# # spec file for package openssl # # Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # # norootforbuild Name: openssl BuildRequires: bc ed pkg-config zlib-devel %define ssletcdir %{_sysconfdir}/ssl %define num_version %(echo "%{version}" | sed -e "s+[a-zA-Z]++g; s+_.*++g") License: BSD3c(or similar) Group: Productivity/Networking/Security Provides: ssl AutoReqProv: on # bug437293 %ifarch ppc64 Obsoletes: openssl-64bit %endif # #Version: 1.0.0 Version: 1.0.0d Release: 20 Summary: Secure Sockets and Transport Layer Security Url: http://www.openssl.org/ Source: http://www.%{name}.org/source/%{name}-%{version}.tar.gz # to get mtime of file: Source1: openssl.changes Source2: baselibs.conf Source10: README.SuSE Patch0: merge_from_0.9.8k.patch Patch1: openssl-1.0.0-c_rehash-compat.diff Patch2: bug610223.patch #Patch3: CVE-2010-1633_and_CVE-2010-0742.patch #Patch4: patchset-19727.diff #Patch5: CVE-2010-2939.patch #Patch6: CVE-2010-3864.patch Patch7: openssl-1.0.0-aesni-v4.patch #PATCH_FIX-UPSTREAM Fix padlock engine in x86_64 hosts Patch8: openssl-padlock-x86_64-head.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and open source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation. Derivation and License OpenSSL is based on the excellent SSLeay library developed by Eric A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an Apache-style license, which basically means that you are free to get it and to use it for commercial and noncommercial purposes. Authors: -------- Mark J. Cox Ralf S. Engelschall Dr. Stephen Henson Ben Laurie Bodo Moeller Ulf Moeller Holger Reif Paul C. Sutton %package -n libopenssl1_0_0 License: BSD3c(or similar) Summary: Secure Sockets and Transport Layer Security Group: Productivity/Networking/Security Recommends: openssl-certs # bug437293 %ifarch ppc64 Obsoletes: openssl-64bit %endif # %description -n libopenssl1_0_0 The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and open source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation. Derivation and License OpenSSL is based on the excellent SSLeay library developed by Eric A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an Apache-style license, which basically means that you are free to get it and to use it for commercial and noncommercial purposes. Authors: -------- Mark J. Cox Ralf S. Engelschall Dr. Stephen Henson Ben Laurie Bodo Moeller Ulf Moeller Holger Reif Paul C. Sutton %package -n libopenssl-devel License: BSD3c(or similar) Summary: Include Files and Libraries mandatory for Development Group: Development/Libraries/C and C++ Obsoletes: openssl-devel < %{version} Requires: libopenssl1_0_0 = %{version} zlib-devel Provides: openssl-devel = %{version} # bug437293 %ifarch ppc64 Obsoletes: openssl-devel-64bit %endif # %description -n libopenssl-devel This package contains all necessary include files and libraries needed to develop applications that require these. Authors: -------- Mark J. Cox Ralf S. Engelschall Dr. Stephen Ben Laurie Bodo Moeller Ulf Moeller Holger Reif Paul C. Sutton %package doc License: BSD3c(or similar) Summary: Additional Package Documentation Group: Productivity/Networking/Security BuildArch: noarch %description doc This package contains optional documentation provided in addition to this package's base documentation. Authors: -------- Mark J. Cox Ralf S. Engelschall Dr. Stephen Ben Laurie Bodo Moeller Ulf Moeller Holger Reif Paul C. Sutton %prep %setup -q %patch0 -p1 %patch1 -p1 %patch2 #%patch3 -p1 #%patch4 -p1 #%patch5 -p1 #%patch6 -p1 %patch7 %patch8 -p1 cp -p %{S:10} . echo "adding/overwriting some entries in the 'table' hash in Configure" # $dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags export DSO_SCHEME='dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::' cat </dev/null || function readlink { ( set +x; target=$(file $1 2>/dev/null); target=${target//* }; test -f $target && echo $target; ) } for i in man?/*; do if test -L $i ; then LDEST=`readlink $i` rm -f $i ${i}ssl ln -sf ${LDEST}ssl ${i}ssl else mv $i ${i}ssl fi case `basename ${i%.*}` in asn1parse|ca|config|crl|crl2pkcs7|crypto|dgst|dhparam|dsa|dsaparam|enc|gendsa|genrsa|nseq|openssl|passwd|pkcs12|pkcs7|pkcs8|rand|req|rsa|rsautl|s_client|s_server|smime|spkac|ssl|verify|version|x509) # these are the pages mentioned in openssl(1). They go into the main package. echo %doc %{_mandir}/${i}ssl.gz >> $OLDPWD/filelist;; *) # the rest goes into the openssl-doc package. echo %doc %{_mandir}/${i}ssl.gz >> $OLDPWD/filelist.doc;; esac done popd # # check wether some shared library has been installed # ls -l $RPM_BUILD_ROOT%{_libdir} test -f $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{num_version} test -f $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{num_version} test -L $RPM_BUILD_ROOT%{_libdir}/libssl.so test -L $RPM_BUILD_ROOT%{_libdir}/libcrypto.so # # see what we've got # cat > showciphers.c < #include int main(){ unsigned int i; SSL_CTX *ctx; SSL *ssl; SSL_METHOD *meth; meth = SSLv23_client_method(); SSLeay_add_ssl_algorithms(); ctx = SSL_CTX_new(meth); if (ctx == NULL) return 0; ssl = SSL_new(ctx); if (!ssl) return 0; for (i=0; ; i++) { int j, k; SSL_CIPHER *sc; sc = (meth->get_cipher)(i); if (!sc) break; k = SSL_CIPHER_get_bits(sc, &j); printf("%s\n", sc->name); } return 0; }; EOF gcc $RPM_OPT_FLAGS -I${RPM_BUILD_ROOT}%{_includedir} -c showciphers.c gcc -o showciphers showciphers.o -L${RPM_BUILD_ROOT}%{_libdir} -lssl -lcrypto LD_LIBRARY_PATH=${RPM_BUILD_ROOT}%{_libdir} ./showciphers > AVAILABLE_CIPHERS || true cat AVAILABLE_CIPHERS # Do not install demo scripts executable under /usr/share/doc find demos -type f -perm /111 -exec chmod 644 {} \; #process openssllib mkdir $RPM_BUILD_ROOT/%{_lib} mv $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{num_version} $RPM_BUILD_ROOT/%{_lib}/ mv $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{num_version} $RPM_BUILD_ROOT/%{_lib}/ mv $RPM_BUILD_ROOT%{_libdir}/engines $RPM_BUILD_ROOT/%{_lib}/ cd $RPM_BUILD_ROOT%{_libdir}/ ln -sf /%{_lib}/libssl.so.%{num_version} ./libssl.so ln -sf /%{_lib}/libcrypto.so.%{num_version} ./libcrypto.so #ugly artifact to delete engines that are disabled/unusable in LINUX #that for some reason the build system insist on creating. # CAPI, Windows specific rm %{buildroot}/%_lib/engines/libcapi.so # GMP, has been always non-functional rm %{buildroot}/%_lib/engines/libgmp.so # Requires propietary Broadcom library, not available rm %{buildroot}/%_lib/engines/libubsec.so #Requires library called libnfhwcrhk.so which is not available rm %{buildroot}/%_lib/engines/libchil.so #requires library named "SureWareHook" which is not available rm %{buildroot}/%_lib/engines/libsureware.so #requires DSO "libswift.so",propietary and not available rm %{buildroot}/%_lib/engines/libcswift.so #requires DSO "nuronssl.so", propietary and not available rm %{buildroot}/%_lib/engines/libnuron.so #only supported in AIX and Windows... rm %{buildroot}/%_lib/engines/lib4758cca.so # deprecated in favor of http://sourceforge.net/projects/opencryptoki/files/ (??) rm %{buildroot}/%_lib/engines/libaep.so # HP Atalla AXL600L SSL Accelerator Card, EOL, linux 2.4/SLE8, useless nowdays rm %{buildroot}/%_lib/engines/libatalla.so %clean if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi %post -n libopenssl1_0_0 -p /sbin/ldconfig %postun -n libopenssl1_0_0 -p /sbin/ldconfig %files -n libopenssl1_0_0 %defattr(-, root, root) /%{_lib}/libssl.so.%{num_version} /%{_lib}/libcrypto.so.%{num_version} /%{_lib}/engines %files -n libopenssl-devel %defattr(-, root, root) %{_includedir}/%{name}/ %{_includedir}/ssl %exclude %{_libdir}/libcrypto.a %exclude %{_libdir}/libssl.a %{_libdir}/libssl.so %{_libdir}/libcrypto.so %_libdir/pkgconfig/libcrypto.pc %_libdir/pkgconfig/libssl.pc %_libdir/pkgconfig/openssl.pc %files doc -f filelist.doc %defattr(-, root, root) %doc doc/* demos %doc showciphers.c %files -f filelist %defattr(-, root, root) %doc CHANGE* INSTAL* AVAILABLE_CIPHERS %doc LICENSE NEWS README README.SuSE %dir %{ssletcdir} %dir %{ssletcdir}/certs %{ssletcdir}/certs/* %config (noreplace) %{ssletcdir}/openssl.cnf %attr(700,root,root) %{ssletcdir}/private %dir %{_datadir}/ssl %{_datadir}/ssl/misc %{_bindir}/c_rehash %{_bindir}/%{name} %changelog