|
|
@@ -9,9 +9,9 @@
|
|
|
|
|
|
Summary: Secure Sockets Layer Toolkit
|
|
|
Name: openssl
|
|
|
-Version: 1.1.1g
|
|
|
+Version: 1.1.1i
|
|
|
Release: 1%{_dist_release}
|
|
|
-Group: System Environment/Libraries
|
|
|
+Group: system,security
|
|
|
Vendor: Project Vine
|
|
|
Distribution: Vine Linux
|
|
|
Packager: daisuke, iwamoto
|
|
|
@@ -49,17 +49,26 @@ Patch38: openssl-1.1.1-no-weak-verify.patch
|
|
|
Patch40: openssl-1.1.1-disable-ssl3.patch
|
|
|
Patch41: openssl-1.1.1-system-cipherlist.patch
|
|
|
Patch42: openssl-1.1.1-fips.patch
|
|
|
-Patch43: openssl-1.1.1-ignore-bound.patch
|
|
|
Patch44: openssl-1.1.1-version-override.patch
|
|
|
Patch45: openssl-1.1.1-weak-ciphers.patch
|
|
|
Patch46: openssl-1.1.1-seclevel.patch
|
|
|
Patch48: openssl-1.1.1-fips-post-rand.patch
|
|
|
Patch49: openssl-1.1.1-evp-kdf.patch
|
|
|
Patch50: openssl-1.1.1-ssh-kdf.patch
|
|
|
+Patch51: openssl-1.1.1-intel-cet.patch
|
|
|
+Patch60: openssl-1.1.1-krb5-kdf.patch
|
|
|
+Patch61: openssl-1.1.1-edk2-build.patch
|
|
|
+Patch62: openssl-1.1.1-fips-curves.patch
|
|
|
+Patch65: openssl-1.1.1-fips-drbg-selftest.patch
|
|
|
+Patch66: openssl-1.1.1-fips-dh.patch
|
|
|
+Patch67: openssl-1.1.1-kdf-selftest.patch
|
|
|
+Patch69: openssl-1.1.1-alpn-cb.patch
|
|
|
+Patch70: openssl-1.1.1-rewire-fips-drbg.patch
|
|
|
# Backported fixes including security fixes
|
|
|
-Patch51: openssl-1.1.1-upstream-sync.patch
|
|
|
Patch52: openssl-1.1.1-s390x-update.patch
|
|
|
Patch53: openssl-1.1.1-fips-crng-test.patch
|
|
|
+Patch55: openssl-1.1.1-arm-update.patch
|
|
|
+Patch56: openssl-1.1.1-s390x-ecc.patch
|
|
|
|
|
|
# security fix
|
|
|
# none
|
|
|
@@ -78,9 +87,10 @@ Requires: ca-certificates
|
|
|
The OpenSSL certificate management tool and the shared libraries that
|
|
|
provide various cryptographic algorithms and protocols.
|
|
|
|
|
|
+
|
|
|
%package devel
|
|
|
Summary: OpenSSL libraries and development headers.
|
|
|
-Group: Development/Libraries
|
|
|
+Group: programming
|
|
|
Requires: %{name} = %{version}-%{release}
|
|
|
Requires: krb5-devel
|
|
|
|
|
|
@@ -92,9 +102,10 @@ supported by OpenSSL.
|
|
|
Patches for many networking apps can be found at:
|
|
|
ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps/
|
|
|
|
|
|
+
|
|
|
%package static
|
|
|
Summary: Libraries for static linking of applications which will use OpenSSL
|
|
|
-Group: Development/Libraries
|
|
|
+Group: programming
|
|
|
Requires: %{name}-devel = %{version}-%{release}
|
|
|
|
|
|
%description static
|
|
|
@@ -103,9 +114,10 @@ package contains static libraries needed for static linking of
|
|
|
applications which support various cryptographic algorithms and
|
|
|
protocols.
|
|
|
|
|
|
+
|
|
|
%package perl
|
|
|
Summary: OpenSSL scripts which require Perl.
|
|
|
-Group: Applications/Internet
|
|
|
+Group: security
|
|
|
Requires: %{name} = %{version}-%{release}
|
|
|
Requires: perl
|
|
|
|
|
|
@@ -113,18 +125,20 @@ Requires: perl
|
|
|
Perl scripts provided with OpenSSL for converting certificates and keys
|
|
|
from other formats to those used by OpenSSL.
|
|
|
|
|
|
+
|
|
|
## to build compat32 for x86_64 architecture support
|
|
|
%package -n compat32-%{name}
|
|
|
Summary: Secure Sockets Layer Toolkit
|
|
|
-Group: System Environment/Libraries
|
|
|
+Group: system
|
|
|
Requires: %{name} = %{version}-%{release}
|
|
|
%description -n compat32-%{name}
|
|
|
The OpenSSL certificate management tool and the shared libraries that
|
|
|
provide various cryptographic algorithms and protocols.
|
|
|
|
|
|
+
|
|
|
%package -n compat32-%{name}-devel
|
|
|
Summary: OpenSSL libraries and development headers.
|
|
|
-Group: Development/Libraries
|
|
|
+Group: programming
|
|
|
Requires: compat32-%{name} = %{version}-%{release}
|
|
|
Requires: compat32-krb5-devel
|
|
|
%description -n compat32-%{name}-devel
|
|
|
@@ -132,6 +146,10 @@ The static libraries and include files needed to compile apps
|
|
|
with support for various the cryptographic algorithms and protocols
|
|
|
supported by OpenSSL.
|
|
|
|
|
|
+
|
|
|
+%debug_package
|
|
|
+
|
|
|
+
|
|
|
%prep
|
|
|
%setup -q -n %{name}-%{version}
|
|
|
|
|
|
@@ -160,7 +178,6 @@ cp %{SOURCE13} test/
|
|
|
%if %{with fips}
|
|
|
%patch42 -p1 -b .fips
|
|
|
%endif
|
|
|
-%patch43 -p1 -b .ignore-bound
|
|
|
%if %{with fips}
|
|
|
%patch44 -p1 -b .version-override
|
|
|
%endif
|
|
|
@@ -170,15 +187,30 @@ cp %{SOURCE13} test/
|
|
|
%patch49 -p1 -b .evp-kdf
|
|
|
%patch50 -p1 -b .ssh-kdf
|
|
|
%patch51 -p1 -b .upstream-sync
|
|
|
-%endif
|
|
|
#patch52 -p1 -b .s390x-update
|
|
|
+%endif
|
|
|
%if %{with fips}
|
|
|
%patch53 -p1 -b .crng-test
|
|
|
%endif
|
|
|
+#patch55 -p1 -b .arm-update
|
|
|
+#patch56 -p1 -b .s390x-ecc
|
|
|
+%if %{with fips}
|
|
|
+%patch60 -p1 -b .krb5-kdf
|
|
|
+%patch61 -p1 -b .edk2-build
|
|
|
+%patch62 -p1 -b .fips-curves
|
|
|
+%patch65 -p1 -b .drbg-selftest
|
|
|
+%patch66 -p1 -b .fips-dh
|
|
|
+%patch67 -p1 -b .kdf-selftest
|
|
|
+%endif
|
|
|
+%patch69 -p1 -b .alpn-cb
|
|
|
+%if %{with fips}
|
|
|
+%patch70 -p1 -b .rewire-fips-drbg
|
|
|
+%endif
|
|
|
|
|
|
# security fix
|
|
|
# none
|
|
|
|
|
|
+
|
|
|
%build
|
|
|
# Figure out which flags we want to use.
|
|
|
# default
|
|
|
@@ -232,6 +264,7 @@ for i in libcrypto.pc libssl.pc openssl.pc ; do
|
|
|
sed -i '/^Libs.private:/{s/-L[^ ]* //;s/-Wl[^ ]* //}' $i
|
|
|
done
|
|
|
|
|
|
+
|
|
|
%check
|
|
|
# Verify that what was compiled actually works.
|
|
|
|
|
|
@@ -248,7 +281,6 @@ patch -p1 -R < %{PATCH31}
|
|
|
# drop a recipe includes tests for brainpool curves (not supported by openssl-hobbled).
|
|
|
rm -f test/recipes/80-test_ssl_new.t
|
|
|
|
|
|
-
|
|
|
LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
|
|
|
export LD_LIBRARY_PATH
|
|
|
OPENSSL_ENABLE_MD5_VERIFY=
|
|
|
@@ -257,7 +289,6 @@ OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file
|
|
|
export OPENSSL_SYSTEM_CIPHERS_OVERRIDE
|
|
|
make test
|
|
|
|
|
|
-
|
|
|
# Add generation of HMAC checksum of the final stripped library
|
|
|
%define __spec_install_post \
|
|
|
%{?__debug_package:%{__debug_install_post}} \
|
|
|
@@ -267,6 +298,7 @@ make test
|
|
|
|
|
|
%define __provides_exclude_from %{_libdir}/openssl
|
|
|
|
|
|
+
|
|
|
%install
|
|
|
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
|
|
|
# Install OpenSSL.
|
|
|
@@ -358,6 +390,7 @@ export LD_LIBRARY_PATH
|
|
|
%clean
|
|
|
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
|
|
|
|
|
|
+
|
|
|
%files
|
|
|
%defattr(-,root,root)
|
|
|
%{!?_licensedir:%global license %%doc}
|
|
|
@@ -427,15 +460,24 @@ export LD_LIBRARY_PATH
|
|
|
%attr(0644,root,root) %{_libdir}/pkgconfig/*.pc
|
|
|
%endif
|
|
|
|
|
|
-%post -p /sbin/ldconfig
|
|
|
|
|
|
+%post -p /sbin/ldconfig
|
|
|
%postun -p /sbin/ldconfig
|
|
|
|
|
|
%post -n compat32-%{name} -p /sbin/ldconfig
|
|
|
-
|
|
|
%postun -n compat32-%{name} -p /sbin/ldconfig
|
|
|
|
|
|
+
|
|
|
%changelog
|
|
|
+* Wed Dec 09 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.1.1i-1
|
|
|
+- new upstream release.
|
|
|
+
|
|
|
+* Sat Nov 21 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.1.1h-1
|
|
|
+- new upstream release.
|
|
|
+- dropped Patch43: fixed in upstream.
|
|
|
+- imported Patch55-70 from rawhide.
|
|
|
+- updated Source13.
|
|
|
+
|
|
|
* Sat Apr 25 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.1.1g-1
|
|
|
- new upstream release.
|
|
|
|
tomop