diff --git a/openssl.spec b/openssl.spec index c3116ca..e518548 100644 --- a/openssl.spec +++ b/openssl.spec @@ -8,7 +8,10 @@ # 0.9.8ab soversion = 6 # 0.9.8g soversion = 7 # 0.9.8jk + EAP-FAST soversion = 8 -%define soversion 8 +# 1.0.0 soversion = 10 +%define soversion 10 + +%define beta beta3 # Number of threads to spawn when testing some threading fixes. %define thread_test_threads %{?threads:%{threads}}%{!?threads:1} @@ -19,11 +22,11 @@ Summary: A general purpose cryptography library with TLS implementation Name: openssl -Version: 0.9.8k -Release: 7%{?dist} +Version: 1.0.0 +Release: 0.1.%{beta}%{?dist} # We remove certain patented algorithms from the openssl source tarball # with the hobble-openssl script which is included below. -Source: openssl-%{version}-usa.tar.bz2 +Source: openssl-%{version}-%{beta}-usa.tar.bz2 Source1: hobble-openssl Source2: Makefile.certificate Source6: make-dummy-cert @@ -32,41 +35,34 @@ Source9: opensslconf-new.h Source10: opensslconf-new-warning.h Source11: README.FIPS # Build changes -Patch0: openssl-0.9.8j-redhat.patch -Patch1: openssl-0.9.8a-defaults.patch -Patch2: openssl-0.9.8a-link-krb5.patch -Patch3: openssl-0.9.8j-soversion.patch -Patch4: openssl-0.9.8j-enginesdir.patch +Patch0: openssl-1.0.0-beta3-redhat.patch +Patch1: openssl-1.0.0-beta3-defaults.patch +Patch2: openssl-1.0.0-beta3-krb5.patch +Patch3: openssl-1.0.0-beta3-soversion.patch +Patch4: openssl-1.0.0-beta3-enginesdir.patch Patch5: openssl-0.9.8a-no-rpath.patch Patch6: openssl-0.9.8b-test-use-localhost.patch -Patch7: openssl-0.9.8k-shlib-version.patch # Bug fixes Patch21: openssl-0.9.8b-aliasing-bug.patch -Patch22: openssl-0.9.8k-x509-name-cmp.patch -Patch23: openssl-0.9.8g-default-paths.patch -Patch24: openssl-0.9.8g-no-extssl.patch +Patch23: openssl-1.0.0-beta3-default-paths.patch # Functionality changes Patch32: openssl-0.9.8g-ia64.patch Patch33: openssl-0.9.8j-ca-dir.patch Patch34: openssl-0.9.6-x509.patch Patch35: openssl-0.9.8j-version-add-engines.patch -Patch38: openssl-0.9.8a-reuse-cipher-change.patch -Patch39: openssl-0.9.8g-ipv6-apps.patch -Patch40: openssl-0.9.8j-nocanister.patch -Patch41: openssl-0.9.8k-use-fipscheck.patch -Patch42: openssl-0.9.8k-fipscheck-hmac.patch -Patch44: openssl-0.9.8k-kernel-fipsmode.patch +Patch38: openssl-1.0.0-beta3-cipher-change.patch +Patch39: openssl-1.0.0-beta3-ipv6-apps.patch +Patch40: openssl-1.0.0-beta3-fips.patch +Patch41: openssl-1.0.0-beta3-fipscheck.patch +Patch43: openssl-1.0.0-beta3-fipsmode.patch +Patch44: openssl-1.0.0-beta3-fipsrng.patch Patch45: openssl-0.9.8j-env-nozlib.patch -Patch46: openssl-0.9.8j-eap-fast.patch Patch47: openssl-0.9.8j-readme-warning.patch Patch48: openssl-0.9.8j-bad-mime.patch -Patch49: openssl-0.9.8j-fips-no-pairwise.patch -Patch50: openssl-0.9.8k-fips-rng-seed.patch -Patch51: openssl-0.9.8k-multi-crl.patch -Patch52: openssl-0.9.8k-dtls-compat.patch -Patch53: openssl-0.9.8k-dtls-dos.patch -Patch54: openssl-0.9.8k-algo-doc.patch +Patch49: openssl-0.9.8k-algo-doc.patch # Backported fixes including security fixes +Patch60: openssl-1.0.0-beta3-namingstr.patch +Patch61: openssl-1.0.0-beta3-namingblk.patch License: OpenSSL Group: System Environment/Libraries @@ -76,6 +72,14 @@ BuildRequires: mktemp, krb5-devel, perl, sed, zlib-devel, /usr/bin/cmp BuildRequires: /usr/bin/rename Requires: mktemp, ca-certificates >= 2008-5 +# Temporary hack +Requires(post): coreutils +%ifarch ppc64 s390x sparc64 x86_64 +Provides: libcrypto.so.8()(64bit) libssl.so.8()(64bit) +%else +Provides: libcrypto.so.8 libssl.so.8 +%endif + %description The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared @@ -116,7 +120,7 @@ package provides Perl scripts for converting certificates and keys from other formats to the formats used by the OpenSSL toolkit. %prep -%setup -q +%setup -q -n %{name}-%{version}-%{beta} %{SOURCE1} > /dev/null %patch0 -p1 -b .redhat @@ -127,12 +131,9 @@ from other formats to the formats used by the OpenSSL toolkit. %patch4 -p1 -b .enginesdir %patch5 -p1 -b .no-rpath %patch6 -p1 -b .use-localhost -%patch7 -p1 -b .shlib-version %patch21 -p1 -b .aliasing-bug -%patch22 -p1 -b .name-cmp %patch23 -p1 -b .default-paths -%patch24 -p1 -b .no-extssl %patch32 -p1 -b .ia64 %patch33 -p1 -b .ca-dir @@ -140,20 +141,16 @@ from other formats to the formats used by the OpenSSL toolkit. %patch35 -p1 -b .version-add-engines %patch38 -p1 -b .cipher-change %patch39 -p1 -b .ipv6-apps -%patch40 -p1 -b .nocanister -%patch41 -p1 -b .use-fipscheck -%patch42 -p1 -b .fipscheck-hmac -%patch44 -p1 -b .fipsmode +%patch40 -p1 -b .fips +%patch41 -p1 -b .fipscheck +%patch43 -p1 -b .fipsmode +%patch44 -p1 -b .fipsrng %patch45 -p1 -b .env-nozlib -%patch46 -p1 -b .eap-fast %patch47 -p1 -b .warning %patch48 -p1 -b .bad-mime -%patch49 -p1 -b .no-pairwise -%patch50 -p1 -b .rng-seed -%patch51 -p1 -b .multi-crl -%patch52 -p1 -b .dtls-compat -%patch53 -p1 -b .dtls-dos -%patch54 -p1 -b .algo-doc +%patch49 -p1 -b .algo-doc +%patch60 -p1 -b .namingstr +%patch61 -p1 -b .namingblk # Modify the various perl scripts to reference perl in the right location. perl util/perlpath.pl `dirname %{__perl}` @@ -201,7 +198,7 @@ sslarch=linux-generic32 zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \ enable-cms no-idea no-mdc2 no-rc5 no-ec no-ecdh no-ecdsa shared \ --with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines \ - --with-krb5-dir=/usr ${sslarch} fipscanisterbuild + --with-krb5-dir=/usr ${sslarch} fips # Add -Wa,--noexecstack here so that libcrypto's assembler modules will be # marked as not requiring an executable stack. @@ -240,9 +237,9 @@ make -C test apps tests %{?__debug_package:%{__debug_install_post}} \ %{__arch_install_post} \ %{__os_install_post} \ - fips/fips_standalone_sha1 $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{version}.hmac \ + crypto/fips/fips_standalone_sha1 $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{version}.hmac \ ln -sf .libcrypto.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{soversion}.hmac \ - fips/fips_standalone_sha1 $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{version}.hmac \ + crypto/fips/fips_standalone_sha1 $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{version}.hmac \ ln -sf .libssl.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{soversion}.hmac \ %{nil} @@ -263,6 +260,9 @@ for lib in $RPM_BUILD_ROOT%{_libdir}/*.so.%{version} ; do chmod 755 ${lib} ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}` ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`.%{soversion} +# Temporary hack + ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`.8 + done # Install a makefile for generating keys and self-signed certs, and a script @@ -378,6 +378,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %attr(0644,root,root) %{_mandir}/man5*/* %attr(0644,root,root) %{_mandir}/man7*/* +# Temporary hack +%attr(0755,root,root) /%{_lib}/*.so.8 + %files devel %defattr(-,root,root) %{_prefix}/include/openssl @@ -393,14 +396,28 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %defattr(-,root,root) %attr(0755,root,root) %{_bindir}/c_rehash %attr(0644,root,root) %{_mandir}/man1*/*.pl* -%dir %{_sysconfdir}/pki/tls/misc %{_sysconfdir}/pki/tls/misc/*.pl +%{_sysconfdir}/pki/tls/misc/tsget %post -p /sbin/ldconfig %postun -p /sbin/ldconfig +%triggerpostun -- openssl < 1.0.0 +# Temporary hack +[ $1 != 0 ] || exit 0 +if [ "$(readlink /%{_lib}/libcrypto.so.8)" != libcrypto.so.%{version} ] ; then + ln -sf libcrypto.so.%{version} /%{_lib}/libcrypto.so.8 || : +fi +if [ "$(readlink /%{_lib}/libssl.so.8)" != libssl.so.%{version} ] ; then + ln -sf libssl.so.%{version} /%{_lib}/libssl.so.8 || : +fi +/sbin/ldconfig -X + %changelog +* Thu Aug 20 2009 Tomas Mraz 1.0.0-0.1.beta3 +- update to new major upstream release + * Sat Jul 25 2009 Fedora Release Engineering - 0.9.8k-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild