2006-12-19 00:17:18 +01:00
|
|
|
#
|
2011-01-17 17:47:31 +01:00
|
|
|
# spec file for package openssl
|
2006-12-19 00:17:18 +01:00
|
|
|
#
|
2014-01-03 14:57:36 +01:00
|
|
|
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
2006-12-19 00:17:18 +01:00
|
|
|
#
|
2008-10-22 18:31:03 +02:00
|
|
|
# All modifications and additions to the file contributed by third parties
|
|
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
|
|
# upon. The license for this file, and modifications and additions to the
|
|
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
|
|
# license for the pristine package is not an Open Source License, in which
|
|
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
|
|
# published by the Open Source Initiative.
|
|
|
|
|
2006-12-19 00:17:18 +01:00
|
|
|
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
|
|
Name: openssl
|
2012-05-21 10:00:42 +02:00
|
|
|
BuildRequires: bc
|
|
|
|
BuildRequires: ed
|
|
|
|
BuildRequires: pkg-config
|
|
|
|
BuildRequires: zlib-devel
|
2006-12-19 00:17:18 +01:00
|
|
|
%define ssletcdir %{_sysconfdir}/ssl
|
2012-05-21 10:00:42 +02:00
|
|
|
#%define num_version %(echo "%{version}" | sed -e "s+[a-zA-Z]++g; s+_.*++g")
|
|
|
|
%define num_version 1.0.0
|
2006-12-19 00:17:18 +01:00
|
|
|
Provides: ssl
|
2009-01-09 14:45:25 +01:00
|
|
|
# bug437293
|
|
|
|
%ifarch ppc64
|
|
|
|
Obsoletes: openssl-64bit
|
|
|
|
%endif
|
2014-08-25 11:03:07 +02:00
|
|
|
Version: 1.0.1i
|
2012-05-21 10:00:42 +02:00
|
|
|
Release: 0
|
2006-12-19 00:17:18 +01:00
|
|
|
Summary: Secure Sockets and Transport Layer Security
|
2012-05-21 10:00:42 +02:00
|
|
|
License: OpenSSL
|
|
|
|
Group: Productivity/Networking/Security
|
2014-01-17 11:05:16 +01:00
|
|
|
Url: https://www.openssl.org/
|
|
|
|
Source: https://www.%{name}.org/source/%{name}-%{version}.tar.gz
|
|
|
|
Source42: https://www.%{name}.org/source/%{name}-%{version}.tar.gz.asc
|
|
|
|
# https://www.openssl.org/about/
|
|
|
|
Source43: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xA2D29B7BF295C759#/%name.keyring
|
2010-05-25 10:32:24 +02:00
|
|
|
# to get mtime of file:
|
|
|
|
Source1: openssl.changes
|
2010-01-08 17:31:48 +01:00
|
|
|
Source2: baselibs.conf
|
2014-08-25 11:03:07 +02:00
|
|
|
Source10: README.SUSE
|
2013-12-17 10:02:17 +01:00
|
|
|
Source11: README-FIPS.txt
|
2010-04-14 15:14:18 +02:00
|
|
|
Patch0: merge_from_0.9.8k.patch
|
2010-05-25 10:32:24 +02:00
|
|
|
Patch1: openssl-1.0.0-c_rehash-compat.diff
|
2010-06-02 18:07:27 +02:00
|
|
|
Patch2: bug610223.patch
|
2012-08-26 14:22:07 +02:00
|
|
|
Patch3: openssl-ocloexec.patch
|
2012-11-22 16:51:34 +01:00
|
|
|
Patch4: VIA_padlock_support_on_64systems.patch
|
2013-06-25 07:43:23 +02:00
|
|
|
# PATCH-FIX-UPSTREAM http://rt.openssl.org/Ticket/Attachment/WithHeaders/20049
|
|
|
|
Patch5: openssl-fix-pod-syntax.diff
|
2013-07-04 18:04:58 +02:00
|
|
|
Patch6: openssl-1.0.1e-truststore.diff
|
2013-07-30 18:42:57 +02:00
|
|
|
Patch7: compression_methods_switch.patch
|
2013-08-04 16:59:21 +02:00
|
|
|
Patch8: 0005-libssl-Hide-library-private-symbols.patch
|
2013-08-13 11:00:53 +02:00
|
|
|
Patch9: openssl-1.0.1c-default-paths.patch
|
|
|
|
Patch10: openssl-pkgconfig.patch
|
2013-10-17 14:24:04 +02:00
|
|
|
# From Fedora openssl.
|
|
|
|
Patch13: openssl-1.0.1c-ipv6-apps.patch
|
2013-10-24 14:10:45 +02:00
|
|
|
Patch14: 0001-libcrypto-Hide-library-private-symbols.patch
|
2013-12-17 10:02:17 +01:00
|
|
|
# FIPS patches:
|
|
|
|
Patch15: openssl-1.0.1e-fips.patch
|
|
|
|
Patch16: openssl-1.0.1e-fips-ec.patch
|
|
|
|
Patch17: openssl-1.0.1e-fips-ctor.patch
|
2014-03-06 19:29:26 +01:00
|
|
|
Patch18: openssl-1.0.1e-new-fips-reqs.patch
|
2014-04-18 11:07:25 +02:00
|
|
|
Patch19: openssl-gcc-attributes.patch
|
2014-04-26 17:01:45 +02:00
|
|
|
Patch21: openssl-libssl-noweakciphers.patch
|
2014-05-09 06:57:35 +02:00
|
|
|
Patch26: 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch
|
2014-05-14 10:26:07 +02:00
|
|
|
Patch33: openssl-no-egd.patch
|
|
|
|
Patch34: openssl-fips-hidden.patch
|
Accepting request 236989 from Base:System
NOTE:
I submitted perl-Net-SSLeay 1.64 update to devel:languages:perl which
fixes its regression.
- updated openssl to 1.0.1h (bnc#880891):
- CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted
handshake can force the use of weak keying material in OpenSSL
SSL/TLS clients and servers.
- CVE-2014-0221: Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an
OpenSSL DTLS client the code can be made to recurse eventually crashing
in a DoS attack.
- CVE-2014-0195: Fix DTLS invalid fragment vulnerability. A buffer
overrun attack can be triggered by sending invalid DTLS fragments to
an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.
- CVE-2014-3470: Fix bug in TLS code where clients enable anonymous
ECDH ciphersuites are subject to a denial of service attack.
- openssl-buffreelistbug-aka-CVE-2010-5298.patch: removed, upstream
- CVE-2014-0198.patch: removed, upstream
- 0009-Fix-double-frees.patch: removed, upstream
- 0012-Fix-eckey_priv_encode.patch: removed, upstream
- 0017-Double-free-in-i2o_ECPublicKey.patch: removed, upstream
- 0018-fix-coverity-issues-966593-966596.patch: removed, upstream
- 0020-Initialize-num-properly.patch: removed, upstream
- 0022-bignum-allow-concurrent-BN_MONT_CTX_set_locked.patch: removed, upstream
- 0023-evp-prevent-underflow-in-base64-decoding.patch: removed, upstream
- 0024-Fixed-NULL-pointer-dereference-in-PKCS7_dataDecode-r.patch: removed, upstream
- 0025-fix-coverity-issue-966597-error-line-is-not-always-i.patch: removed, upstream
- 0001-libcrypto-Hide-library-private-symbols.patch: disabled heartbeat testcase
- openssl-1.0.1c-ipv6-apps.patch: refreshed
- openssl-fix-pod-syntax.diff: some stuff merged upstream, refreshed
- Added new SUSE default cipher suite
openssl-1.0.1e-add-suse-default-cipher.patch
OBS-URL: https://build.opensuse.org/request/show/236989
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=118
2014-06-18 07:47:41 +02:00
|
|
|
Patch35: openssl-1.0.1e-add-suse-default-cipher.patch
|
|
|
|
Patch36: openssl-1.0.1e-add-suse-default-cipher-header.patch
|
|
|
|
Patch37: openssl-1.0.1e-add-test-suse-default-cipher-suite.patch
|
|
|
|
|
2006-12-19 00:17:18 +01:00
|
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
|
|
|
|
|
|
|
%description
|
|
|
|
The OpenSSL Project is a collaborative effort to develop a robust,
|
|
|
|
commercial-grade, full-featured, and open source toolkit implementing
|
|
|
|
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
|
|
|
|
v1) protocols with full-strength cryptography. The project is managed
|
|
|
|
by a worldwide community of volunteers that use the Internet to
|
|
|
|
communicate, plan, and develop the OpenSSL toolkit and its related
|
|
|
|
documentation.
|
|
|
|
|
|
|
|
Derivation and License
|
|
|
|
|
|
|
|
OpenSSL is based on the excellent SSLeay library developed by Eric A.
|
|
|
|
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
|
|
|
|
Apache-style license, which basically means that you are free to get it
|
|
|
|
and to use it for commercial and noncommercial purposes.
|
|
|
|
|
2010-04-14 15:14:18 +02:00
|
|
|
%package -n libopenssl1_0_0
|
2007-05-06 17:17:31 +02:00
|
|
|
Summary: Secure Sockets and Transport Layer Security
|
2013-12-17 10:02:17 +01:00
|
|
|
License: OpenSSL
|
2007-05-06 17:17:31 +02:00
|
|
|
Group: Productivity/Networking/Security
|
2014-06-25 15:24:16 +02:00
|
|
|
Recommends: ca-certificates-mozilla
|
2009-01-09 14:45:25 +01:00
|
|
|
# bug437293
|
|
|
|
%ifarch ppc64
|
|
|
|
Obsoletes: openssl-64bit
|
|
|
|
%endif
|
|
|
|
#
|
2007-05-06 17:17:31 +02:00
|
|
|
|
2010-04-14 15:14:18 +02:00
|
|
|
%description -n libopenssl1_0_0
|
2007-05-06 17:17:31 +02:00
|
|
|
The OpenSSL Project is a collaborative effort to develop a robust,
|
|
|
|
commercial-grade, full-featured, and open source toolkit implementing
|
|
|
|
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
|
|
|
|
v1) protocols with full-strength cryptography. The project is managed
|
|
|
|
by a worldwide community of volunteers that use the Internet to
|
|
|
|
communicate, plan, and develop the OpenSSL toolkit and its related
|
|
|
|
documentation.
|
|
|
|
|
|
|
|
Derivation and License
|
|
|
|
|
|
|
|
OpenSSL is based on the excellent SSLeay library developed by Eric A.
|
|
|
|
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
|
|
|
|
Apache-style license, which basically means that you are free to get it
|
|
|
|
and to use it for commercial and noncommercial purposes.
|
|
|
|
|
|
|
|
%package -n libopenssl-devel
|
2008-07-11 20:44:41 +02:00
|
|
|
Summary: Include Files and Libraries mandatory for Development
|
2013-12-17 10:02:17 +01:00
|
|
|
License: OpenSSL
|
2006-12-19 00:17:18 +01:00
|
|
|
Group: Development/Libraries/C and C++
|
2010-04-14 15:14:18 +02:00
|
|
|
Obsoletes: openssl-devel < %{version}
|
2011-05-30 09:05:53 +02:00
|
|
|
Requires: %name = %version
|
2012-05-21 10:00:42 +02:00
|
|
|
Requires: libopenssl1_0_0 = %{version}
|
|
|
|
Requires: zlib-devel
|
2010-04-14 15:14:18 +02:00
|
|
|
Provides: openssl-devel = %{version}
|
2009-01-09 14:45:25 +01:00
|
|
|
# bug437293
|
|
|
|
%ifarch ppc64
|
|
|
|
Obsoletes: openssl-devel-64bit
|
|
|
|
%endif
|
|
|
|
#
|
2006-12-19 00:17:18 +01:00
|
|
|
|
2007-05-06 17:17:31 +02:00
|
|
|
%description -n libopenssl-devel
|
2006-12-19 00:17:18 +01:00
|
|
|
This package contains all necessary include files and libraries needed
|
|
|
|
to develop applications that require these.
|
|
|
|
|
2013-12-17 10:02:17 +01:00
|
|
|
%package -n libopenssl1_0_0-hmac
|
|
|
|
Summary: HMAC files for FIPS-140-2 integrity checking of the openssl shared libraries
|
|
|
|
License: BSD-3-Clause
|
|
|
|
Group: Productivity/Networking/Security
|
|
|
|
Requires: libopenssl1_0_0 = %{version}-%{release}
|
|
|
|
|
|
|
|
%description -n libopenssl1_0_0-hmac
|
|
|
|
The FIPS compliant operation of the openssl shared libraries is NOT
|
|
|
|
possible without the HMAC hashes contained in this package!
|
|
|
|
|
2006-12-19 00:17:18 +01:00
|
|
|
%package doc
|
2008-07-11 20:44:41 +02:00
|
|
|
Summary: Additional Package Documentation
|
2013-12-17 10:02:17 +01:00
|
|
|
License: OpenSSL
|
2006-12-19 00:17:18 +01:00
|
|
|
Group: Productivity/Networking/Security
|
2013-06-05 13:05:48 +02:00
|
|
|
%if 0%{?suse_version} >= 1140
|
2010-01-08 17:31:48 +01:00
|
|
|
BuildArch: noarch
|
2013-06-05 13:05:48 +02:00
|
|
|
%endif
|
2006-12-19 00:17:18 +01:00
|
|
|
|
|
|
|
%description doc
|
|
|
|
This package contains optional documentation provided in addition to
|
|
|
|
this package's base documentation.
|
|
|
|
|
|
|
|
%prep
|
|
|
|
%setup -q
|
2010-04-14 15:14:18 +02:00
|
|
|
%patch0 -p1
|
2010-05-25 10:32:24 +02:00
|
|
|
%patch1 -p1
|
2011-04-18 10:39:50 +02:00
|
|
|
%patch2 -p1
|
2012-08-26 14:22:07 +02:00
|
|
|
%patch3
|
2012-11-22 16:51:34 +01:00
|
|
|
%patch4 -p1
|
2013-06-25 07:43:23 +02:00
|
|
|
%patch5 -p1
|
2013-07-04 18:04:58 +02:00
|
|
|
%patch6 -p1
|
2013-07-30 18:42:57 +02:00
|
|
|
%patch7 -p1
|
2013-08-04 16:59:21 +02:00
|
|
|
%patch8 -p1
|
2013-08-13 11:00:53 +02:00
|
|
|
%patch9 -p1
|
|
|
|
%patch10 -p1
|
2013-10-17 14:24:04 +02:00
|
|
|
%patch13 -p1
|
2013-10-24 14:10:45 +02:00
|
|
|
%patch14 -p1
|
2013-12-17 10:02:17 +01:00
|
|
|
%patch15 -p1
|
|
|
|
%patch16 -p1
|
|
|
|
%patch17 -p1
|
2014-03-06 19:29:26 +01:00
|
|
|
%patch18 -p1
|
2014-04-18 11:07:25 +02:00
|
|
|
%patch19 -p1
|
2014-04-26 17:01:45 +02:00
|
|
|
%patch21 -p1
|
2014-05-09 06:57:35 +02:00
|
|
|
%patch26 -p1
|
2014-05-14 10:26:07 +02:00
|
|
|
%patch33 -p1
|
|
|
|
%patch34 -p1
|
Accepting request 236989 from Base:System
NOTE:
I submitted perl-Net-SSLeay 1.64 update to devel:languages:perl which
fixes its regression.
- updated openssl to 1.0.1h (bnc#880891):
- CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted
handshake can force the use of weak keying material in OpenSSL
SSL/TLS clients and servers.
- CVE-2014-0221: Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an
OpenSSL DTLS client the code can be made to recurse eventually crashing
in a DoS attack.
- CVE-2014-0195: Fix DTLS invalid fragment vulnerability. A buffer
overrun attack can be triggered by sending invalid DTLS fragments to
an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.
- CVE-2014-3470: Fix bug in TLS code where clients enable anonymous
ECDH ciphersuites are subject to a denial of service attack.
- openssl-buffreelistbug-aka-CVE-2010-5298.patch: removed, upstream
- CVE-2014-0198.patch: removed, upstream
- 0009-Fix-double-frees.patch: removed, upstream
- 0012-Fix-eckey_priv_encode.patch: removed, upstream
- 0017-Double-free-in-i2o_ECPublicKey.patch: removed, upstream
- 0018-fix-coverity-issues-966593-966596.patch: removed, upstream
- 0020-Initialize-num-properly.patch: removed, upstream
- 0022-bignum-allow-concurrent-BN_MONT_CTX_set_locked.patch: removed, upstream
- 0023-evp-prevent-underflow-in-base64-decoding.patch: removed, upstream
- 0024-Fixed-NULL-pointer-dereference-in-PKCS7_dataDecode-r.patch: removed, upstream
- 0025-fix-coverity-issue-966597-error-line-is-not-always-i.patch: removed, upstream
- 0001-libcrypto-Hide-library-private-symbols.patch: disabled heartbeat testcase
- openssl-1.0.1c-ipv6-apps.patch: refreshed
- openssl-fix-pod-syntax.diff: some stuff merged upstream, refreshed
- Added new SUSE default cipher suite
openssl-1.0.1e-add-suse-default-cipher.patch
OBS-URL: https://build.opensuse.org/request/show/236989
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=118
2014-06-18 07:47:41 +02:00
|
|
|
%patch35 -p1
|
|
|
|
%patch36 -p1
|
|
|
|
%patch37 -p1
|
2006-12-19 00:17:18 +01:00
|
|
|
cp -p %{S:10} .
|
2013-12-17 10:02:17 +01:00
|
|
|
cp -p %{S:11} .
|
2006-12-19 00:17:18 +01:00
|
|
|
echo "adding/overwriting some entries in the 'table' hash in Configure"
|
|
|
|
# $dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags
|
2010-04-14 15:14:18 +02:00
|
|
|
export DSO_SCHEME='dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::'
|
2006-12-19 00:17:18 +01:00
|
|
|
cat <<EOF_ED | ed -s Configure
|
|
|
|
/^);
|
|
|
|
-
|
|
|
|
i
|
2010-04-14 15:14:18 +02:00
|
|
|
#
|
2006-12-19 00:17:18 +01:00
|
|
|
# local configuration added from specfile
|
2010-04-14 15:14:18 +02:00
|
|
|
# ... MOST of those are now correct in openssl's Configure already,
|
|
|
|
# so only add them for new ports!
|
|
|
|
#
|
|
|
|
#config-string, $cc:$cflags:$unistd:$thread_cflag:$sys_id:$lflags:$bn_ops:$cpuid_obj:$bn_obj:$des_obj:$aes_obj:$bf_obj:$md5_obj:$sha1_obj:$cast_obj:$rc4_obj:$rmd160_obj:$rc5_obj:$wp_obj:$cmll_obj:$dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags:$multilib
|
|
|
|
#"linux-elf", "gcc:-DL_ENDIAN ::-D_REENTRANT::-ldl:BN_LLONG \${x86_gcc_des} \${x86_gcc_opts}:\${x86_elf_asm}:$DSO_SCHEME:",
|
|
|
|
#"linux-ia64", "gcc:-DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:\${ia64_asm}: $DSO_SCHEME:",
|
|
|
|
#"linux-ppc", "gcc:-DB_ENDIAN ::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:\${no_asm}: $DSO_SCHEME:",
|
|
|
|
#"linux-ppc64", "gcc:-DB_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL SIXTY_FOUR_BIT_LONG:\${no_asm}: $DSO_SCHEME:64",
|
|
|
|
"linux-elf-arm","gcc:-DL_ENDIAN ::-D_REENTRANT::-ldl:BN_LLONG:\${no_asm}: $DSO_SCHEME:",
|
|
|
|
"linux-mips", "gcc:-DB_ENDIAN ::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:\${no_asm}: $DSO_SCHEME:",
|
|
|
|
"linux-sparcv7","gcc:-DB_ENDIAN ::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:\${no_asm}: $DSO_SCHEME:",
|
2012-05-21 10:00:42 +02:00
|
|
|
#"linux-sparcv8","gcc:-DB_ENDIAN -DBN_DIV2W -mv8 ::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::asm/sparcv8.o::::::::::::: $DSO_SCHEME:",
|
2010-04-14 15:14:18 +02:00
|
|
|
#"linux-x86_64", "gcc:-DL_ENDIAN -DNO_ASM -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG:\${no_asm}: $DSO_SCHEME:64",
|
|
|
|
#"linux-s390", "gcc:-DB_ENDIAN ::(unknown): :-ldl:BN_LLONG:\${no_asm}: $DSO_SCHEME:",
|
|
|
|
#"linux-s390x", "gcc:-DB_ENDIAN -DNO_ASM -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG:\${no_asm}: $DSO_SCHEME:64",
|
|
|
|
"linux-parisc", "gcc:-DB_ENDIAN ::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR DES_PTR DES_UNROLL DES_RISC1:\${no_asm}: $DSO_SCHEME:",
|
2006-12-19 00:17:18 +01:00
|
|
|
.
|
|
|
|
wq
|
|
|
|
EOF_ED
|
|
|
|
# fix ENGINESDIR path
|
|
|
|
sed -i 's,/lib/engines,/%_lib/engines,' Configure
|
2010-05-25 10:32:24 +02:00
|
|
|
# Record mtime of changes file instead of build time
|
|
|
|
CHANGES=`stat --format="%y" %SOURCE1`
|
|
|
|
sed -i -e "s|#define DATE \(.*\).LC_ALL.*date.|#define DATE \1$CHANGES|" crypto/Makefile
|
2006-12-19 00:17:18 +01:00
|
|
|
|
|
|
|
%build
|
2014-05-14 10:26:07 +02:00
|
|
|
|
|
|
|
%if 0%{suse_version} >= 1230
|
|
|
|
find -type f -name "*.c" -exec sed -i -e "s@getenv@secure_getenv@g" {} +
|
|
|
|
%endif
|
|
|
|
|
2012-08-08 11:18:03 +02:00
|
|
|
%ifarch armv5el armv5tel
|
|
|
|
export MACHINE=armv5el
|
|
|
|
%endif
|
2013-09-05 23:22:31 +02:00
|
|
|
%ifarch armv6l armv6hl
|
|
|
|
export MACHINE=armv6l
|
|
|
|
%endif
|
2006-12-19 00:17:18 +01:00
|
|
|
./config --test-sanity
|
|
|
|
#
|
2013-11-30 17:59:30 +01:00
|
|
|
config_flags="threads shared no-rc5 no-idea \
|
2013-12-17 10:02:17 +01:00
|
|
|
fips \
|
2014-04-18 11:07:25 +02:00
|
|
|
%if 0%{suse_version} > 1310
|
|
|
|
no-ssl2 \
|
2014-04-26 17:01:45 +02:00
|
|
|
enable-rfc3779 \
|
2014-04-18 11:07:25 +02:00
|
|
|
%endif
|
2014-05-14 10:26:07 +02:00
|
|
|
%ifarch x86_64 aarch64 ppc64le
|
2013-07-02 07:40:12 +02:00
|
|
|
enable-ec_nistp_64_gcc_128 \
|
|
|
|
%endif
|
2006-12-19 00:17:18 +01:00
|
|
|
enable-camellia \
|
|
|
|
zlib \
|
2013-12-17 10:02:17 +01:00
|
|
|
no-ec2m \
|
2006-12-19 00:17:18 +01:00
|
|
|
--prefix=%{_prefix} \
|
2010-04-14 15:14:18 +02:00
|
|
|
--libdir=%{_lib} \
|
2006-12-19 00:17:18 +01:00
|
|
|
--openssldir=%{ssletcdir} \
|
2014-04-09 18:17:23 +02:00
|
|
|
$RPM_OPT_FLAGS -O3 -std=gnu99 \
|
2010-04-14 15:14:18 +02:00
|
|
|
-Wa,--noexecstack \
|
2014-04-26 17:01:45 +02:00
|
|
|
-Wl,-z,relro,-z,now \
|
2014-05-09 06:57:35 +02:00
|
|
|
-fno-common \
|
2006-12-19 00:17:18 +01:00
|
|
|
-DTERMIO \
|
2011-01-10 16:41:42 +01:00
|
|
|
-DPURIFY \
|
2011-10-19 13:40:21 +02:00
|
|
|
-DSSL_FORBID_ENULL \
|
2012-05-21 10:00:42 +02:00
|
|
|
-D_GNU_SOURCE \
|
2014-04-26 17:01:45 +02:00
|
|
|
-DOPENSSL_NO_BUF_FREELISTS \
|
2012-05-21 10:00:42 +02:00
|
|
|
$(getconf LFS_CFLAGS) \
|
2010-06-18 05:17:30 +02:00
|
|
|
-Wall "
|
2014-04-26 17:01:45 +02:00
|
|
|
|
2006-12-19 00:17:18 +01:00
|
|
|
#
|
2009-07-09 10:42:49 +02:00
|
|
|
#%{!?do_profiling:%define do_profiling 0}
|
|
|
|
#%if %do_profiling
|
|
|
|
# # generate feedback
|
|
|
|
# ./config $config_flags
|
|
|
|
# make depend CC="gcc %cflags_profile_generate"
|
|
|
|
# make CC="gcc %cflags_profile_generate"
|
|
|
|
# LD_LIBRARY_PATH=`pwd` make rehash CC="gcc %cflags_profile_generate"
|
|
|
|
# LD_LIBRARY_PATH=`pwd` make test CC="gcc %cflags_profile_generate"
|
|
|
|
# LD_LIBRARY_PATH=`pwd` apps/openssl speed
|
|
|
|
# make clean
|
|
|
|
# # compile with feedback
|
|
|
|
# # but not if it makes a cipher slower:
|
|
|
|
# #find crypto/aes -name '*.da' | xargs -r rm
|
|
|
|
# ./config $config_flags %cflags_profile_feedback
|
|
|
|
# make depend
|
|
|
|
# make
|
|
|
|
# LD_LIBRARY_PATH=`pwd` make rehash
|
|
|
|
# LD_LIBRARY_PATH=`pwd` make test
|
|
|
|
#%else
|
2010-07-23 17:05:28 +02:00
|
|
|
# OpenSSL relies on uname -m (not good). Thus that little sparc line.
|
2010-02-18 16:49:00 +01:00
|
|
|
./config \
|
|
|
|
%ifarch sparc64
|
|
|
|
linux64-sparcv9 \
|
|
|
|
%endif
|
|
|
|
$config_flags
|
2006-12-19 00:17:18 +01:00
|
|
|
make depend
|
|
|
|
make
|
|
|
|
LD_LIBRARY_PATH=`pwd` make rehash
|
2013-12-17 10:02:17 +01:00
|
|
|
# for FIPS mode testing; the same hashes are being created later just before
|
|
|
|
# the wrap-up of the files into the package.
|
|
|
|
# These files are just there for the make test below...
|
|
|
|
crypto/fips/fips_standalone_hmac libcrypto.so.1.0.0 > .libcrypto.so.1.0.0.hmac
|
|
|
|
crypto/fips/fips_standalone_hmac libssl.so.1.0.0 > .libssl.so.1.0.0.hmac
|
2014-04-26 17:01:45 +02:00
|
|
|
export MALLOC_CHECK_=3
|
|
|
|
export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
|
2013-12-17 10:02:17 +01:00
|
|
|
LD_LIBRARY_PATH=`pwd` make test FIPSCANLIB=""
|
2006-12-19 00:17:18 +01:00
|
|
|
%ifnarch armv4l
|
|
|
|
LD_LIBRARY_PATH=`pwd` make test
|
|
|
|
%endif
|
2009-07-09 10:42:49 +02:00
|
|
|
#%endif
|
2006-12-19 00:17:18 +01:00
|
|
|
# show settings
|
|
|
|
make TABLE
|
|
|
|
echo $RPM_OPT_FLAGS
|
|
|
|
eval $(egrep PLATFORM='[[:alnum:]]' Makefile)
|
|
|
|
grep -B1 -A22 "^\*\*\* $PLATFORM$" TABLE
|
|
|
|
|
|
|
|
%install
|
|
|
|
rm -rf $RPM_BUILD_ROOT
|
|
|
|
make MANDIR=%{_mandir} INSTALL_PREFIX=$RPM_BUILD_ROOT install
|
2013-12-17 10:02:17 +01:00
|
|
|
cp -a crypto/fips/fips_standalone_hmac $RPM_BUILD_ROOT/usr/bin/fips_standalone_hmac
|
2006-12-19 00:17:18 +01:00
|
|
|
ln -sf ./%{name} $RPM_BUILD_ROOT/%{_includedir}/ssl
|
|
|
|
mkdir $RPM_BUILD_ROOT/%{_datadir}/ssl
|
|
|
|
mv $RPM_BUILD_ROOT/%{ssletcdir}/misc $RPM_BUILD_ROOT/%{_datadir}/ssl/
|
|
|
|
# ln -s %{ssletcdir}/private $RPM_BUILD_ROOT/%{_datadir}/ssl/private
|
|
|
|
# ln -s %{ssletcdir}/openssl.cnf $RPM_BUILD_ROOT/%{_datadir}/ssl/openssl.cnf
|
|
|
|
#
|
2010-05-25 10:32:24 +02:00
|
|
|
|
2006-12-19 00:17:18 +01:00
|
|
|
# avoid file conflicts with man pages from other packages
|
|
|
|
#
|
|
|
|
pushd $RPM_BUILD_ROOT/%{_mandir}
|
|
|
|
# some man pages now contain spaces. This makes several scripts go havoc, among them /usr/sbin/Check.
|
|
|
|
# replace spaces by underscores
|
|
|
|
#for i in man?/*\ *; do mv -v "$i" "${i// /_}"; done
|
|
|
|
which readlink &>/dev/null || function readlink { ( set +x; target=$(file $1 2>/dev/null); target=${target//* }; test -f $target && echo $target; ) }
|
|
|
|
for i in man?/*; do
|
|
|
|
if test -L $i ; then
|
|
|
|
LDEST=`readlink $i`
|
|
|
|
rm -f $i ${i}ssl
|
|
|
|
ln -sf ${LDEST}ssl ${i}ssl
|
|
|
|
else
|
|
|
|
mv $i ${i}ssl
|
|
|
|
fi
|
2014-07-27 08:25:44 +02:00
|
|
|
case "$i" in
|
|
|
|
*.1)
|
2006-12-19 00:17:18 +01:00
|
|
|
# these are the pages mentioned in openssl(1). They go into the main package.
|
|
|
|
echo %doc %{_mandir}/${i}ssl.gz >> $OLDPWD/filelist;;
|
|
|
|
*)
|
|
|
|
# the rest goes into the openssl-doc package.
|
|
|
|
echo %doc %{_mandir}/${i}ssl.gz >> $OLDPWD/filelist.doc;;
|
|
|
|
esac
|
|
|
|
done
|
|
|
|
popd
|
|
|
|
#
|
|
|
|
# check wether some shared library has been installed
|
|
|
|
#
|
2010-05-25 10:32:24 +02:00
|
|
|
ls -l $RPM_BUILD_ROOT%{_libdir}
|
2010-12-10 15:41:07 +01:00
|
|
|
test -f $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{num_version}
|
|
|
|
test -f $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{num_version}
|
2010-05-25 10:32:24 +02:00
|
|
|
test -L $RPM_BUILD_ROOT%{_libdir}/libssl.so
|
|
|
|
test -L $RPM_BUILD_ROOT%{_libdir}/libcrypto.so
|
2006-12-19 00:17:18 +01:00
|
|
|
#
|
|
|
|
# see what we've got
|
|
|
|
#
|
|
|
|
cat > showciphers.c <<EOF
|
|
|
|
#include <openssl/err.h>
|
|
|
|
#include <openssl/ssl.h>
|
2011-01-10 16:41:42 +01:00
|
|
|
int main(){
|
2006-12-19 00:17:18 +01:00
|
|
|
unsigned int i;
|
|
|
|
SSL_CTX *ctx;
|
|
|
|
SSL *ssl;
|
|
|
|
SSL_METHOD *meth;
|
2011-08-06 19:08:49 +02:00
|
|
|
meth = SSLv23_client_method();
|
2006-12-19 00:17:18 +01:00
|
|
|
SSLeay_add_ssl_algorithms();
|
|
|
|
ctx = SSL_CTX_new(meth);
|
|
|
|
if (ctx == NULL) return 0;
|
|
|
|
ssl = SSL_new(ctx);
|
|
|
|
if (!ssl) return 0;
|
|
|
|
for (i=0; ; i++) {
|
|
|
|
int j, k;
|
|
|
|
SSL_CIPHER *sc;
|
|
|
|
sc = (meth->get_cipher)(i);
|
|
|
|
if (!sc) break;
|
|
|
|
k = SSL_CIPHER_get_bits(sc, &j);
|
|
|
|
printf("%s\n", sc->name);
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
};
|
|
|
|
EOF
|
|
|
|
gcc $RPM_OPT_FLAGS -I${RPM_BUILD_ROOT}%{_includedir} -c showciphers.c
|
|
|
|
gcc -o showciphers showciphers.o -L${RPM_BUILD_ROOT}%{_libdir} -lssl -lcrypto
|
|
|
|
LD_LIBRARY_PATH=${RPM_BUILD_ROOT}%{_libdir} ./showciphers > AVAILABLE_CIPHERS || true
|
|
|
|
cat AVAILABLE_CIPHERS
|
2007-06-15 00:27:50 +02:00
|
|
|
# Do not install demo scripts executable under /usr/share/doc
|
|
|
|
find demos -type f -perm /111 -exec chmod 644 {} \;
|
2006-12-19 00:17:18 +01:00
|
|
|
|
2013-12-17 10:02:17 +01:00
|
|
|
# the hmac hashes:
|
|
|
|
#
|
|
|
|
# this is a hack that re-defines the __os_install_post macro
|
|
|
|
# for a simple reason: the macro strips the binaries and thereby
|
|
|
|
# invalidates a HMAC that may have been created earlier.
|
|
|
|
# solution: create the hashes _after_ the macro runs.
|
|
|
|
#
|
|
|
|
# this shows up earlier because otherwise the %expand of
|
|
|
|
# the macro is too late.
|
|
|
|
# remark: This is the same as running
|
|
|
|
# openssl dgst -sha256 -hmac 'ppaksykemnsecgtsttplmamstKMEs'
|
|
|
|
%{expand:%%global __os_install_post {%__os_install_post
|
|
|
|
|
|
|
|
$RPM_BUILD_ROOT/usr/bin/fips_standalone_hmac \
|
2014-01-17 11:05:16 +01:00
|
|
|
$RPM_BUILD_ROOT/%{_lib}/libssl.so.%{num_version} > \
|
|
|
|
$RPM_BUILD_ROOT/%{_lib}/.libssl.so.%{num_version}.hmac
|
2013-12-17 10:02:17 +01:00
|
|
|
|
|
|
|
$RPM_BUILD_ROOT/usr/bin/fips_standalone_hmac \
|
2014-01-17 11:05:16 +01:00
|
|
|
$RPM_BUILD_ROOT/%{_lib}/libcrypto.so.%{num_version} > \
|
|
|
|
$RPM_BUILD_ROOT/%{_lib}/.libcrypto.so.%{num_version}.hmac
|
2013-12-17 10:02:17 +01:00
|
|
|
|
|
|
|
}}
|
|
|
|
|
2010-05-25 10:32:24 +02:00
|
|
|
#process openssllib
|
|
|
|
mkdir $RPM_BUILD_ROOT/%{_lib}
|
2014-01-17 11:05:16 +01:00
|
|
|
mv $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{num_version} $RPM_BUILD_ROOT/%{_lib}/
|
|
|
|
mv $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{num_version} $RPM_BUILD_ROOT/%{_lib}/
|
2014-01-09 17:25:37 +01:00
|
|
|
mv $RPM_BUILD_ROOT%{_libdir}/engines $RPM_BUILD_ROOT/%{_lib}/
|
2010-05-25 10:32:24 +02:00
|
|
|
cd $RPM_BUILD_ROOT%{_libdir}/
|
2014-01-17 11:05:16 +01:00
|
|
|
ln -sf /%{_lib}/libssl.so.%{num_version} ./libssl.so
|
|
|
|
ln -sf /%{_lib}/libcrypto.so.%{num_version} ./libcrypto.so
|
2010-05-25 10:32:24 +02:00
|
|
|
|
2014-04-26 17:01:45 +02:00
|
|
|
for engine in 4758cca atalla nuron sureware ubsec cswift chil aep gmp capi; do
|
2014-01-09 17:25:37 +01:00
|
|
|
rm %{buildroot}/%{_lib}/engines/lib$engine.so
|
2013-08-13 11:00:53 +02:00
|
|
|
done
|
|
|
|
|
|
|
|
%ifnarch %{ix86} x86_64
|
2014-01-09 17:25:37 +01:00
|
|
|
rm %{buildroot}/%{_lib}/engines/libpadlock.so
|
2013-08-13 11:00:53 +02:00
|
|
|
%endif
|
|
|
|
|
2006-12-19 00:17:18 +01:00
|
|
|
%clean
|
|
|
|
if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi
|
|
|
|
|
2012-08-26 14:22:07 +02:00
|
|
|
%post -n libopenssl1_0_0 -p /sbin/ldconfig
|
2006-12-19 00:17:18 +01:00
|
|
|
|
2012-08-26 14:22:07 +02:00
|
|
|
%postun -n libopenssl1_0_0 -p /sbin/ldconfig
|
2006-12-19 00:17:18 +01:00
|
|
|
|
2010-04-14 15:14:18 +02:00
|
|
|
%files -n libopenssl1_0_0
|
2007-05-06 17:17:31 +02:00
|
|
|
%defattr(-, root, root)
|
2014-01-17 11:05:16 +01:00
|
|
|
/%{_lib}/libssl.so.%{num_version}
|
|
|
|
/%{_lib}/libcrypto.so.%{num_version}
|
2014-01-09 17:25:37 +01:00
|
|
|
/%{_lib}/engines
|
2013-12-17 10:02:17 +01:00
|
|
|
|
|
|
|
%files -n libopenssl1_0_0-hmac
|
|
|
|
%defattr(-, root, root)
|
2014-01-17 11:05:16 +01:00
|
|
|
/%{_lib}/.libssl.so.%{num_version}.hmac
|
|
|
|
/%{_lib}/.libcrypto.so.%{num_version}.hmac
|
2007-05-06 17:17:31 +02:00
|
|
|
|
|
|
|
%files -n libopenssl-devel
|
2006-12-19 00:17:18 +01:00
|
|
|
%defattr(-, root, root)
|
|
|
|
%{_includedir}/%{name}/
|
|
|
|
%{_includedir}/ssl
|
2010-07-30 12:35:13 +02:00
|
|
|
%exclude %{_libdir}/libcrypto.a
|
|
|
|
%exclude %{_libdir}/libssl.a
|
2006-12-19 00:17:18 +01:00
|
|
|
%{_libdir}/libssl.so
|
2010-05-25 10:32:24 +02:00
|
|
|
%{_libdir}/libcrypto.so
|
2006-12-19 00:17:18 +01:00
|
|
|
%_libdir/pkgconfig/libcrypto.pc
|
|
|
|
%_libdir/pkgconfig/libssl.pc
|
|
|
|
%_libdir/pkgconfig/openssl.pc
|
|
|
|
|
|
|
|
%files doc -f filelist.doc
|
|
|
|
%defattr(-, root, root)
|
|
|
|
%doc doc/* demos
|
2007-06-15 00:27:50 +02:00
|
|
|
%doc showciphers.c
|
2006-12-19 00:17:18 +01:00
|
|
|
|
|
|
|
%files -f filelist
|
|
|
|
%defattr(-, root, root)
|
|
|
|
%doc CHANGE* INSTAL* AVAILABLE_CIPHERS
|
2014-08-25 11:03:07 +02:00
|
|
|
%doc LICENSE NEWS README README.SUSE README-FIPS.txt
|
2006-12-19 00:17:18 +01:00
|
|
|
%dir %{ssletcdir}
|
|
|
|
%config (noreplace) %{ssletcdir}/openssl.cnf
|
|
|
|
%attr(700,root,root) %{ssletcdir}/private
|
|
|
|
%dir %{_datadir}/ssl
|
|
|
|
%{_datadir}/ssl/misc
|
|
|
|
%{_bindir}/c_rehash
|
2013-12-17 10:02:17 +01:00
|
|
|
%{_bindir}/fips_standalone_hmac
|
2006-12-19 00:17:18 +01:00
|
|
|
%{_bindir}/%{name}
|
2007-05-06 17:17:31 +02:00
|
|
|
|
2007-03-06 11:18:17 +01:00
|
|
|
%changelog
|