diff --git a/baselibs.conf b/baselibs.conf index 330eb61..e6caf8f 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -5,5 +5,6 @@ libopenssl1_1-hmac libopenssl-1_1-devel provides "libopenssl-devel- = " conflicts "otherproviders(libopenssl-devel-)" + conflicts "libopenssl-3-devel-" requires -"openssl-1_1-" requires "libopenssl1_1- = " diff --git a/openssl-1_1-openssl-config.patch b/openssl-1_1-openssl-config.patch new file mode 100644 index 0000000..5ff415e --- /dev/null +++ b/openssl-1_1-openssl-config.patch @@ -0,0 +1,530 @@ +Index: openssl-1.1.1s/Configurations/unix-Makefile.tmpl +=================================================================== +--- openssl-1.1.1s.orig/Configurations/unix-Makefile.tmpl ++++ openssl-1.1.1s/Configurations/unix-Makefile.tmpl +@@ -140,8 +140,8 @@ INSTALL_SHLIB_INFO={- join(" ", map { "\ + INSTALL_ENGINES={- join(" ", map { dso($_) } @{$unified_info{install}->{engines}}) -} + INSTALL_PROGRAMS={- join(" ", map { $_.$exeext } @{$unified_info{install}->{programs}}) -} + {- output_off() if $disabled{apps}; "" -} +-BIN_SCRIPTS=$(BLDDIR)/tools/c_rehash +-MISC_SCRIPTS=$(BLDDIR)/apps/CA.pl $(BLDDIR)/apps/tsget.pl:tsget ++BIN_SCRIPTS=$(BLDDIR)/tools/c_rehash-1_1 ++MISC_SCRIPTS=$(BLDDIR)/apps/CA-1_1.pl $(BLDDIR)/apps/tsget-1_1.pl:tsget-1_1 + {- output_on() if $disabled{apps}; "" -} + + APPS_OPENSSL={- use File::Spec::Functions; +@@ -579,14 +579,14 @@ install_ssldirs: + : {- output_on() if windowsdll(); "" -}; \ + fi; \ + done +- @$(ECHO) "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist" +- @cp $(SRCDIR)/apps/openssl.cnf "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new" +- @chmod 644 "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new" +- @mv -f "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new" "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist" +- @if [ ! -f "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf" ]; then \ +- $(ECHO) "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \ +- cp $(SRCDIR)/apps/openssl.cnf "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \ +- chmod 644 "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \ ++ @$(ECHO) "install $(SRCDIR)/apps/openssl-1_1.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl-1_1.cnf.dist" ++ @cp $(SRCDIR)/apps/openssl-1_1.cnf "$(DESTDIR)$(OPENSSLDIR)/openssl-1_1.cnf.new" ++ @chmod 644 "$(DESTDIR)$(OPENSSLDIR)/openssl-1_1.cnf.new" ++ @mv -f "$(DESTDIR)$(OPENSSLDIR)/openssl-1_1.cnf.new" "$(DESTDIR)$(OPENSSLDIR)/openssl-1_1.cnf.dist" ++ @if [ ! -f "$(DESTDIR)$(OPENSSLDIR)/openssl-1_1.cnf" ]; then \ ++ $(ECHO) "install $(SRCDIR)/apps/openssl-1_1.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl-1_1.cnf"; \ ++ cp $(SRCDIR)/apps/openssl-1_1.cnf "$(DESTDIR)$(OPENSSLDIR)/openssl-1_1.cnf"; \ ++ chmod 644 "$(DESTDIR)$(OPENSSLDIR)/openssl-1_1.cnf"; \ + fi + @$(ECHO) "install $(SRCDIR)/apps/ct_log_list.cnf -> $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.dist" + @cp $(SRCDIR)/apps/ct_log_list.cnf "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new" +@@ -870,7 +870,7 @@ lint: + + generate_apps: + ( cd $(SRCDIR); $(PERL) VMS/VMSify-conf.pl \ +- < apps/openssl.cnf > apps/openssl-vms.cnf ) ++ < apps/openssl-1_1.cnf > apps/openssl-vms.cnf ) + + generate_crypto_bn: + ( cd $(SRCDIR); $(PERL) crypto/bn/bn_prime.pl > crypto/bn/bn_prime.h ) +Index: openssl-1.1.1s/Configure +=================================================================== +--- openssl-1.1.1s.orig/Configure ++++ openssl-1.1.1s/Configure +@@ -35,7 +35,7 @@ my $usage="Usage: Configure [no- + # directories bin, lib, include, share/man, share/doc/openssl + # This becomes the value of INSTALLTOP in Makefile + # (Default: /usr/local) +-# --openssldir OpenSSL data area, such as openssl.cnf, certificates and keys. ++# --openssldir OpenSSL data area, such as openssl-1_1.cnf, certificates and keys. + # If it's a relative directory, it will be added on the directory + # given with --prefix. + # This becomes the value of OPENSSLDIR in Makefile and in C. +Index: openssl-1.1.1s/INSTALL +=================================================================== +--- openssl-1.1.1s.orig/INSTALL ++++ openssl-1.1.1s/INSTALL +@@ -296,7 +296,7 @@ + be undesirable if small executable size is an objective. + + no-autoload-config +- Don't automatically load the default openssl.cnf file. ++ Don't automatically load the default openssl-1_1.cnf file. + Typically OpenSSL will automatically load a system config + file which configures default ssl options. + +Index: openssl-1.1.1s/NEWS +=================================================================== +--- openssl-1.1.1s.orig/NEWS ++++ openssl-1.1.1s/NEWS +@@ -5,6 +5,9 @@ + This file gives a brief overview of the major changes between each OpenSSL + release. For more details please read the CHANGES file. + ++ IMPORTANT: For compatibility with OpenSSL 3.0, the OpenSSL master ++ configuration file openssl.cnf has been renamed to openssl-1_1.cnf. ++ + Major changes between OpenSSL 1.1.1r and OpenSSL 1.1.1s [1 Nov 2022] + + o Fixed a regression introduced in OpenSSL 1.1.1r not refreshing the +Index: openssl-1.1.1s/doc/HOWTO/certificates.txt +=================================================================== +--- openssl-1.1.1s.orig/doc/HOWTO/certificates.txt ++++ openssl-1.1.1s/doc/HOWTO/certificates.txt +@@ -16,7 +16,7 @@ Certificate authorities should read http + In all the cases shown below, the standard configuration file, as + compiled into openssl, will be used. You may find it in /etc/, + /usr/local/ssl/ or somewhere else. By default the file is named +-openssl.cnf and is described at https://www.openssl.org/docs/apps/config.html. ++openssl-1_1.cnf and is described at https://www.openssl.org/docs/apps/config.html. + You can specify a different configuration file using the + '-config {file}' argument with the commands shown below. + +Index: openssl-1.1.1s/doc/man3/OPENSSL_config.pod +=================================================================== +--- openssl-1.1.1s.orig/doc/man3/OPENSSL_config.pod ++++ openssl-1.1.1s/doc/man3/OPENSSL_config.pod +@@ -15,7 +15,7 @@ OPENSSL_config, OPENSSL_no_config - simp + + =head1 DESCRIPTION + +-OPENSSL_config() configures OpenSSL using the standard B and ++OPENSSL_config() configures OpenSSL using the standard B and + reads from the application section B. If B is NULL then + the default section, B, will be used. + Errors are silently ignored. +Index: openssl-1.1.1s/doc/man5/config.pod +=================================================================== +--- openssl-1.1.1s.orig/doc/man5/config.pod ++++ openssl-1.1.1s/doc/man5/config.pod +@@ -7,7 +7,7 @@ config - OpenSSL CONF library configurat + =head1 DESCRIPTION + + The OpenSSL CONF library can be used to read configuration files. +-It is used for the OpenSSL master configuration file B ++It is used for the OpenSSL master configuration file B + and in a few other places like B files and certificate extension + files for the B utility. OpenSSL applications can also use the + CONF library for their own purposes. +Index: openssl-1.1.1s/include/internal/cryptlib.h +=================================================================== +--- openssl-1.1.1s.orig/include/internal/cryptlib.h ++++ openssl-1.1.1s/include/internal/cryptlib.h +@@ -51,7 +51,7 @@ typedef struct app_mem_info_st APP_INFO; + typedef struct mem_st MEM; + DEFINE_LHASH_OF(MEM); + +-# define OPENSSL_CONF "openssl.cnf" ++# define OPENSSL_CONF "openssl-1_1.cnf" + + # ifndef OPENSSL_SYS_VMS + # define X509_CERT_AREA OPENSSLDIR +Index: openssl-1.1.1s/Configurations/descrip.mms.tmpl +=================================================================== +--- openssl-1.1.1s.orig/Configurations/descrip.mms.tmpl ++++ openssl-1.1.1s/Configurations/descrip.mms.tmpl +@@ -140,8 +140,8 @@ INSTALL_SHLIBS={- join(", ", map { "-\n\ + INSTALL_ENGINES={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{install}->{engines}}) -} + INSTALL_PROGRAMS={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{install}->{programs}}) -} + {- output_off() if $disabled{apps}; "" -} +-BIN_SCRIPTS=[.tools]c_rehash.pl +-MISC_SCRIPTS=[.apps]CA.pl, [.apps]tsget.pl ++BIN_SCRIPTS=[.tools]c_rehash-1_1.pl ++MISC_SCRIPTS=[.apps]CA-1_1.pl, [.apps]tsget-1_1.pl + {- output_on() if $disabled{apps}; "" -} + + APPS_OPENSSL={- use File::Spec::Functions; +Index: openssl-1.1.1s/VMS/openssl_utils.com.in +=================================================================== +--- openssl-1.1.1s.orig/VMS/openssl_utils.com.in ++++ openssl-1.1.1s/VMS/openssl_utils.com.in +@@ -8,7 +8,7 @@ $ OPENSSL :== $OSSL$EXE:OPENSSL'v' + $ + $ IF F$TYPE(PERL) .EQS. "STRING" + $ THEN +-$ C_REHASH :== 'PERL' OSSL$EXE:c_rehash.pl ++$ C_REHASH :== 'PERL' OSSL$EXE:c_rehash-1_1.pl + $ ELSE + $ WRITE SYS$ERROR "NOTE: no perl => no C_REHASH" + $ ENDIF +Index: openssl-1.1.1s/apps/CA.pl.in +=================================================================== +--- openssl-1.1.1s.orig/apps/CA.pl.in ++++ openssl-1.1.1s/apps/CA.pl.in +@@ -113,10 +113,10 @@ sub run + + + if ( $WHAT =~ /^(-\?|-h|-help)$/ ) { +- print STDERR "usage: CA.pl -newcert | -newreq | -newreq-nodes | -xsign | -sign | -signCA | -signcert | -crl | -newca [-extra-cmd extra-params]\n"; +- print STDERR " CA.pl -pkcs12 [-extra-pkcs12 extra-params] [certname]\n"; +- print STDERR " CA.pl -verify [-extra-verify extra-params] certfile ...\n"; +- print STDERR " CA.pl -revoke [-extra-ca extra-params] certfile [reason]\n"; ++ print STDERR "usage: CA-1_1.pl -newcert | -newreq | -newreq-nodes | -xsign | -sign | -signCA | -signcert | -crl | -newca [-extra-cmd extra-params]\n"; ++ print STDERR " CA-1_1.pl -pkcs12 [-extra-pkcs12 extra-params] [certname]\n"; ++ print STDERR " CA-1_1.pl -verify [-extra-verify extra-params] certfile ...\n"; ++ print STDERR " CA-1_1.pl -revoke [-extra-ca extra-params] certfile [reason]\n"; + exit 0; + } + if ($WHAT eq '-newcert' ) { +Index: openssl-1.1.1s/apps/build.info +=================================================================== +--- openssl-1.1.1s.orig/apps/build.info ++++ openssl-1.1.1s/apps/build.info +@@ -73,7 +73,7 @@ IF[{- !$disabled{apps} -}] + GENERATE[progs.h]=progs.pl $(APPS_OPENSSL) + DEPEND[progs.h]=../configdata.pm + +- SCRIPTS=CA.pl tsget.pl +- SOURCE[CA.pl]=CA.pl.in +- SOURCE[tsget.pl]=tsget.in ++ SCRIPTS=CA-1_1.pl tsget-1_1.pl ++ SOURCE[CA-1_1.pl]=CA.pl.in ++ SOURCE[tsget-1_1.pl]=tsget.in + ENDIF +Index: openssl-1.1.1s/apps/tsget.in +=================================================================== +--- openssl-1.1.1s.orig/apps/tsget.in ++++ openssl-1.1.1s/apps/tsget.in +@@ -47,7 +47,7 @@ sub create_curl { + $curl->setopt(CURLOPT_VERBOSE, 1) if $options{d}; + $curl->setopt(CURLOPT_FAILONERROR, 1); + $curl->setopt(CURLOPT_USERAGENT, +- "OpenTSA tsget.pl/openssl-{- $config{version} -}"); ++ "OpenTSA tsget-1_1.pl/openssl-{- $config{version} -}"); + + # Options for POST method. + $curl->setopt(CURLOPT_UPLOAD, 1); +Index: openssl-1.1.1s/doc/man1/CA.pl.pod +=================================================================== +--- openssl-1.1.1s.orig/doc/man1/CA.pl.pod ++++ openssl-1.1.1s/doc/man1/CA.pl.pod +@@ -2,16 +2,16 @@ + + =head1 NAME + +-CA.pl - friendlier interface for OpenSSL certificate programs ++CA-1_1.pl - friendlier interface for OpenSSL certificate programs + + =head1 SYNOPSIS + +-B ++B + B<-?> | + B<-h> | + B<-help> + +-B ++B + B<-newcert> | + B<-newreq> | + B<-newreq-nodes> | +@@ -23,15 +23,15 @@ B<-crl> | + B<-newca> + [B<-extra-cmd> extra-params] + +-B B<-pkcs12> [B<-extra-pkcs12> extra-params] [B] ++B B<-pkcs12> [B<-extra-pkcs12> extra-params] [B] + +-B B<-verify> [B<-extra-verify> extra-params] B... ++B B<-verify> [B<-extra-verify> extra-params] B... + +-B B<-revoke> [B<-extra-ca> extra-params] B [B] ++B B<-revoke> [B<-extra-ca> extra-params] B [B] + + =head1 DESCRIPTION + +-The B script is a perl script that supplies the relevant command line ++The B script is a perl script that supplies the relevant command line + arguments to the B command for some common certificate operations. + It is intended to simplify the process of certificate creation and management + by the use of some simple options. +@@ -136,19 +136,19 @@ Users should consult B command + + Create a CA hierarchy: + +- CA.pl -newca ++ CA-1_1.pl -newca + + Complete certificate creation example: create a CA, create a request, sign + the request and finally create a PKCS#12 file containing it. + +- CA.pl -newca +- CA.pl -newreq +- CA.pl -sign +- CA.pl -pkcs12 "My Test Certificate" ++ CA-1_1.pl -newca ++ CA-1_1.pl -newreq ++ CA-1_1.pl -sign ++ CA-1_1.pl -pkcs12 "My Test Certificate" + + =head1 DSA CERTIFICATES + +-Although the B creates RSA CAs and requests it is still possible to ++Although the B creates RSA CAs and requests it is still possible to + use it with DSA certificates and requests using the L command + directly. The following example shows the steps that would typically be taken. + +@@ -162,7 +162,7 @@ Create a DSA CA certificate and private + + Create the CA directories and files: + +- CA.pl -newca ++ CA-1_1.pl -newca + + enter cacert.pem when prompted for the CA filename. + +@@ -173,22 +173,22 @@ can optionally be created first): + + Sign the request: + +- CA.pl -sign ++ CA-1_1.pl -sign + + =head1 NOTES + +-Most of the filenames mentioned can be modified by editing the B script. ++Most of the filenames mentioned can be modified by editing the B script. + + If the demoCA directory already exists then the B<-newca> command will not + overwrite it and will do nothing. This can happen if a previous call using + the B<-newca> option terminated abnormally. To get the correct behaviour + delete the demoCA directory if it already exists. + +-Under some environments it may not be possible to run the B script ++Under some environments it may not be possible to run the B script + directly (for example Win32) and the default configuration file location may + be wrong. In this case the command: + +- perl -S CA.pl ++ perl -S CA-1_1.pl + + can be used and the B environment variable changed to point to + the correct path of the configuration file. +Index: openssl-1.1.1s/doc/man1/ca.pod +=================================================================== +--- openssl-1.1.1s.orig/doc/man1/ca.pod ++++ openssl-1.1.1s/doc/man1/ca.pod +@@ -698,7 +698,7 @@ the database has to be kept in memory. + The B command really needs rewriting or the required functionality + exposed at either a command or interface level so a more friendly utility + (perl script or GUI) can handle things properly. The script +-B helps a little but not very much. ++B helps a little but not very much. + + Any fields in a request that are not present in a policy are silently + deleted. This does not happen if the B<-preserveDN> option is used. To +@@ -754,7 +754,7 @@ are in year 2050 or later. + + =head1 SEE ALSO + +-L, L, L, L, ++L, L, L, L, + L, L + + =head1 COPYRIGHT +Index: openssl-1.1.1s/doc/man1/rehash.pod +=================================================================== +--- openssl-1.1.1s.orig/doc/man1/rehash.pod ++++ openssl-1.1.1s/doc/man1/rehash.pod +@@ -6,7 +6,7 @@ Original text by James Westby, contribut + =head1 NAME + + openssl-c_rehash, openssl-rehash, +-c_rehash, rehash - Create symbolic links to files named by the hash values ++c_rehash-1_1, rehash - Create symbolic links to files named by the hash values + + =head1 SYNOPSIS + +@@ -19,13 +19,13 @@ B<[-n]> + B<[-v]> + [ I...] + +-B ++B + I + + =head1 DESCRIPTION + +-On some platforms, the OpenSSL B command is available as +-an external script called B. They are functionally equivalent, ++On some platforms, the OpenSSL B command is available as ++an external script called B. They are functionally equivalent, + except for minor differences noted below. + + B scans directories and calculates a hash value of each +@@ -66,7 +66,7 @@ more than one such object appears in the + + =head2 Script Configuration + +-The B script ++The B script + uses the B program to compute the hashes and + fingerprints. If not found in the user's B, then set the + B environment variable to the full pathname. +Index: openssl-1.1.1s/doc/man1/tsget.pod +=================================================================== +--- openssl-1.1.1s.orig/doc/man1/tsget.pod ++++ openssl-1.1.1s/doc/man1/tsget.pod +@@ -35,7 +35,7 @@ line. + The tool sends the following HTTP request for each timestamp request: + + POST url HTTP/1.1 +- User-Agent: OpenTSA tsget.pl/ ++ User-Agent: OpenTSA tsget-1_1.pl/ + Host: : + Pragma: no-cache + Content-Type: application/timestamp-query +@@ -108,7 +108,7 @@ Either option B<-C> or option B<-P> must + =item B<-P> CA_path + + (HTTPS) The path containing the trusted CA certificates to verify the peer's +-certificate. The directory must be prepared with the B ++certificate. The directory must be prepared with the B + OpenSSL utility. Either option B<-C> or option B<-P> must be given in case of + HTTPS. (Optional) + +Index: openssl-1.1.1s/doc/man1/verify.pod +=================================================================== +--- openssl-1.1.1s.orig/doc/man1/verify.pod ++++ openssl-1.1.1s/doc/man1/verify.pod +@@ -75,7 +75,7 @@ The file should contain one or more cert + A directory of trusted certificates. The certificates should have names + of the form: hash.0 or have symbolic links to them of this + form ("hash" is the hashed certificate subject name: see the B<-hash> option +-of the B utility). Under Unix the B script will automatically ++of the B utility). Under Unix the B script will automatically + create symbolic links to a directory of certificates. + + =item B<-no-CAfile> +Index: openssl-1.1.1s/doc/man1/x509.pod +=================================================================== +--- openssl-1.1.1s.orig/doc/man1/x509.pod ++++ openssl-1.1.1s/doc/man1/x509.pod +@@ -932,7 +932,7 @@ The hash algorithm used in the B<-subjec + before OpenSSL 1.0.0 was based on the deprecated MD5 algorithm and the encoding + of the distinguished name. In OpenSSL 1.0.0 and later it is based on a + canonical version of the DN using SHA1. This means that any directories using +-the old form must have their links rebuilt using B or similar. ++the old form must have their links rebuilt using B or similar. + + =head1 COPYRIGHT + +Index: openssl-1.1.1s/doc/man3/SSL_CTX_load_verify_locations.pod +=================================================================== +--- openssl-1.1.1s.orig/doc/man3/SSL_CTX_load_verify_locations.pod ++++ openssl-1.1.1s/doc/man3/SSL_CTX_load_verify_locations.pod +@@ -63,7 +63,7 @@ If more than one CA certificate with the + extension must be different (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search + is performed in the ordering of the extension number, regardless of other + properties of the certificates. +-Use the B utility to create the necessary links. ++Use the B utility to create the necessary links. + + The certificates in B are only looked up when required, e.g. when + building the certificate chain or when actually performing the verification +@@ -137,7 +137,7 @@ Prepare the directory /some/where/certs + for use as B: + + cd /some/where/certs +- c_rehash . ++ c_rehash-1_1 . + + =head1 SEE ALSO + +Index: openssl-1.1.1s/test/recipes/80-test_ca.t +=================================================================== +--- openssl-1.1.1s.orig/test/recipes/80-test_ca.t ++++ openssl-1.1.1s/test/recipes/80-test_ca.t +@@ -27,27 +27,27 @@ plan tests => 5; + SKIP: { + $ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "CAss.cnf").'"'; + skip "failed creating CA structure", 4 +- if !ok(run(perlapp(["CA.pl","-newca"], stdin => undef)), ++ if !ok(run(perlapp(["CA-1_1.pl","-newca"], stdin => undef)), + 'creating CA structure'); + + $ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "Uss.cnf").'"'; + skip "failed creating new certificate request", 3 +- if !ok(run(perlapp(["CA.pl","-newreq"])), ++ if !ok(run(perlapp(["CA-1_1.pl","-newreq"])), + 'creating certificate request'); + + $ENV{OPENSSL_CONFIG} = '-rand_serial -config "'.$std_openssl_cnf.'"'; + skip "failed to sign certificate request", 2 +- if !is(yes(cmdstr(perlapp(["CA.pl", "-sign"]))), 0, ++ if !is(yes(cmdstr(perlapp(["CA-1_1.pl", "-sign"]))), 0, + 'signing certificate request'); + +- ok(run(perlapp(["CA.pl", "-verify", "newcert.pem"])), ++ ok(run(perlapp(["CA-1_1.pl", "-verify", "newcert.pem"])), + 'verifying new certificate'); + + skip "CT not configured, can't use -precert", 1 + if disabled("ct"); + + $ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "Uss.cnf").'"'; +- ok(run(perlapp(["CA.pl", "-precert"], stderr => undef)), ++ ok(run(perlapp(["CA-1_1.pl", "-precert"], stderr => undef)), + 'creating new pre-certificate'); + } + +Index: openssl-1.1.1s/tools/build.info +=================================================================== +--- openssl-1.1.1s.orig/tools/build.info ++++ openssl-1.1.1s/tools/build.info +@@ -1,5 +1,5 @@ + {- our $c_rehash_name = +- $config{target} =~ /^(VC|vms)-/ ? "c_rehash.pl" : "c_rehash"; ++ $config{target} =~ /^(VC|vms)-/ ? "c_rehash-1_1.pl" : "c_rehash-1_1"; + "" -} + IF[{- !$disabled{apps} -}] + SCRIPTS={- $c_rehash_name -} +Index: openssl-1.1.1s/tools/c_rehash.in +=================================================================== +--- openssl-1.1.1s.orig/tools/c_rehash.in ++++ openssl-1.1.1s/tools/c_rehash.in +@@ -8,7 +8,7 @@ + # in the file LICENSE in the source distribution or at + # https://www.openssl.org/source/license.html + +-# Perl c_rehash script, scan all files in a directory ++# Perl c_rehash-1_1 script, scan all files in a directory + # and add symbolic links to their hash values. + + my $dir = {- quotify1($config{openssldir}) -}; +@@ -44,7 +44,7 @@ while ( $ARGV[0] =~ /^-/ ) { + } + + sub help { +- print "Usage: c_rehash [-old] [-h] [-help] [-v] [dirs...]\n"; ++ print "Usage: c_rehash-1_1 [-old] [-h] [-help] [-v] [dirs...]\n"; + print " -old use old-style digest\n"; + print " -h or -help print this help text\n"; + print " -v print files removed and linked\n"; +@@ -73,7 +73,7 @@ if (! -x $openssl) { + } + } + if ($found == 0) { +- print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n"; ++ print STDERR "c_rehash-1_1: rehashing skipped ('openssl-1_1' program not available)\n"; + exit 0; + } + } diff --git a/openssl-1_1.changes b/openssl-1_1.changes index d7bad32..044f2a5 100644 --- a/openssl-1_1.changes +++ b/openssl-1_1.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Wed Dec 14 12:56:06 UTC 2022 - Pedro Monreal + +- Set OpenSSL 3.0 as the default openssl [bsc#1205042] + * For compatibility with OpenSSL 3.0, the OpenSSL master + configuration file openssl.cnf has been renamed to + openssl-1_1.cnf. The executables openssl, c_rehash, CA.pl and + tsget.pl have been also renamed to openssl-1_1, c_rehash-1_1, + CA-1_1.pl and tsget-1_1.pl, respectively. + * Add openssl-1_1-devel as conflicting with libopenssl-3-devel + * Add openssl-1_1-openssl-config.patch + ------------------------------------------------------------------- Wed Dec 14 09:04:40 UTC 2022 - Otto Hollmann diff --git a/openssl-1_1.spec b/openssl-1_1.spec index 94ae402..14a852d 100644 --- a/openssl-1_1.spec +++ b/openssl-1_1.spec @@ -1,7 +1,7 @@ # # spec file for package openssl-1_1 # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -40,7 +40,7 @@ %define maj_min 1.1 %define _rname openssl Name: openssl-1_1 -# Don't forget to update the version in the "openssl" package! +# Don't forget to update the version in the "openssl" meta-package! Version: 1.1.1s Release: 0 Summary: Secure Sockets and Transport Layer Security @@ -130,16 +130,14 @@ Patch76: openssl-1_1-Fixed-counter-overflow.patch Patch77: openssl-1_1-chacha20-performance-optimizations-for-ppc64le-with-.patch Patch78: openssl-1_1-Fixed-conditional-statement-testing-64-and-256-bytes.patch Patch79: openssl-1_1-Fix-AES-GCM-on-Power-8-CPUs.patch - -Requires: libopenssl1_1 = %{version}-%{release} +#PATCH-FIX-OPENSUSE bsc#1205042 Set OpenSSL 3.0 as the default openssl +Patch80: openssl-1_1-openssl-config.patch BuildRequires: pkgconfig BuildRequires: pkgconfig(zlib) +Requires: libopenssl1_1 = %{version}-%{release} %if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1550 Requires: crypto-policies %endif -Conflicts: ssl -Provides: ssl -Provides: openssl(cli) # Needed for clean upgrade path, boo#1070003 Obsoletes: openssl-1_0_0 # Needed for clean upgrade from former openssl-1_1_0, boo#1081335 @@ -178,11 +176,9 @@ Group: Development/Libraries/C and C++ Requires: libopenssl1_1 = %{version} Requires: pkgconfig(zlib) Recommends: %{name} = %{version} -# we need to have around only the exact version we are able to operate with -Conflicts: libopenssl-devel < %{version} -Conflicts: libopenssl-devel > %{version} Conflicts: ssl-devel -Provides: ssl-devel +# Conflicting names with libopenssl-3-devel +Conflicts: libopenssl-3-devel # Needed for clean upgrade from former openssl-1_1_0, boo#1081335 Obsoletes: libopenssl-1_1_0-devel # Needed for clean upgrade from SLE-12 openssl-1_0_0, bsc#1158499 @@ -222,6 +218,8 @@ this package's base documentation. %prep %autosetup -p1 -n %{_rname}-%{version} +cp apps/openssl.cnf apps/openssl-1_1.cnf + %build %ifarch armv5el armv5tel export MACHINE=armv5el @@ -306,9 +304,19 @@ cp %{tar_package_name} %{_other} %make_install %{?_smp_mflags} # kill static libs rm -f %{buildroot}%{_libdir}/lib*.a + +# Rename the openssl CLI to openssl-1_1 +mv %{buildroot}%{_bindir}/openssl %{buildroot}%{_bindir}/openssl-1_1 + +# Install the openssl-1_1.cnf config file +install -m 644 apps/openssl-1_1.cnf %{buildroot}%{_sysconfdir}/ssl/openssl-1_1.cnf + # remove the cnf.dist -rm -f %{buildroot}%{_sysconfdir}/ssl/openssl.cnf.dist +rm -f %{buildroot}%{_sysconfdir}/ssl/openssl-1_1.cnf.dist +rm -f %{buildroot}%{_sysconfdir}/ssl/ct_log_list.cnf +rm -f %{buildroot}%{_sysconfdir}/ssl/ct_log_list.cnf.dist ln -sf ./%{_rname} %{buildroot}/%{_includedir}/ssl + mkdir %{buildroot}/%{_datadir}/ssl mv %{buildroot}/%{ssletcdir}/misc %{buildroot}/%{_datadir}/ssl/ # Create the two directories into which packages will drop their configuration @@ -410,17 +418,14 @@ unset LD_LIBRARY_PATH %files -f filelist %doc CHANGE* NEWS README %dir %{ssletcdir} -%config (noreplace) %{ssletcdir}/openssl.cnf +%config (noreplace) %{ssletcdir}/openssl-1_1.cnf %attr(700,root,root) %{ssletcdir}/private %dir %{ssletcdir}/engines.d %dir %{ssletcdir}/engdef.d -%{ssletcdir}/ct_log_list.cnf -%{ssletcdir}/ct_log_list.cnf.dist - %dir %{_datadir}/ssl %{_datadir}/ssl/misc -%{_bindir}/c_rehash +%{_bindir}/c_rehash-1_1 %{_bindir}/fips_standalone_hmac -%{_bindir}/%{_rname} +%{_bindir}/openssl-1_1 %changelog