new upstream release from the 1.0.1 branch

- epoch bumped to 1 due to revert to 1.0.0g on Fedora 17
- fix s390x build (#798411)
- versioning for the SSLeay symbol (#794950)
- add -DPURIFY to build flags (#797323)
- filter engine provides
- split the libraries to a separate -libs package
- add make to requires on the base package (#783446)
This commit is contained in:
Tomas Mraz 2012-02-29 21:54:08 +01:00
parent ad05b50537
commit 00c4986d53
12 changed files with 486 additions and 543 deletions

1
.gitignore vendored
View File

@ -6,3 +6,4 @@ openssl-1.0.0a-usa.tar.bz2
/openssl-1.0.0f-usa.tar.bz2 /openssl-1.0.0f-usa.tar.bz2
/openssl-1.0.0g-usa.tar.xz /openssl-1.0.0g-usa.tar.xz
/openssl-1.0.1-beta2-usa.tar.xz /openssl-1.0.1-beta2-usa.tar.xz
/openssl-1.0.1-beta3-usa.tar.xz

View File

@ -11,7 +11,7 @@ set -e
# SRP: ????????? ??/??/20?? # SRP: ????????? ??/??/20??
# Remove assembler portions of IDEA, MDC2, and RC5. # Remove assembler portions of IDEA, MDC2, and RC5.
(find crypto/{rc5}/asm -type f | xargs -r rm -fv) (find crypto/rc5/asm -type f | xargs -r rm -fv)
# RC5, EC, SRP. # RC5, EC, SRP.
for a in rc5 ec ecdh ecdsa srp; do for a in rc5 ec ecdh ecdsa srp; do

View File

@ -1,14 +0,0 @@
diff -up openssl-0.9.8j/crypto/asn1/asn_mime.c.bad-mime openssl-0.9.8j/crypto/asn1/asn_mime.c
--- openssl-0.9.8j/crypto/asn1/asn_mime.c.bad-mime 2008-08-05 17:56:11.000000000 +0200
+++ openssl-0.9.8j/crypto/asn1/asn_mime.c 2009-01-14 22:08:34.000000000 +0100
@@ -792,6 +792,10 @@ static int mime_hdr_addparam(MIME_HEADER
static int mime_hdr_cmp(const MIME_HEADER * const *a,
const MIME_HEADER * const *b)
{
+ if ((*a)->name == NULL || (*b)->name == NULL)
+ return (*a)->name - (*b)->name < 0 ? -1 :
+ (*a)->name - (*b)->name > 0 ? 1 : 0;
+
return(strcmp((*a)->name, (*b)->name));
}

View File

@ -1,23 +0,0 @@
diff -up openssl-1.0.0a/apps/apps.c.load-certs openssl-1.0.0a/apps/apps.c
--- openssl-1.0.0a/apps/apps.c.load-certs 2010-05-27 16:09:13.000000000 +0200
+++ openssl-1.0.0a/apps/apps.c 2011-04-28 21:24:06.000000000 +0200
@@ -1208,7 +1208,8 @@ STACK_OF(X509) *load_certs(BIO *err, con
const char *pass, ENGINE *e, const char *desc)
{
STACK_OF(X509) *certs;
- load_certs_crls(err, file, format, pass, e, desc, &certs, NULL);
+ if (!load_certs_crls(err, file, format, pass, e, desc, &certs, NULL))
+ return NULL;
return certs;
}
@@ -1216,7 +1217,8 @@ STACK_OF(X509_CRL) *load_crls(BIO *err,
const char *pass, ENGINE *e, const char *desc)
{
STACK_OF(X509_CRL) *crls;
- load_certs_crls(err, file, format, pass, e, desc, NULL, &crls);
+ if (!load_certs_crls(err, file, format, pass, e, desc, NULL, &crls))
+ return NULL;
return crls;
}

View File

@ -1,33 +0,0 @@
diff -up openssl-1.0.0e/Makefile.org.private openssl-1.0.0e/Makefile.org
--- openssl-1.0.0e/Makefile.org.private 2011-11-03 10:01:53.000000000 +0100
+++ openssl-1.0.0e/Makefile.org 2011-11-22 11:50:27.000000000 +0100
@@ -326,7 +326,8 @@ libcrypto.pc: Makefile
echo 'Description: OpenSSL cryptography library'; \
echo 'Version: '$(VERSION); \
echo 'Requires: '; \
- echo 'Libs: -L$${libdir} -lcrypto $(EX_LIBS)'; \
+ echo 'Libs: -L$${libdir} -lcrypto'; \
+ echo 'Libs.private: $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
libssl.pc: Makefile
@@ -339,7 +340,8 @@ libssl.pc: Makefile
echo 'Description: Secure Sockets Layer and cryptography libraries'; \
echo 'Version: '$(VERSION); \
echo 'Requires: '; \
- echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
+ echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
+ echo 'Libs.private: $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
openssl.pc: Makefile
@@ -352,7 +354,8 @@ openssl.pc: Makefile
echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
echo 'Version: '$(VERSION); \
echo 'Requires: '; \
- echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
+ echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
+ echo 'Libs.private: $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
Makefile: Makefile.org Configure config

View File

@ -1,80 +0,0 @@
diff -up openssl-1.0.1-beta2/apps/progs.pl.no-srp openssl-1.0.1-beta2/apps/progs.pl
--- openssl-1.0.1-beta2/apps/progs.pl.no-srp 2009-06-30 17:08:38.000000000 +0200
+++ openssl-1.0.1-beta2/apps/progs.pl 2012-02-07 01:14:08.979758307 +0100
@@ -51,6 +51,8 @@ foreach (@ARGV)
{ print "#ifndef OPENSSL_NO_CMS\n${str}#endif\n"; }
elsif ( ($_ =~ /^ocsp$/))
{ print "#ifndef OPENSSL_NO_OCSP\n${str}#endif\n"; }
+ elsif ( ($_ =~ /^srp$/))
+ { print "#ifndef OPENSSL_NO_SRP\n${str}#endif\n"; }
else
{ print $str; }
}
diff -up openssl-1.0.1-beta2/apps/s_server.c.no-srp openssl-1.0.1-beta2/apps/s_server.c
--- openssl-1.0.1-beta2/apps/s_server.c.no-srp 2012-02-07 01:04:12.000000000 +0100
+++ openssl-1.0.1-beta2/apps/s_server.c 2012-02-07 01:13:21.573362310 +0100
@@ -2248,6 +2248,7 @@ static int sv_body(char *hostname, int s
{ static count=0; if (++count == 100) { count=0; SSL_renegotiate(con); } }
#endif
k=SSL_write(con,&(buf[l]),(unsigned int)i);
+#ifndef OPENSSL_NO_SRP
while (SSL_get_error(con,k) == SSL_ERROR_WANT_X509_LOOKUP)
{
BIO_printf(bio_s_out,"LOOKUP renego during write\n");
@@ -2258,6 +2259,7 @@ static int sv_body(char *hostname, int s
BIO_printf(bio_s_out,"LOOKUP not successful\n");
k=SSL_write(con,&(buf[l]),(unsigned int)i);
}
+#endif
switch (SSL_get_error(con,k))
{
case SSL_ERROR_NONE:
@@ -2305,6 +2307,7 @@ static int sv_body(char *hostname, int s
{
again:
i=SSL_read(con,(char *)buf,bufsize);
+#ifndef OPENSSL_NO_SRP
while (SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP)
{
BIO_printf(bio_s_out,"LOOKUP renego during read\n");
@@ -2315,6 +2318,7 @@ again:
BIO_printf(bio_s_out,"LOOKUP not successful\n");
i=SSL_read(con,(char *)buf,bufsize);
}
+#endif
switch (SSL_get_error(con,i))
{
case SSL_ERROR_NONE:
@@ -2392,6 +2396,7 @@ static int init_ssl_connection(SSL *con)
i=SSL_accept(con);
+#ifndef OPENSSL_NO_SRP
while (i <= 0 && SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP)
{
BIO_printf(bio_s_out,"LOOKUP during accept %s\n",srp_callback_parm.login);
@@ -2402,6 +2407,7 @@ static int init_ssl_connection(SSL *con)
BIO_printf(bio_s_out,"LOOKUP not successful\n");
i=SSL_accept(con);
}
+#endif
if (i <= 0)
{
if (BIO_sock_should_retry(i))
@@ -2626,6 +2632,7 @@ static int www_body(char *hostname, int
if (hack)
{
i=SSL_accept(con);
+#ifndef OPENSSL_NO_SRP
while (i <= 0 && SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP)
{
BIO_printf(bio_s_out,"LOOKUP during accept %s\n",srp_callback_parm.login);
@@ -2636,7 +2643,7 @@ static int www_body(char *hostname, int
BIO_printf(bio_s_out,"LOOKUP not successful\n");
i=SSL_accept(con);
}
-
+#endif
switch (SSL_get_error(con,i))
{
case SSL_ERROR_NONE:

View File

@ -1,21 +0,0 @@
diff -up openssl-1.0.1-beta2/crypto/opensslv.h.version openssl-1.0.1-beta2/crypto/opensslv.h
--- openssl-1.0.1-beta2/crypto/opensslv.h.version 2012-02-06 17:16:55.529944485 +0100
+++ openssl-1.0.1-beta2/crypto/opensslv.h 2012-02-06 17:16:53.161924733 +0100
@@ -25,7 +25,7 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x10001002L
+#define OPENSSL_VERSION_NUMBER 0x10000003L
#ifdef OPENSSL_FIPS
#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1-fips-beta2 19 Jan 2012"
#else
@@ -83,7 +83,7 @@
* should only keep the versions that are binary compatible with the current.
*/
#define SHLIB_VERSION_HISTORY ""
-#define SHLIB_VERSION_NUMBER "1.0.0"
+#define SHLIB_VERSION_NUMBER "1.0.1"
#endif /* HEADER_OPENSSLV_H */

View File

@ -0,0 +1,26 @@
diff -up openssl-1.0.1-beta3/crypto/rc4/asm/rc4-s390x.pl.s390xbuild openssl-1.0.1-beta3/crypto/rc4/asm/rc4-s390x.pl
--- openssl-1.0.1-beta3/crypto/rc4/asm/rc4-s390x.pl.s390xbuild 2012-02-29 17:40:30.000000000 +0100
+++ openssl-1.0.1-beta3/crypto/rc4/asm/rc4-s390x.pl 2012-02-29 20:03:39.642182906 +0100
@@ -171,10 +171,10 @@ $ikey="%r7";
$iinp="%r8";
$code.=<<___;
-.globl RC4_set_key
-.type RC4_set_key,\@function
+.globl private_RC4_set_key
+.type private_RC4_set_key,\@function
.align 64
-RC4_set_key:
+private_RC4_set_key:
stm${g} %r6,%r8,6*$SIZE_T($sp)
lhi $cnt,256
la $idx,0(%r0)
@@ -210,7 +210,7 @@ RC4_set_key:
.Ldone:
lm${g} %r6,%r8,6*$SIZE_T($sp)
br $rp
-.size RC4_set_key,.-RC4_set_key
+.size private_RC4_set_key,.-private_RC4_set_key
___
}

View File

@ -0,0 +1,64 @@
diff -up openssl-1.0.1-beta3/crypto/cversion.c.version openssl-1.0.1-beta3/crypto/cversion.c
--- openssl-1.0.1-beta3/crypto/cversion.c.version 2004-04-19 20:09:22.000000000 +0200
+++ openssl-1.0.1-beta3/crypto/cversion.c 2012-02-29 11:53:50.650380234 +0100
@@ -110,8 +110,15 @@ const char *SSLeay_version(int t)
return("not available");
}
-unsigned long SSLeay(void)
+unsigned long _original_SSLeay(void)
+ {
+ return(0x10000003);
+ }
+
+unsigned long _current_SSLeay(void)
{
return(SSLEAY_VERSION_NUMBER);
}
+__asm__(".symver _original_SSLeay,SSLeay@");
+__asm__(".symver _current_SSLeay,SSLeay@@OPENSSL_1.0.1");
diff -up openssl-1.0.1-beta3/crypto/opensslv.h.version openssl-1.0.1-beta3/crypto/opensslv.h
--- openssl-1.0.1-beta3/crypto/opensslv.h.version 2012-02-29 11:53:49.952374261 +0100
+++ openssl-1.0.1-beta3/crypto/opensslv.h 2012-02-29 11:53:50.650380234 +0100
@@ -25,7 +25,7 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x10001003L
+#define OPENSSL_VERSION_NUMBER 0x1000100fL
#ifdef OPENSSL_FIPS
#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1-fips-beta3 23 Feb 2012"
#else
@@ -83,7 +83,7 @@
* should only keep the versions that are binary compatible with the current.
*/
#define SHLIB_VERSION_HISTORY ""
-#define SHLIB_VERSION_NUMBER "1.0.0"
+#define SHLIB_VERSION_NUMBER "1.0.1"
#endif /* HEADER_OPENSSLV_H */
diff -up openssl-1.0.1-beta3/Makefile.shared.version openssl-1.0.1-beta3/Makefile.shared
--- openssl-1.0.1-beta3/Makefile.shared.version 2012-02-29 11:53:50.511379043 +0100
+++ openssl-1.0.1-beta3/Makefile.shared 2012-02-29 11:54:47.794869236 +0100
@@ -151,7 +151,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,--default-symver,--version-script=version.map -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
DO_GNU_APP=LDFLAGS="$(CFLAGS)"
diff -up openssl-1.0.1-beta3/version.map.version openssl-1.0.1-beta3/version.map
--- openssl-1.0.1-beta3/version.map.version 2012-02-29 11:53:50.651380242 +0100
+++ openssl-1.0.1-beta3/version.map 2012-02-29 11:55:28.110214232 +0100
@@ -0,0 +1,7 @@
+OPENSSL_1.0.1 {
+ global:
+ SSLeay;
+ local:
+ _original*;
+ _current*;
+};

View File

@ -18,14 +18,15 @@
# also be handled in opensslconf-new.h. # also be handled in opensslconf-new.h.
%define multilib_arches %{ix86} ia64 ppc ppc64 s390 s390x sparcv9 sparc64 x86_64 %define multilib_arches %{ix86} ia64 ppc ppc64 s390 s390x sparcv9 sparc64 x86_64
Summary: A general purpose cryptography library with TLS implementation Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl Name: openssl
Version: 1.0.1 Version: 1.0.1
Release: 0.1.beta2%{?dist} Release: 0.2.beta3%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source # We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below. # tarball with the hobble-openssl script which is included below.
# The original openssl upstream tarball cannot be shipped in the .src.rpm. # The original openssl upstream tarball cannot be shipped in the .src.rpm.
Source: openssl-%{version}-beta2-usa.tar.xz Source: openssl-%{version}-beta3-usa.tar.xz
Source1: hobble-openssl Source1: hobble-openssl
Source2: Makefile.certificate Source2: Makefile.certificate
Source6: make-dummy-cert Source6: make-dummy-cert
@ -42,8 +43,7 @@ Patch6: openssl-0.9.8b-test-use-localhost.patch
Patch7: openssl-1.0.0-timezone.patch Patch7: openssl-1.0.0-timezone.patch
# Bug fixes # Bug fixes
Patch23: openssl-1.0.0-beta4-default-paths.patch Patch23: openssl-1.0.0-beta4-default-paths.patch
Patch24: openssl-0.9.8j-bad-mime.patch Patch24: openssl-1.0.1-beta3-s390xbuild.patch
Patch26: openssl-1.0.0a-load-certs.patch
# Functionality changes # Functionality changes
Patch33: openssl-1.0.0-beta4-ca-dir.patch Patch33: openssl-1.0.0-beta4-ca-dir.patch
Patch34: openssl-0.9.6-x509.patch Patch34: openssl-0.9.6-x509.patch
@ -51,19 +51,17 @@ Patch35: openssl-0.9.8j-version-add-engines.patch
Patch36: openssl-1.0.0e-doc-noeof.patch Patch36: openssl-1.0.0e-doc-noeof.patch
Patch38: openssl-1.0.1-beta2-ssl-op-all.patch Patch38: openssl-1.0.1-beta2-ssl-op-all.patch
Patch39: openssl-1.0.1-beta2-ipv6-apps.patch Patch39: openssl-1.0.1-beta2-ipv6-apps.patch
Patch40: openssl-1.0.1-beta2-fips.patch Patch40: openssl-1.0.1-beta3-fips.patch
Patch42: openssl-1.0.1-beta2-no-srp.patch
Patch45: openssl-0.9.8j-env-nozlib.patch Patch45: openssl-0.9.8j-env-nozlib.patch
Patch47: openssl-1.0.0-beta5-readme-warning.patch Patch47: openssl-1.0.0-beta5-readme-warning.patch
Patch49: openssl-1.0.0-beta4-algo-doc.patch Patch49: openssl-1.0.0-beta4-algo-doc.patch
Patch50: openssl-1.0.1-beta2-dtls1-abi.patch Patch50: openssl-1.0.1-beta2-dtls1-abi.patch
Patch51: openssl-1.0.1-beta2-version.patch Patch51: openssl-1.0.1-beta3-version.patch
Patch56: openssl-1.0.0c-rsa-x931.patch Patch56: openssl-1.0.0c-rsa-x931.patch
Patch58: openssl-1.0.1-beta2-fips-md5-allow.patch Patch58: openssl-1.0.1-beta2-fips-md5-allow.patch
Patch60: openssl-1.0.0d-apps-dgst.patch Patch60: openssl-1.0.0d-apps-dgst.patch
Patch63: openssl-1.0.0d-xmpp-starttls.patch Patch63: openssl-1.0.0d-xmpp-starttls.patch
Patch65: openssl-1.0.0e-chil-fixes.patch Patch65: openssl-1.0.0e-chil-fixes.patch
Patch67: openssl-1.0.0e-pkgconfig-private.patch
# Backported fixes including security fixes # Backported fixes including security fixes
Patch81: openssl-1.0.1-beta2-padlock64.patch Patch81: openssl-1.0.1-beta2-padlock64.patch
@ -73,7 +71,8 @@ URL: http://www.openssl.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-root BuildRoot: %{_tmppath}/%{name}-%{version}-root
BuildRequires: coreutils, krb5-devel, perl, sed, zlib-devel, /usr/bin/cmp BuildRequires: coreutils, krb5-devel, perl, sed, zlib-devel, /usr/bin/cmp
BuildRequires: /usr/bin/rename BuildRequires: /usr/bin/rename
Requires: coreutils, ca-certificates >= 2008-5 Requires: coreutils, make
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
%description %description
The OpenSSL toolkit provides support for secure communications between The OpenSSL toolkit provides support for secure communications between
@ -81,10 +80,21 @@ machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and libraries which provide various cryptographic algorithms and
protocols. protocols.
%package libs
Summary: A general purpose cryptography library with TLS implementation
Group: System Environment/Libraries
Requires: ca-certificates >= 2008-5
%description libs
OpenSSL is a toolkit for supporting cryptography. The openssl-libs
package contains the libraries that are used by various applications which
support cryptographic algorithms and protocols.
%package devel %package devel
Summary: Files for development of applications which will use OpenSSL Summary: Files for development of applications which will use OpenSSL
Group: Development/Libraries Group: Development/Libraries
Requires: %{name} = %{version}-%{release}, krb5-devel, zlib-devel Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
Requires: krb5-devel%{?_isa}, zlib-devel%{?_isa}
Requires: pkgconfig Requires: pkgconfig
%description devel %description devel
@ -95,7 +105,7 @@ support various cryptographic algorithms and protocols.
%package static %package static
Summary: Libraries for static linking of applications which will use OpenSSL Summary: Libraries for static linking of applications which will use OpenSSL
Group: Development/Libraries Group: Development/Libraries
Requires: %{name}-devel = %{version}-%{release} Requires: %{name}-devel%{?_isa} = %{epoch}:%{version}-%{release}
%description static %description static
OpenSSL is a toolkit for supporting cryptography. The openssl-static OpenSSL is a toolkit for supporting cryptography. The openssl-static
@ -107,7 +117,7 @@ protocols.
Summary: Perl scripts provided with OpenSSL Summary: Perl scripts provided with OpenSSL
Group: Applications/Internet Group: Applications/Internet
Requires: perl Requires: perl
Requires: %{name} = %{version}-%{release} Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
%description perl %description perl
OpenSSL is a toolkit for supporting cryptography. The openssl-perl OpenSSL is a toolkit for supporting cryptography. The openssl-perl
@ -115,7 +125,7 @@ package provides Perl scripts for converting certificates and keys
from other formats to the formats used by the OpenSSL toolkit. from other formats to the formats used by the OpenSSL toolkit.
%prep %prep
%setup -q -n %{name}-%{version}-beta2 %setup -q -n %{name}-%{version}-beta3
# The hobble_openssl is called here redundantly, just to be sure. # The hobble_openssl is called here redundantly, just to be sure.
# The tarball has already the sources removed. # The tarball has already the sources removed.
@ -128,8 +138,7 @@ from other formats to the formats used by the OpenSSL toolkit.
%patch7 -p1 -b .timezone %patch7 -p1 -b .timezone
%patch23 -p1 -b .default-paths %patch23 -p1 -b .default-paths
%patch24 -p1 -b .bad-mime %patch24 -p1 -b .s390xbuild
%patch26 -p1 -b .load-certs
%patch33 -p1 -b .ca-dir %patch33 -p1 -b .ca-dir
%patch34 -p1 -b .x509 %patch34 -p1 -b .x509
@ -138,7 +147,6 @@ from other formats to the formats used by the OpenSSL toolkit.
%patch38 -p1 -b .op-all %patch38 -p1 -b .op-all
%patch39 -p1 -b .ipv6-apps %patch39 -p1 -b .ipv6-apps
%patch40 -p1 -b .fips %patch40 -p1 -b .fips
%patch42 -p1 -b .no-srp
%patch45 -p1 -b .env-nozlib %patch45 -p1 -b .env-nozlib
%patch47 -p1 -b .warning %patch47 -p1 -b .warning
%patch49 -p1 -b .algo-doc %patch49 -p1 -b .algo-doc
@ -149,7 +157,6 @@ from other formats to the formats used by the OpenSSL toolkit.
%patch60 -p1 -b .dgst %patch60 -p1 -b .dgst
%patch63 -p1 -b .starttls %patch63 -p1 -b .starttls
%patch65 -p1 -b .chil %patch65 -p1 -b .chil
%patch67 -p1 -b .private
%patch81 -p1 -b .padlock64 %patch81 -p1 -b .padlock64
# Modify the various perl scripts to reference perl in the right location. # Modify the various perl scripts to reference perl in the right location.
@ -184,7 +191,7 @@ sslarch=linux-alpha-gcc
sslarch="linux-generic32 -DB_ENDIAN" sslarch="linux-generic32 -DB_ENDIAN"
%endif %endif
%ifarch s390x %ifarch s390x
sslarch="linux-s390x" sslarch="linux64-s390x"
%endif %endif
%ifarch %{arm} sh3 sh4 %ifarch %{arm} sh3 sh4
sslarch=linux-generic32 sslarch=linux-generic32
@ -202,7 +209,9 @@ sslarch=linux-generic32
# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be # Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
# marked as not requiring an executable stack. # marked as not requiring an executable stack.
RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack" # Also add -DPURIFY to make using valgrind with openssl easier as we do not
# want to depend on the uninitialized memory as a source of entropy anyway.
RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DPURIFY"
make depend make depend
make all make all
@ -243,6 +252,8 @@ make -C test apps tests
ln -sf .libssl.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{soversion}.hmac \ ln -sf .libssl.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{soversion}.hmac \
%{nil} %{nil}
%define __provides_exclude_from %{_libdir}/openssl
%install %install
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
# Install OpenSSL. # Install OpenSSL.
@ -349,11 +360,8 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%doc doc/openssl_button.html doc/openssl_button.gif %doc doc/openssl_button.html doc/openssl_button.gif
%doc doc/ssleay.txt %doc doc/ssleay.txt
%doc README.FIPS %doc README.FIPS
%dir %{_sysconfdir}/pki/tls
%dir %{_sysconfdir}/pki/tls/certs
%{_sysconfdir}/pki/tls/certs/make-dummy-cert %{_sysconfdir}/pki/tls/certs/make-dummy-cert
%{_sysconfdir}/pki/tls/certs/Makefile %{_sysconfdir}/pki/tls/certs/Makefile
%dir %{_sysconfdir}/pki/tls/misc
%{_sysconfdir}/pki/tls/misc/CA %{_sysconfdir}/pki/tls/misc/CA
%dir %{_sysconfdir}/pki/CA %dir %{_sysconfdir}/pki/CA
%dir %{_sysconfdir}/pki/CA/private %dir %{_sysconfdir}/pki/CA/private
@ -361,11 +369,19 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%dir %{_sysconfdir}/pki/CA/crl %dir %{_sysconfdir}/pki/CA/crl
%dir %{_sysconfdir}/pki/CA/newcerts %dir %{_sysconfdir}/pki/CA/newcerts
%{_sysconfdir}/pki/tls/misc/c_* %{_sysconfdir}/pki/tls/misc/c_*
%{_sysconfdir}/pki/tls/private
%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
%attr(0755,root,root) %{_bindir}/openssl %attr(0755,root,root) %{_bindir}/openssl
%attr(0644,root,root) %{_mandir}/man1*/[ABD-Zabcd-z]*
%attr(0644,root,root) %{_mandir}/man5*/*
%attr(0644,root,root) %{_mandir}/man7*/*
%files libs
%defattr(-,root,root)
%doc LICENSE
%dir %{_sysconfdir}/pki/tls
%dir %{_sysconfdir}/pki/tls/certs
%dir %{_sysconfdir}/pki/tls/misc
%dir %{_sysconfdir}/pki/tls/private
%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
%attr(0755,root,root) /%{_lib}/libcrypto.so.%{version} %attr(0755,root,root) /%{_lib}/libcrypto.so.%{version}
%attr(0755,root,root) /%{_lib}/libcrypto.so.%{soversion} %attr(0755,root,root) /%{_lib}/libcrypto.so.%{soversion}
%attr(0755,root,root) %{_libdir}/libssl.so.%{version} %attr(0755,root,root) %{_libdir}/libssl.so.%{version}
@ -373,9 +389,6 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%attr(0644,root,root) /%{_lib}/.libcrypto.so.*.hmac %attr(0644,root,root) /%{_lib}/.libcrypto.so.*.hmac
%attr(0644,root,root) %{_libdir}/.libssl.so.*.hmac %attr(0644,root,root) %{_libdir}/.libssl.so.*.hmac
%attr(0755,root,root) %{_libdir}/openssl %attr(0755,root,root) %{_libdir}/openssl
%attr(0644,root,root) %{_mandir}/man1*/[ABD-Zabcd-z]*
%attr(0644,root,root) %{_mandir}/man5*/*
%attr(0644,root,root) %{_mandir}/man7*/*
%files devel %files devel
%defattr(-,root,root) %defattr(-,root,root)
@ -395,11 +408,21 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%{_sysconfdir}/pki/tls/misc/*.pl %{_sysconfdir}/pki/tls/misc/*.pl
%{_sysconfdir}/pki/tls/misc/tsget %{_sysconfdir}/pki/tls/misc/tsget
%post -p /sbin/ldconfig %post libs -p /sbin/ldconfig
%postun -p /sbin/ldconfig %postun libs -p /sbin/ldconfig
%changelog %changelog
* Wed Feb 29 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1-0.2.beta3
- epoch bumped to 1 due to revert to 1.0.0g on Fedora 17
- new upstream release from the 1.0.1 branch
- fix s390x build (#798411)
- versioning for the SSLeay symbol (#794950)
- add -DPURIFY to build flags (#797323)
- filter engine provides
- split the libraries to a separate -libs package
- add make to requires on the base package (#783446)
* Tue Feb 7 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1-0.1.beta2 * Tue Feb 7 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1-0.1.beta2
- new upstream release from the 1.0.1 branch, ABI compatible - new upstream release from the 1.0.1 branch, ABI compatible
- add documentation for the -no_ign_eof option - add documentation for the -no_ign_eof option

View File

@ -1 +1 @@
08cff5d4024ab8ff1a52d261d7d49623 openssl-1.0.1-beta2-usa.tar.xz 3112d56b828c44258f34d6ab54474da8 openssl-1.0.1-beta3-usa.tar.xz