tue Mar 1 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.2g-1 * Tue Mar 1 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.2g-1
- minor upstream release 1.0.2g fixing security issues - minor upstream release 1.0.2g fixing security issues