specs/o/openssl096/openssl096-vl.spec

%define soversion 2

Summary: Secure Sockets Layer Toolkit
Name: openssl096
Version: 0.9.6m
Release: 1%{?_dist_release}
Source: openssl-engine-%{version}.tar.gz
Source1: hobble-openssl
Source2: Makefile.certificate
Source3: ca-bundle.crt
Source4: RHNS-CA-CERT
Source5: make-dummy-cert
Source6: openssl.pc
Patch0: openssl-0.9.6m-rpm.patch
Patch1: openssl-0.9.5a-64.patch
Patch2: openssl-0.9.5a-defaults.patch
Patch3: openssl-0.9.5a-ia64.patch
Patch4: openssl-0.9.6g-glibc.patch
Patch5: openssl-0.9.6g-soversion.patch

# security fix
Patch106: openssl-CAN-2005-2969.patch
Patch107: openssl-0.9.7d-CVE-2006-4339.patch
Patch108: openssl-engine-0.9.6b-cve-2006-2940.patch
Patch109: openssl-0.9.6b-cve-2006-3738.patch
Patch110: openssl-0.9.8b-cve-2006-4343.patch
Patch120: openssl-0.9.6m_CVE-2007-3108.patch
Patch130: openssl-0.9.6m_CVE-2007-5135.patch
Patch140: openssl-0.9.6m_CVE-2006-4339.patch

License: BSDish
Group: System Environment/Libraries
URL: http://www.openssl.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-root
BuildPreReq: perl, sed
Requires: mktemp

Distribution: Vine Linux
Vendor: Project Vine
Packager: Daisuke SUZUKI <daisuke@linux.or.jp>

%define solibbase %(echo %version | sed 's/[[:alpha:]]//g')

%description
The OpenSSL certificate management tool and the shared libraries that
provide various cryptographic algorithms and protocols.

%package devel
Summary: OpenSSL libraries and development headers.
Group: Development/Libraries
Requires: %{name} = %{version}-%{release}

%description devel
The static libraries and include files needed to compile apps
with support for various the cryptographic algorithms and protocols
supported by OpenSSL.

Patches for many networking apps can be found at:
ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps/

%package perl
Summary: OpenSSL scripts which require Perl.
Group: Applications/Internet
Requires: perl
Requires: %{name} = %{version}-%{release}

%description perl
Perl scripts provided with OpenSSL for converting certificates and keys
from other formats to those used by OpenSSL.

%prep
%setup -q -n openssl-engine-%{version}
#%{SOURCE1}
%patch0 -p1 -b .redhat
%patch1 -p1 -b .64
%patch2 -p1 -b .defaults
%patch3 -p1 -b .ia64
%patch4 -p1 -b .glibc
%patch5 -p1 -b .soversion

# security fix
%patch106 -p0 -b .CAN-2005-2969
%patch107 -p1 -b .CVE-2006-4339
%patch108 -p1 -b .CVE-2006-2940
%patch109 -p1 -b .CVE-2006-3738
%patch110 -p0 -b .CVE-2006-4343
%patch120 -p0 -b .CVE-2007-3108
%patch130 -p1 -b .CVE-2007-5135
%patch140 -p1 -b .CVE-2006-4339

chmod 644 FAQ LICENSE CHANGES NEWS INSTALL README
chmod 644 doc/README doc/c-indentation.el doc/openssl.txt
chmod 644 doc/openssl_button.html doc/openssl_button.gif
chmod 644 doc/ssleay.txt

# Link the configuration header to the one we're going to make.
ln -sf ../../crypto/opensslconf.h include/openssl/

%build 
PATH=${PATH}:${PWD}/bin
TOPDIR=${PWD}
LD_LIBRARY_PATH=${TOPDIR}:${TOPDIR}/bin:${PATH} ; export LD_LIBRARY_PATH

# Figure out which flags we want to use.  Can't use assembler because it's
# not lowest-common-denominator in most cases.
perl util/perlpath.pl `dirname %{__perl}`
%ifarch %ix86
sslarch=linux-elf
sslflags="no-asm 386"
%endif
%ifarch sparc
sslarch=linux-sparcv9
sslflags=no-asm
%endif
%ifarch ia64
sslarch=linux-ia64
sslflags=no-asm
%endif
%ifarch alpha
sslarch=alpha-gcc
sslflags=no-asm
%endif
%ifarch s390
sslarch=linux-s390
%endif
%ifarch s390x
sslarch=linux-s390x
%endif
%ifarch mipsel
sslarch=linux-mips
sslflags=no-asm
%endif
# Configure the build tree.  Override OpenSSL defaults with known-good defaults
# usable on all platforms.  The Configure script already knows to use -fPIC and
# RPM_OPT_FLAGS, so we can skip specifiying them here.
./config --prefix=%{_prefix} --openssldir=%{_datadir}/ssl ${sslflags} shared
make all build-shared

# Generate hashes for the included certs.
make rehash build-shared

# Verify that what was compiled actually works.
make -C test apps tests

# Relink the main binary to get it dynamically linked.
rm apps/openssl
make all build-shared

%install
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
# Install OpenSSL.
install -d $RPM_BUILD_ROOT{/lib,%{_bindir},%{_includedir},%{_libdir},%{_mandir}}
make INSTALL_PREFIX=$RPM_BUILD_ROOT install build-shared
install -m 755 *.so.* $RPM_BUILD_ROOT%{_libdir}
mv $RPM_BUILD_ROOT%{_libdir}/lib*.so.%{solibbase} $RPM_BUILD_ROOT/lib/
mv $RPM_BUILD_ROOT%{_datadir}/ssl/man/* $RPM_BUILD_ROOT%{_mandir}
rmdir $RPM_BUILD_ROOT%{_datadir}/ssl/man
rename so.%{solibbase} so.%{version} $RPM_BUILD_ROOT/lib/*.so.%{solibbase}
for lib in $RPM_BUILD_ROOT/lib/*.so.%{version} ; do
	chmod 755 ${lib}
	ln -s -f ../../lib/`basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`
	ln -s -f ../../lib/`basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`.%{soversion}
done

%clean
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT

%files 
%defattr(-,root,root)
%doc FAQ LICENSE CHANGES NEWS INSTALL README
%doc doc/README doc/c-indentation.el doc/openssl.txt
%doc doc/openssl_button.html doc/openssl_button.gif
%doc doc/ssleay.txt
%attr(0755,root,root) /lib/*.so.%{version}

%post -p /sbin/ldconfig

%postun -p /sbin/ldconfig

%changelog
* Sat Oct 18 2008 Ryoichi INAGAKI <ryo1@bc.wakwak.com> 0.9.6m-1vl5
- applied new versioning policy

* Tue Oct 23 2006 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp>
- 0.9.6m-0vl5
- add patch120 for fix CVE-2007-3108 (Montgomery:BN_from_montgomery())
- add patch130 for fix CVE-2007-5135
- add patch140 for fix CVE-2006-4339 (RSA key with exponent 3)

* Fri Sep 29 2006 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp>
- 0.9.6m-0vl4
- add Patch108 for fix CVE-2006-2940
- add Patch109 for fix CVE-2006-3738
- add Patch110 for fix CVE-2006-4343
- change patch No. (patch6 -> 106, patch7 -> 107)

* Mon Sep 11 2006 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp>
- 0.9.6m-0vl3
- add patch7 for fix CVE-2006-4339

* Sat Jul  1 2006 Ryoichi INAGAKI <ryo1@bc.wakwak.com> 0.9.6m-0vl2
- rebuilt for VineSeed

* Thu Oct 13 2005 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp>
- 0.9.6m-0vl1.1
- add patch6 for fix CAN-2005-2969

* Fri Mar 19 2004 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6m-0vl1
- new upstream release
- SECURITY fix.
  - http://www.openssl.org/news/secadv_20040317.txt
- build as compatibility package  

* Wed Oct  1 2003 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6k-0vl1
- new upstream release
- [Security fix]
  - Vulnerabilities in ASN.1 parsing
    http://www.openssl.org/news/secadv_20030930.txt
- see %{_docdir}/%{name}-%{version}/CHANGES for other changes

* Wed Jun 04 2003 HOTTA Michihide <hotta@net-newbie.com> 0.9.6j-0vl2
- add openssl.pc for pkgconfig

* Fri Mar 11 2003 Satoshi MACHINO <machino@vinelinux.org> 0.9.6j-0vl1
- New upstream version
- dropped patch10, 11
	-- merged upstream version

* Sun Feb 23 2003 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6i-0vl1
- rebuild for VineSeed

* Sun Feb 23 2003 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6i-0vl0.26.1
- [Security Fix]
  - Timing-based attacks on RSA keys
    http://www.openssl.org/news/secadv_20030317.txt
  - Klima-Pokorny0Rosa attack on RSA in SSL/TLS
    http://www.openssl.org/news/secadv_20030317.txt

* Sun Feb 23 2003 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6i-0vl0.26
- new upstream release 0.9.6i
- [Security Fix]
- build for Vine Linux 2.6 errata

* Mon Nov 18 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6h-0vl1
- new upstream release 0.9.6h

* Mon Nov 18 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6g-0vl1
- new upstream release 0.9.6g

* Mon Oct 28 2002 IWAI Masaharu <iwai@alib.jp> 0.9.6b-1vl6
- SECURITY: CAN-2002-0659 fixed
  - added Patch101 from RedHat 7.2 updates 0.9.6b-28
    * Fri Aug 02 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-28
    - update asn patch to fix accidental reversal of a logic check
    * Thu Aug 01 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-27
    - update asn patch to reduce chance that compiler optimization will remove
      one of the added tests
    * Thu Aug 01 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-26
    - rebuild
    * Tue Jul 30 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-25
    - add patch to fix ASN.1 vulnerabilities

* Wed Jul 31 2002 IWAI Masaharu <iwai@alib.jp> 0.9.6b-1vl5
- rename spec file name
- SECURITY: CA-2002-23 fixed
  - added Patch100 from RedHat 7.2 updates 0.9.6b-24
    * Thu Jul 25 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-24
    - add backport of Ben Laurie's patches for OpenSSL 0.9.6d

* Mon Sep 10 2001 Satoshi MACHINO <machino@vinelinux.org> 0.9.6b-1vl4
- added ${PATH} in LD_LIBRARY_PATH
- added install -m 755 *.so.* $RPM_BUILD_ROOT%{_libdir} in %install
 
* Sun Jul 15 2001 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6b-1vl3
- remove --no-<cipher>

* Sun Jul 15 2001 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6b-1vl2
- add Patch10 for mipsel shared ( Configure )

* Sat Jul 14 2001 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6b-1vl1
- build for Vine Linux
- use openssl-engine-0.9.6b.tar.gz

* Wed Jul 11 2001 Nalin Dahyabhai <nalin@redhat.com>
- update to 0.9.6b

* Thu Jul  5 2001 Nalin Dahyabhai <nalin@redhat.com>
- move .so symlinks back to %%{_libdir}

* Tue Jul  3 2001 Nalin Dahyabhai <nalin@redhat.com>
- move shared libraries to /lib (#38410)

* Mon Jun 25 2001 Nalin Dahyabhai <nalin@redhat.com>
- switch to engine code base

* Mon Jun 18 2001 Nalin Dahyabhai <nalin@redhat.com>
- add a script for creating dummy certificates
- move man pages from %%{_mandir}/man?/foo.?ssl to %%{_mandir}/man?ssl/foo.?

* Thu Jun 07 2001 Florian La Roche <Florian.LaRoche@redhat.de>
- add s390x support

* Fri Jun  1 2001 Nalin Dahyabhai <nalin@redhat.com>
- change two memcpy() calls to memmove()
- don't define L_ENDIAN on alpha

* Tue May 15 2001 Nalin Dahyabhai <nalin@redhat.com>
- make subpackages depend on the main package

* Tue May  1 2001 Nalin Dahyabhai <nalin@redhat.com>
- adjust the hobble script to not disturb symlinks in include/ (fix from
  Joe Orton)

* Fri Apr 26 2001 Nalin Dahyabhai <nalin@redhat.com>
- drop the m2crypo patch we weren't using

* Tue Apr 24 2001 Nalin Dahyabhai <nalin@redhat.com>
- configure using "shared" as well

* Sun Apr  8 2001 Nalin Dahyabhai <nalin@redhat.com>
- update to 0.9.6a
- use the build-shared target to build shared libraries
- bump the soversion to 2 because we're no longer compatible with
  our 0.9.5a packages or our 0.9.6 packages
- drop the patch for making rsatest a no-op when rsa null support is used
- put all man pages into <section>ssl instead of <section>
- break the m2crypto modules into a separate package

* Tue Mar 13 2001 Nalin Dahyabhai <nalin@redhat.com>
- use BN_LLONG on s390

* Mon Mar 12 2001 Nalin Dahyabhai <nalin@redhat.com>
- fix the s390 changes for 0.9.6 (isn't supposed to be marked as 64-bit)

* Sat Mar  3 2001 Nalin Dahyabhai <nalin@redhat.com>
- move c_rehash to the perl subpackage, because it's a perl script now

* Fri Mar  2 2001 Nalin Dahyabhai <nalin@redhat.com>
- update to 0.9.6
- enable MD2
- use the libcrypto.so and libssl.so targets to build shared libs with
- bump the soversion to 1 because we're no longer compatible with any of
  the various 0.9.5a packages circulating around, which provide lib*.so.0

* Wed Feb 28 2001 Florian La Roche <Florian.LaRoche@redhat.de>
- change hobble-openssl for disabling MD2 again

* Tue Feb 27 2001 Nalin Dahyabhai <nalin@redhat.com>
- re-disable MD2 -- the EVP_MD_CTX structure would grow from 100 to 152
  bytes or so, causing EVP_DigestInit() to zero out stack variables in
  apps built against a version of the library without it

* Mon Feb 26 2001 Nalin Dahyabhai <nalin@redhat.com>
- disable some inline assembly, which on x86 is Pentium-specific
- re-enable MD2 (see http://www.ietf.org/ietf/IPR/RSA-MD-all)

* Thu Feb 08 2001 Florian La Roche <Florian.LaRoche@redhat.de>
- fix s390 patch

* Fri Dec 8 2000 Than Ngo <than@redhat.com>
- added support s390

* Mon Nov 20 2000 Nalin Dahyabhai <nalin@redhat.com>
- remove -Wa,* and -m* compiler flags from the default Configure file (#20656)
- add the CA.pl man page to the perl subpackage

* Thu Nov  2 2000 Nalin Dahyabhai <nalin@redhat.com>
- always build with -mcpu=ev5 on alpha

* Tue Oct 31 2000 Nalin Dahyabhai <nalin@redhat.com>
- add a symlink from cert.pem to ca-bundle.crt

* Wed Oct 25 2000 Nalin Dahyabhai <nalin@redhat.com>
- add a ca-bundle file for packages like Samba to reference for CA certificates

* Tue Oct 24 2000 Nalin Dahyabhai <nalin@redhat.com>
- remove libcrypto's crypt(), which doesn't handle md5crypt (#19295)

* Mon Oct  2 2000 Nalin Dahyabhai <nalin@redhat.com>
- add unzip as a buildprereq (#17662)
- update m2crypto to 0.05-snap4

* Tue Sep 26 2000 Bill Nottingham <notting@redhat.com>
- fix some issues in building when it's not installed

* Wed Sep  6 2000 Nalin Dahyabhai <nalin@redhat.com>
- make sure the headers we include are the ones we built with (aaaaarrgh!)

* Fri Sep  1 2000 Nalin Dahyabhai <nalin@redhat.com>
- add Richard Henderson's patch for BN on ia64
- clean up the changelog

* Tue Aug 29 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix the building of python modules without openssl-devel already installed

* Wed Aug 23 2000 Nalin Dahyabhai <nalin@redhat.com>
- byte-compile python extensions without the build-root
- adjust the makefile to not remove temporary files (like .key files when
  building .csr files) by marking them as .PRECIOUS

* Sat Aug 19 2000 Nalin Dahyabhai <nalin@redhat.com>
- break out python extensions into a subpackage

* Mon Jul 17 2000 Nalin Dahyabhai <nalin@redhat.com>
- tweak the makefile some more

* Tue Jul 11 2000 Nalin Dahyabhai <nalin@redhat.com>
- disable MD2 support

* Thu Jul  6 2000 Nalin Dahyabhai <nalin@redhat.com>
- disable MDC2 support

* Sun Jul  2 2000 Nalin Dahyabhai <nalin@redhat.com>
- tweak the disabling of RC5, IDEA support
- tweak the makefile

* Thu Jun 29 2000 Nalin Dahyabhai <nalin@redhat.com>
- strip binaries and libraries
- rework certificate makefile to have the right parts for Apache

* Wed Jun 28 2000 Nalin Dahyabhai <nalin@redhat.com>
- use %%{_perl} instead of /usr/bin/perl
- disable alpha until it passes its own test suite

* Fri Jun  9 2000 Nalin Dahyabhai <nalin@redhat.com>
- move the passwd.1 man page out of the passwd package's way

* Fri Jun  2 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to 0.9.5a, modified for U.S.
- add perl as a build-time requirement
- move certificate makefile to another package
- disable RC5, IDEA, RSA support
- remove optimizations for now

* Wed Mar  1 2000 Florian La Roche <Florian.LaRoche@redhat.de>
- Bero told me to move the Makefile into this package

* Wed Mar  1 2000 Florian La Roche <Florian.LaRoche@redhat.de>
- add lib*.so symlinks to link dynamically against shared libs

* Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de>
- update to 0.9.5
- run ldconfig directly in post/postun
- add FAQ

* Sat Dec 18 1999 Bernhard Rosenkrdnzer <bero@redhat.de>
- Fix build on non-x86 platforms

* Fri Nov 12 1999 Bernhard Rosenkrdnzer <bero@redhat.de>
- move /usr/share/ssl/* from -devel to main package

* Tue Oct 26 1999 Bernhard Rosenkrdnzer <bero@redhat.de>
- inital packaging
- changes from base:
  - Move /usr/local/ssl to /usr/share/ssl for FHS compliance
  - handle RPM_OPT_FLAGS