Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
compat-openssl098.11471
compat-openssl098.spec
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File compat-openssl098.spec of Package compat-openssl098.11471
# # spec file for package compat-openssl098 # # Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: compat-openssl098 BuildRequires: bc BuildRequires: ed BuildRequires: zlib-devel # openssl-fips-objectmodule %define ssletcdir %{_sysconfdir}/ssl %define num_version %(echo "%{version}" | sed -e "s+[a-zA-Z]++g; s+_.*++g") Provides: ssl Version: 0.9.8j Release: 0 Requires: libopenssl0_9_8 = %{version} PreReq: libopenssl0_9_8 = %{version} Summary: Secure Sockets and Transport Layer Security License: OpenSSL Group: Productivity/Networking/Security Url: http://www.openssl.org/ Source: http://www.openssl.org/source/openssl-%{version}.tar.gz Source10: README.SUSE Source11: README-FIPS.txt Source99: baselibs.conf Patch0: openssl-0.9.8-sparc.dif Patch1: openssl-0.9.8-flags-priority.dif Patch2: non-exec-stack.diff Patch3: openssl-0.9.7f-ppc64.diff Patch4: openssl-hppa-config.diff Patch5: openssl-0.9.6g-alpha.diff # http://www-124.ibm.com/developerworks/projects/libica/ #Patch10: openssl-0.9.7d-ICA_engine-jun142004.patch.bz2 Patch6: openssl-0.9.8a.ca-app-segfault.bug128655.dif Patch7: bswap.diff Patch8: fix-pod-number.patch Patch9: bswap-s390x-fix.diff Patch11: openssl-CVE-2009-0590.patch Patch12: openssl-CVE-2009-0591.patch Patch13: openssl-CVE-2009-0789.patch Patch14: openssl-CVE-2009-1377.patch Patch15: openssl-CVE-2009-1378.patch Patch16: openssl-CVE-2009-1379.patch Patch18: openssl-CVE-2009-1387.patch Patch20: openssl-CVE-2009-4355.patch Patch22: enable-security-renegotiation.patch Patch23: openssl-CVE-2009-3245.patch Patch24: openssl-CVE-2010-0740.patch Patch25: CVE-2010-2939.patch Patch27: CVE-2010-3864.patch Patch28: CVE-2010-4180.patch Patch29: CVE-2011-0014.patch Patch30: ECDSA_signatures_timing_attack.patch Patch31: compression_methods_switch.patch Patch32: intel-0.9.8.diff Patch33: intel-0.9.8-switch.diff Patch34: intel-0.9.8-private.diff Patch35: openssl-makefile-cc.diff Patch60: openssl-fips__0000_fipsmode.diff Patch61: openssl-fips__0010_enable_shared_fips_Configure.diff Patch62: openssl-fips__0020_rng-seeding.patch Patch63: openssl-fips__0040_use_fipscheck_internal.diff Patch64: openssl-fips__0045_fipscheck_sha1_sha256.diff # for x86_64 and x86 only. Patch65: openssl-fips__0050_fips_sha_Makefile_CPUID_OBJ.diff # is deactivated, for debugging purposes only. Patch66: openssl-fips__0080_fips_fips_c_OPENSSL_FIPS_DEBUG_FIPSCHECK_DISABLE.diff # changes the hmac key to ppaksykemnsecgtsttplmamstKMEs Patch67: openssl-fips__0090_hmac_key_change.diff Patch71: openssl-fips__0100_aes_EVP_CIPH_FLAG_FIPS_-_the_fenzke_code.diff Patch72: openssl-fips__0200_CFB1_enable.diff Patch73: openssl-fips__0211_cavs_rsa_testvector_path_adoptions.diff Patch74: openssl-fips__0212_cavs_dsa_missing_PQGVer.diff Patch77: openssl-fips__0220_make_hmac_path_return_value_check.diff Patch78: openssl-fips__0222_dsa_pqver_fixes.diff Patch79: openssl-fips__0230_sha256_sha512_selftests.diff Patch80: CVE-2011-3210.patch Patch91: CVE-2011-4108.patch Patch92: CVE-2011-4109.patch Patch93: CVE-2011-4576.patch Patch94: CVE-2011-4619.patch Patch95: CVE-2011-4577.patch Patch96: CVE-2012-0050.patch Patch97: openssl-add_sha256_sha512.diff Patch98: Bug748738_Tolerate_bad_MIME_headers.patch Patch99: bug749213-Free-headers-after-use.patch Patch100: bug749210-Symmetric-crypto-errors-in-PKCS7_decrypt.patch Patch101: CVE-2012-1165.patch Patch102: CVE-2012-0884.patch Patch103: bug749735.patch Patch104: CVE-2012-2110.patch Patch105: bug-755395_intel-nonexecstack.diff Patch106: CVE-2012-2131.patch Patch107: aes-x86_64.patch Patch108: bug-761324-backport-cms-from-0.9.8x-to-0.9.8j.patch Patch109: CVE-2012-2333.patch Patch110: openssl-fips__0300_run_selftests_if_hmac_files_present.diff Patch111: openssl-CVE-2011-5095.patch Patch112: CVE-2013-0166.patch Patch113: CVE-2013-0169.patch Patch114: bug-860332-cmdline-check-certs.patch Patch115: openssl-0.9.8j-c_rehash-with-openssl1.patch Patch116: openssl-enable-ecdh.patch Patch117: openssl-0.9.8b-ipv6-apps.patch Patch118: CVE-2014-0076.patch Patch119: CVE-2014-3470.patch Patch120: CVE-2014-0221.patch Patch121: CVE-2014-0224.patch Patch122: prevent_buffer_overread.patch Patch123: openssl-CVE-2014-3508.patch Patch124: openssl-CVE-2014-3505.patch Patch125: openssl-CVE-2014-3506.patch Patch126: openssl-CVE-2014-3507.patch Patch127: openssl-CVE-2014-3510.patch Patch128: openssl-CVE-2014-3566.patch Patch129: openssl-CVE-2014-3567.patch Patch130: openssl-CVE-2014-3568.patch # two patches for bnc#892403: properly fix stateless session support Patch131: Fix-stateless-session-resumption-so-it-can-coexist-with-SNI.patch Patch132: Generate-stateless-session-ID-just-after-the-ticket-is-r.patch Patch133: openssl-CVE-2014-3572.patch Patch134: openssl-CVE-2014-8275.patch Patch135: openssl-CVE-2015-0204.patch Patch136: openssl-CVE-2014-3570.patch Patch137: openssl-CVE-2014-3571.patch Patch138: openssl-CVE-2015-0205.patch Patch139: openssl-CVE-2009-5146.patch Patch140: openssl-CVE-2015-0209.patch Patch141: openssl-CVE-2015-0286.patch Patch142: openssl-CVE-2015-0287.patch Patch143: openssl-CVE-2015-0288.patch Patch144: openssl-CVE-2015-0289.patch Patch145: openssl-CVE-2015-0292.patch Patch146: openssl-CVE-2015-0293.patch Patch148: openssl-RSA_premaster_secret_in_constant_time.patch Patch149: openssl-CVE-2015-1788.patch Patch150: openssl-CVE-2015-1789.patch Patch151: openssl-CVE-2015-1790.patch Patch152: openssl-CVE-2015-1791.patch Patch153: openssl-CVE-2015-1792.patch # CVE-2015-4000 fixes (aka Logjam, weakdh.org) Patch154: 0001-s_server-Use-2048-bit-DH-parameters-by-default.patch Patch155: 0002-dhparam-set-the-default-to-2048-bits.patch Patch156: 0003-dhparam-fix-documentation.patch Patch157: 0004-Update-documentation-with-Diffie-Hellman-best-practi.patch Patch158: 0005-client-reject-handshakes-with-DH-parameters-1024-bits.patch Patch159: openssl-disable_EXPORT_ciphers_by_default.patch # EO CVE-2015-4000 Patch160: openssl-fix-ecdh_negotiation_bug.patch Patch161: openssl-s_client-check-if-con-null-before-using-it.patch Patch162: openssl-CVE-2015-3195.patch Patch163: openssl-CVE-2015-3197.patch Patch164: openssl-avoid-config-twice.patch # OpenSSL Security Advisory [1st March 2016] Patch165: openssl-CVE-2016-0797.patch Patch166: openssl-CVE-2016-0799.patch Patch167: openssl-CVE-2016-0800-DROWN-disable-ssl2.patch # OpenSSL Security Advisory [3rd May 2016] Patch171: openssl-CVE-2016-2108.patch Patch172: openssl-CVE-2016-2109.patch Patch173: openssl-CVE-2016-2105.patch Patch174: openssl-CVE-2016-2106.patch Patch176: 0001-Fix-buffer-overrun-in-ASN1_parse.patch Patch177: openssl-CVE-2016-0702.patch Patch179: openssl-update-expired-smime-certs.patch #OpenSSL Security Advisory [22 Sep 2016] (bsc#999665) Patch180: openssl-CVE-2016-2177.patch Patch181: openssl-CVE-2016-2178.patch Patch182: 0001-PR-2506.patch Patch183: openssl-CVE-2016-2179.patch Patch184: openssl-CVE-2016-2181.patch Patch185: openssl-CVE-2016-2182.patch Patch186: openssl-CVE-2016-2183-SWEET32.patch Patch187: openssl-CVE-2016-6303.patch Patch188: openssl-CVE-2016-6306.patch Patch189: openssl-CVE-2016-6304.patch Patch190: openssl-CVE-2016-6302.patch Patch191: openssl-print_notice-NULL_crash.patch Patch192: openssl-randfile_fread_interrupt.patch # OpenSSL Security Advisory [26 Jan 2017] (bsc#1021641) Patch193: openssl-CVE-2016-8610.patch Patch194: openssl-CVE-2016-7056.patch Patch195: openssl-no_session_resumption_without_ticket.patch Patch196: openssl-fix_crash_in_openssl_speed.patch Patch197: openssl-degrade_3DES_to_MEDIUM_in_SSL2.patch Patch198: openssl-add_DEFAULT_SUSE_cipher_list.patch Patch199: openssl-fix_crash_in_DES.patch Patch200: openssl-1.0.1i-trusted-first.patch Patch201: openssl-1.0.1i-alt-chains.patch # OpenSSL Security Advisory [27 Mar 2018] Patch202: openssl-CVE-2018-0739.patch # bsc#1097158 Patch203: openssl-CVE-2018-0732.patch # bsc#1097624 Patch204: 0001-Add-blinding-to-a-DSA-signature.patch # bsc#1098592 Patch205: 0001-Add-blinding-to-an-ECDSA-signature.patch # OpenSSL Security Advisory [16 Apr 2018] Patch206: openssl-CVE-2018-0737.patch # OpenSSL Security Advisory [30 October 2018] Patch207: openssl-One_and_Done.patch Patch208: 0001-DSA-Address-a-timing-side-channel-whereby-it-is-possible.patch Patch209: 0002-ECDSA-Address-a-timing-side-channel-whereby-it-is-possible.patch Patch210: openssl-CVE-2018-0734.patch Patch211: 0001-Merge-to-1.0.2-DSA-mod-inverse-fix.patch Patch212: 0001-Add-a-constant-time-flag-to-one-of-the-bignums-to-av.patch Patch213: openssl-CVE-2018-5407-PortSmash.patch # The 9 Lives of Bleichenbacher's CAT - vulnerability #7739 # https://github.com/openssl/openssl/pull/6889 Patch214: openssl-Extended-OAEP-support.patch Patch215: openssl-rewrite-RSA-padding-checks.patch Patch216: openssl-add-computationally-constant-time-bn_bn2binpad.patch Patch217: openssl-address-Coverity-nit-in-bn2binpad.patch Patch218: openssl-switch-to-BN_bn2binpad.patch # https://github.com/openssl/openssl/pull/6942 Patch219: 0001-crypto-bn-add-more-fixed-top-routines.patch Patch220: 0002-rsa-rsa_eay.c-implement-variant-of-Smooth-CRT-RSA.patch Patch221: 0003-bn-bn_blind.c-use-Montgomery-multiplication-when-pos.patch Patch222: 0004-bn-bn_lib.c-conceal-even-memmory-access-pattern-in-b.patch Patch223: openssl-bn_mul_mont_fixed_top.patch Patch224: openssl-bn_mod_add_fixed_top.patch # https://github.com/openssl/openssl/pull/7737 Patch225: 0005-err-err.c-add-err_clear_last_constant_time.patch Patch226: 0006-rsa-rsa_eay.c-make-RSAerr-call-in-rsa_ossl_private_d.patch Patch227: 0007-rsa-rsa_pk1.c-remove-memcpy-calls-from-RSA_padding_c.patch Patch228: 0008-rsa-rsa_oaep.c-remove-memcpy-calls-from-RSA_padding_.patch Patch229: 0009-rsa-rsa_ssl.c-make-RSA_padding_check_SSLv23-constant.patch Patch230: 0001-RT-4242-reject-invalid-EC-point-coordinates.patch Patch231: openssl-CVE-2019-1559.patch # was never built on ppc64le and aarch64, so its not required to be present ExcludeArch: aarch64 ppc64le BuildRoot: %{_tmppath}/%{name}-%{version}-build %description The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and open source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation. Derivation and License OpenSSL is based on the excellent SSLeay library developed by Eric A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an Apache-style license, which basically means that you are free to get it and to use it for commercial and noncommercial purposes. Please read the file /usr/share/doc/packages/openssl/README-FIPS.txt for information on FIPS-140-2 compliant mode of operation of the openssl shared libraries. Authors: -------- Mark J. Cox <mark@openssl.org> Ralf S. Engelschall <rse@openssl.org> Dr. Stephen Henson <steve@openssl.org> Ben Laurie <ben@openssl.org> Bodo Moeller <bodo@openssl.org> Ulf Moeller <ulf@openssl.org> Holger Reif <holger@openssl.org> Paul C. Sutton <paul@openssl.org> %package -n libopenssl0_9_8 Summary: Secure Sockets and Transport Layer Security Group: Productivity/Networking/Security Recommends: openssl-certs %description -n libopenssl0_9_8 The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and open source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation. Derivation and License OpenSSL is based on the excellent SSLeay library developed by Eric A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an Apache-style license, which basically means that you are free to get it and to use it for commercial and noncommercial purposes. Please read the file /usr/share/doc/packages/openssl/README-FIPS.txt for information on FIPS-140-2 compliant mode of operation of the openssl shared libraries. %prep %setup -q -n openssl-%version %patch0 -p1 %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 %patch5 -p1 %patch6 -p1 %patch7 %patch9 %patch11 -p1 %patch12 -p1 %patch13 -p1 %patch14 -p1 %patch15 -p1 %patch16 -p1 %patch18 -p1 %patch20 -p1 %patch22 -p1 %patch23 -p1 %patch24 -p1 %patch25 -p1 %patch27 -p1 %patch28 -p1 %patch8 -p1 %patch29 -p1 %patch30 -p1 %patch31 -p1 %patch32 -p1 %patch33 -p1 %patch34 -p1 %patch35 -p1 %patch60 -p1 %patch61 -p0 %patch62 -p0 %patch63 -p0 %patch64 -p0 %ifarch x86_64 x86 %patch65 -p0 %endif #%patch66 -p0 %patch67 -p0 # %patch70 is the temporary disable of the compile-time tests. Uncomment to disable tests: #%patch70 -p0 %patch71 -p0 %patch72 -p0 %patch73 -p0 %patch74 -p0 %patch77 -p0 %patch78 -p0 %patch79 -p0 %patch80 -p1 %patch91 -p1 %patch92 -p1 %patch93 -p1 %patch94 -p1 %patch95 -p1 %patch96 -p1 %patch97 -p0 %patch98 -p1 %patch99 -p1 %patch100 -p1 %patch101 -p1 %patch102 -p1 %patch103 -p1 %patch104 -p1 %patch105 -p1 %patch106 -p1 %patch107 -p1 %patch108 -p1 %patch109 -p1 %patch110 -p0 %patch111 -p1 %patch112 -p1 %patch113 -p1 %patch114 -p1 %patch115 -p1 %patch116 -p0 %patch117 -p1 %patch118 -p1 %patch119 -p1 %patch120 -p1 %patch121 -p1 %patch122 -p1 %patch123 -p1 %patch124 -p1 %patch125 -p1 %patch126 -p1 %patch127 -p1 %patch128 -p1 %patch129 -p1 %patch130 -p1 %patch131 -p1 %patch132 -p1 %patch133 -p1 %patch134 -p1 %patch135 -p1 %patch136 -p1 %patch137 -p1 %patch138 -p1 %patch139 -p1 %patch140 -p1 %patch141 -p1 %patch142 -p1 %patch143 -p1 %patch144 -p1 %patch145 -p1 %patch146 -p1 %patch148 -p1 %patch149 -p1 %patch150 -p1 %patch151 -p1 %patch152 -p1 %patch153 -p1 %patch154 -p1 %patch155 -p1 %patch156 -p1 %patch157 -p1 %patch158 -p1 %patch159 -p1 %patch160 -p1 %patch161 -p1 %patch162 -p1 %patch163 -p1 %patch164 -p1 %patch165 -p1 %patch166 -p1 %patch167 -p1 # OpenSSL Security Advisory [3rd May 2016] %patch171 -p1 %patch172 -p1 %patch173 -p1 %patch174 -p1 %patch176 -p1 %patch177 -p1 %patch179 -p1 #OpenSSL Security Advisory [22 Sep 2016] (bsc#999665) %patch180 -p1 %patch181 -p1 %patch182 -p1 %patch183 -p1 %patch184 -p1 %patch185 -p1 %patch186 -p1 %patch187 -p1 %patch188 -p1 %patch189 -p1 %patch190 -p1 %patch191 -p1 %patch192 -p1 %patch193 -p1 %patch194 -p1 %patch195 -p1 %patch196 -p1 %patch197 -p1 %patch198 -p1 %patch199 -p1 %patch200 -p1 %patch201 -p1 %patch202 -p1 %patch203 -p1 %patch204 -p1 %patch205 -p1 %patch206 -p1 %patch207 -p1 %patch208 -p1 %patch209 -p1 %patch210 -p1 %patch211 -p1 %patch212 -p1 %patch213 -p1 %patch214 -p1 %patch215 -p1 %patch216 -p1 %patch217 -p1 %patch218 -p1 %patch219 -p1 %patch220 -p1 %patch221 -p1 %patch222 -p1 %patch223 -p1 %patch224 -p1 %patch225 -p1 %patch226 -p1 %patch227 -p1 %patch228 -p1 %patch229 -p1 %patch230 -p1 %patch231 -p1 # delete patch leftovers from doc to silence a build check find doc -name \*.orig -delete cp -p %{S:10} %{S:11} . # lib64 installation fixes for i in Makefile.org engines/Makefile; do sed -e "s+\(\$(INSTALL_PREFIX)\$(INSTALLTOP)\)/lib+\1/%_lib+g" \ -e "s+libdir=\$\${exec_prefix}/lib+libdir=\$\${exec_prefix}/%_lib+g" \ $i > $i.t diff -u $i $i.t ||: mv $i.t $i done # stop it here if playing around with rpmbuild -bp to create a new patch: #exit 2 echo "adding/overwriting some entries in the 'table' hash in Configure" # $dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags #"linux-ia64", "gcc:-DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR::asm/ia64.o:::::::::: $DSO_SCHEME", export DSO_SCHEME='dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):' cat <<EOF_ED | ed -s Configure /^); - i # local configuration added from specfile #config-string, $cc:$cflags:$unistd:$thread_cflag:$sys_id:$lflags:$bn_ops:$cpuid_obj:$bn_obj:$des_obj:$aes_obj:$bf_obj:$md5_obj:$sha1_obj:$cast_obj:$rc4_obj:$rmd160_obj:$rc5_obj:$dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags "linux-elf", "gcc:-DL_ENDIAN ::-D_REENTRANT::-ldl:BN_LLONG \${x86_gcc_des} \${x86_gcc_opts}:\${x86_elf_asm}:$DSO_SCHEME", "linux-ia64", "gcc:-DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:::::::::::: $DSO_SCHEME", "linux-ppc", "gcc:-DB_ENDIAN ::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:::::::::::: $DSO_SCHEME", "linux-ppc64", "gcc:-DB_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL SIXTY_FOUR_BIT_LONG:::::::::::: $DSO_SCHEME", "linux-elf-arm","gcc:-DL_ENDIAN ::-D_REENTRANT::-ldl:BN_LLONG:::::::::::: $DSO_SCHEME", "linux-mips", "gcc:-DB_ENDIAN ::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:::::::::::: $DSO_SCHEME", "linux-sparcv7","gcc:-DB_ENDIAN ::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::: $DSO_SCHEME", "linux-sparcv8","gcc:-DB_ENDIAN -DBN_DIV2W -mv8 ::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::asm/sparcv8.o:::::::::: $DSO_SCHEME", "linux-x86_64", "gcc:-DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2:\${x86_64_asm}: $DSO_SCHEME", "linux-s390", "gcc:-DB_ENDIAN ::(unknown): :-ldl:BN_LLONG:::::::::::: $DSO_SCHEME", "linux-s390x", "gcc:-DB_ENDIAN -DNO_ASM -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG:::::::::::: $DSO_SCHEME", "linux-parisc", "gcc:-DB_ENDIAN ::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR DES_PTR DES_UNROLL DES_RISC1:::::::::::: $DSO_SCHEME", . wq EOF_ED # fix ENGINESDIR path sed -i 's,/lib/engines,/%_lib/engines098,' Configure # help syntax highlighting # " %build ./config --test-sanity # config_flags="fipscanisterbuild shared threads no-rc5 no-idea enable-tlsext \ enable-camellia \ enable-cms \ zlib \ --prefix=%{_prefix} \ --openssldir=%{ssletcdir} \ $RPM_OPT_FLAGS \ -fomit-frame-pointer \ -fno-strict-aliasing \ -DTERMIO \ -Wall \ -fstack-protector " # %{!?do_profiling:%define do_profiling 0} %if %do_profiling # generate feedback ./config $config_flags make depend CC="gcc %cflags_profile_generate" make CC="gcc %cflags_profile_generate" LD_LIBRARY_PATH=`pwd` make rehash CC="gcc %cflags_profile_generate" LD_LIBRARY_PATH=`pwd` make test CC="gcc %cflags_profile_generate" FIPSCANLIB="" LD_LIBRARY_PATH=`pwd` apps/openssl speed make clean ./config $config_flags %cflags_profile_feedback %else ./config $config_flags %endif make depend make LD_LIBRARY_PATH=`pwd` make rehash # for FIPS mode testing; the same hashes are being created later just before # the wrap-up of the files into the package. # These files are just there for the make test below... fips/fips_standalone_sha1 libcrypto.so.0.9.8 > .libcrypto.so.0.9.8.hmac fips/fips_standalone_sha1 libssl.so.0.9.8 > .libssl.so.0.9.8.hmac LD_LIBRARY_PATH=`pwd` make test FIPSCANLIB="" # show settings make TABLE echo $RPM_OPT_FLAGS eval $(egrep PLATFORM='[[:alnum:]]' Makefile) grep -B1 -A22 "^\*\*\* $PLATFORM$" TABLE %install mkdir -p ${RPM_BUILD_ROOT}/usr/lib # for now make MANDIR=%{_mandir} INSTALL_PREFIX=$RPM_BUILD_ROOT install rm -rf $RPM_BUILD_ROOT/etc $RPM_BUILD_ROOT/usr/bin/* $RPM_BUILD_ROOT/usr/include $RPM_BUILD_ROOT/usr/share $RPM_BUILD_ROOT/%{_libdir}/pkgconfig rm -f $RPM_BUILD_ROOT/%{_libdir}/libssl.a $RPM_BUILD_ROOT/%{_libdir}/libcrypto.a cp -a fips/fips_standalone_sha1 $RPM_BUILD_ROOT/usr/bin/fips_standalone_sha1 # to avoid conflict with openssl 1 mv $RPM_BUILD_ROOT/%{_libdir}/engines $RPM_BUILD_ROOT/%{_libdir}/engines098 # install standard root certificates #cp -pr certs/* $RPM_BUILD_ROOT/%{ssletcdir}/certs #ln -sf ./%{name} $RPM_BUILD_ROOT/%{_includedir}/ssln -sf ./%{name} $RPM_BUILD_ROOT/%{_includedir}/ssl #ln -sf ./openssl $RPM_BUILD_ROOT/%{_includedir}/ssl #mv $RPM_BUILD_ROOT/%{ssletcdir}/misc $RPM_BUILD_ROOT/%{_datadir}/ssl/ # ln -s %{ssletcdir}/certs $RPM_BUILD_ROOT/%{_datadir}/ssl/certs # ln -s %{ssletcdir}/private $RPM_BUILD_ROOT/%{_datadir}/ssl/private # ln -s %{ssletcdir}/openssl.cnf $RPM_BUILD_ROOT/%{_datadir}/ssl/openssl.cnf # # avoid file conflicts with man pages from other packages # #pushd $RPM_BUILD_ROOT/%{_mandir} # some man pages now contain spaces. This makes several scripts go havoc, among them /usr/sbin/Check. # replace spaces by underscores #for i in man?/*\ *; do mv -v "$i" "${i// /_}"; done #which readlink &>/dev/null || function readlink { ( set +x; target=$(file $1 2>/dev/null); target=${target//* }; test -f $target && echo $target; ) } #for i in man?/*; do # if test -L $i ; then # LDEST=`readlink $i` # rm -f $i ${i}ssl # ln -sf ${LDEST}ssl ${i}ssl # else # mv $i ${i}ssl # fi # case `basename ${i%.*}` in # asn1parse|ca|config|crl|crl2pkcs7|crypto|dgst|dhparam|dsa|dsaparam|enc|gendsa|genrsa|nseq|openssl|passwd|pkcs12|pkcs7|pkcs8|rand|req|rsa|rsautl|s_client|s_server|smime|spkac|ssl|verify|version|x509) # # these are the pages mentioned in openssl(1). They go into the main package. # echo %doc %{_mandir}/${i}ssl.gz >> $OLDPWD/filelist;; # *) # # the rest goes into the openssl-doc package. # echo %doc %{_mandir}/${i}ssl.gz >> $OLDPWD/filelist.doc;; # esac #done #popd # # check wether some shared library has been installed # ls -l $RPM_BUILD_ROOT/%{_libdir} test -f $RPM_BUILD_ROOT/%{_libdir}/libssl.so.%{num_version} test -f $RPM_BUILD_ROOT/%{_libdir}/libcrypto.so.%{num_version} test -L $RPM_BUILD_ROOT/%{_libdir}/libssl.so test -L $RPM_BUILD_ROOT/%{_libdir}/libcrypto.so # # see what we've got # cat > showciphers.c <<EOF #include <openssl/err.h> #include <openssl/ssl.h> void main(){ unsigned int i; SSL_CTX *ctx; SSL *ssl; SSL_METHOD *meth; meth = SSLv2_client_method(); SSLeay_add_ssl_algorithms(); ctx = SSL_CTX_new(meth); if (ctx == NULL) return 0; ssl = SSL_new(ctx); if (!ssl) return 0; for (i=0; ; i++) { int j, k; SSL_CIPHER *sc; sc = (meth->get_cipher)(i); if (!sc) break; k = SSL_CIPHER_get_bits(sc, &j); printf("%s\n", sc->name); } return 0; }; EOF #gcc $RPM_OPT_FLAGS -I${RPM_BUILD_ROOT}%{_includedir} -c showciphers.c #gcc -o showciphers showciphers.o -L${RPM_BUILD_ROOT}%{_libdir} -lssl -lcrypto #LD_LIBRARY_PATH=${RPM_BUILD_ROOT}%{_libdir} ./showciphers > AVAILABLE_CIPHERS || true #cat AVAILABLE_CIPHERS # Do not install demo scripts executable under /usr/share/doc find demos -type f -perm /111 -exec chmod 644 {} \; # for now rm -f ${RPM_BUILD_ROOT}/usr/lib/fips_premain* # remove development stuff rm -f ${RPM_BUILD_ROOT}/%{_libdir}/libssl.so rm -f ${RPM_BUILD_ROOT}/%{_libdir}/libcrypto.so # the hmac hashes: # # this is a hack that re-defines the __os_install_post macro # for a simple reason: the macro strips the binaries and thereby # invalidates a HMAC that may have been created earlier. # solution: create the hashes _after_ the macro runs. # # this shows up earlier because otherwise the %expand of # the macro is too late. # remark: This is the same as running # openssl dgst -sha256 -hmac 'ppaksykemnsecgtsttplmamstKMEs' %{expand:%%global __os_install_post {%__os_install_post $RPM_BUILD_ROOT/usr/bin/fips_standalone_sha1 \ $RPM_BUILD_ROOT/%{_libdir}/libssl.so.%{num_version} > \ $RPM_BUILD_ROOT/%{_libdir}/.libssl.so.%{num_version}.hmac $RPM_BUILD_ROOT/usr/bin/fips_standalone_sha1 \ $RPM_BUILD_ROOT/%{_libdir}/libcrypto.so.%{num_version} > \ $RPM_BUILD_ROOT/%{_libdir}/.libcrypto.so.%{num_version}.hmac }} %post -n libopenssl0_9_8 -p /sbin/ldconfig %postun -n libopenssl0_9_8 -p /sbin/ldconfig %files -n libopenssl0_9_8 %defattr(-, root, root) %doc CHANGE* INSTAL* %doc LICENSE NEWS README README.SUSE README-FIPS.txt %{_libdir}/libssl.so.%{num_version} %{_libdir}/libcrypto.so.%{num_version} %{_libdir}/.libssl.so.%{num_version}.hmac %{_libdir}/.libcrypto.so.%{num_version}.hmac %{_bindir}/fips_standalone_sha1 %{_libdir}/engines098 %changelog
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor