Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:Update
openssl.28465
openssl.spec
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssl.spec of Package openssl.28465
# # spec file for package openssl # # Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # %define cavs_dir %{_libexecdir}/%{name}/cavs Name: openssl BuildRequires: bc BuildRequires: ed BuildRequires: pkg-config BuildRequires: zlib-devel %define ssletcdir %{_sysconfdir}/ssl #%define num_version %(echo "%{version}" | sed -e "s+[a-zA-Z]++g; s+_.*++g") %define num_version 1.0.0 Provides: ssl Provides: openssl(cli) # bug437293 %ifarch ppc64 Obsoletes: openssl-64bit %endif Version: 1.0.2j Release: 0 Summary: Secure Sockets and Transport Layer Security License: OpenSSL Group: Productivity/Networking/Security URL: https://www.openssl.org/ Source: https://www.%{name}.org/source/%{name}-%{version}.tar.gz Source42: https://www.%{name}.org/source/%{name}-%{version}.tar.gz.asc # https://www.openssl.org/about/ # http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xA2D29B7BF295C759#/%name.keyring Source43: %name.keyring # to get mtime of file: Source1: openssl.changes Source2: baselibs.conf Source10: README.SUSE Source11: README-FIPS.txt Patch0: merge_from_0.9.8k.patch Patch1: openssl-1.0.0-c_rehash-compat.diff Patch2: bug610223.patch Patch3: openssl-ocloexec.patch Patch4: openssl-1.0.2a-padlock64.patch # PATCH-FIX-UPSTREAM http://rt.openssl.org/Ticket/Attachment/WithHeaders/20049 Patch5: openssl-fix-pod-syntax.diff Patch6: openssl-1.0.1e-truststore.diff Patch7: compression_methods_switch.patch Patch8: 0005-libssl-Hide-library-private-symbols.patch Patch9: openssl-1.0.2a-default-paths.patch Patch10: openssl-pkgconfig.patch Patch13: openssl-1.0.2a-ipv6-apps.patch Patch14: 0001-libcrypto-Hide-library-private-symbols.patch # FIPS patches: Patch15: openssl-1.0.2i-fips.patch Patch16: openssl-1.0.2a-fips-ec.patch Patch17: openssl-1.0.2a-fips-ctor.patch Patch18: openssl-1.0.2i-new-fips-reqs.patch Patch19: openssl-gcc-attributes.patch Patch26: 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch Patch33: openssl-no-egd.patch Patch34: openssl-fips-hidden.patch Patch35: openssl-1.0.1e-add-suse-default-cipher.patch Patch37: openssl-1.0.1e-add-test-suse-default-cipher-suite.patch Patch38: openssl-missing_FIPS_ec_group_new_by_curve_name.patch Patch40: bsc936563_hack.patch Patch41: openssl-fips-dont_run_FIPS_module_installed.patch # FIPS patches from SLE-12:GA Patch50: openssl-fips_disallow_x931_rand_method.patch Patch51: openssl-fips_disallow_ENGINE_loading.patch Patch53: openssl-rsakeygen-minimum-distance.patch Patch55: openssl-fips-rsagen-d-bits.patch Patch56: openssl-fips-selftests_in_nonfips_mode.patch Patch57: openssl-fips-fix-odd-rsakeybits.patch Patch58: openssl-fips-clearerror.patch Patch59: openssl-fips-dont-fall-back-to-default-digest.patch Patch60: openssl-CVE-2016-0800-DROWN-disable-ssl2.patch Patch61: openssl-fipslocking.patch Patch62: openssl-print_notice-NULL_crash.patch Patch63: openssl-randfile_fread_interrupt.patch Patch64: 0001-Make-openssl-req-x509-more-equivalent-to-openssl-req.patch # OpenSSL Security Advisory [26 Jan 2017] Patch65: openssl-CVE-2016-7055.patch Patch66: openssl-CVE-2017-3731.patch Patch67: openssl-CVE-2017-3732.patch Patch68: openssl-fix_crash_in_openssl_speed.patch Patch69: openssl-degrade_3DES_to_MEDIUM_in_SSL2.patch Patch70: openssl-fips-xts_nonidentical_key_parts.patch Patch71: openssl-fips_add_cavs_tests.patch Patch72: openssl-x86_extended_feature_detection.patch Patch73: openssl-fips-OPENSSL_s390xcap.patch Patch74: openssl-fips_cavs_helpers_run_in_fips_mode.patch Patch75: openssl-fips_cavs_pad_with_zeroes.patch Patch76: openssl-fips_cavs_aes_keywrap.patch Patch77: openssl-fips-run_selftests_only_when_module_is_complete.patch Patch78: openssl-fips_entropy_reseeding.patch # OpenSSL Security Advisory [28 Aug 2017] Patch79: openssl-CVE-2017-3735.patch # OpenSSL Security Advisory [02 Nov 2017] Patch80: openssl-CVE-2017-3736.patch Patch81: openssl-fix_crash_in_DES.patch # OpenSSL Security Advisory [07 Dec 2017] Patch82: openssl-CVE-2017-3737.patch Patch83: openssl-CVE-2017-3738.patch # OpenSSL Security Advisory [27 Mar 2018] Patch84: openssl-CVE-2018-0739.patch # OpenSSL Security Advisory [12 June 2018] # bsc#1097158 Patch85: openssl-CVE-2018-0732.patch # bsc#1097624 Patch86: openssl-add-blinding-to-ecdsa.patch # bsc#1098592 Patch87: openssl-add-blinding-to-dsa.patch Patch88: openssl-pkgconfig-enginesdir.patch # OpenSSL Security Advisory [16 Apr 2018] Patch89: openssl-CVE-2018-0737.patch Patch90: openssl-CVE-2018-0737-fips.patch Patch91: openssl-One_and_Done.patch Patch92: 0001-DSA-Check-for-sanity-of-input-parameters.patch # OpenSSL Security Advisory [30 October 2018] Patch93: 0001-DSA-Address-a-timing-side-channel-whereby-it-is-possible.patch Patch94: 0002-ECDSA-Address-a-timing-side-channel-whereby-it-is-possible.patch Patch95: openssl-CVE-2018-0734.patch Patch96: 0001-Merge-to-1.0.2-DSA-mod-inverse-fix.patch Patch97: 0001-Add-a-constant-time-flag-to-one-of-the-bignums-to-av.patch Patch98: openssl-CVE-2018-5407-PortSmash.patch Patch99: openssl-record_msg_callback.patch # OpenSSL Security Advisory [26 February 2019] Patch100: openssl-CVE-2019-1559.patch # The 9 Lives of Bleichenbacher's CAT - vulnerability #7739 # https://github.com/openssl/openssl/pull/6889 Patch101: openssl-add-computationally-constant-time-bn_bn2binpad.patch Patch102: openssl-address-Coverity-nit-in-bn2binpad.patch Patch103: openssl-switch-to-BN_bn2binpad.patch # https://github.com/openssl/openssl/pull/6942 Patch104: 0001-crypto-bn-add-more-fixed-top-routines.patch Patch105: 0002-rsa-rsa_eay.c-implement-variant-of-Smooth-CRT-RSA.patch Patch106: 0003-bn-bn_blind.c-use-Montgomery-multiplication-when-pos.patch Patch107: 0004-bn-bn_lib.c-conceal-even-memmory-access-pattern-in-b.patch # # https://github.com/openssl/openssl/pull/7737 Patch108: 0005-err-err.c-add-err_clear_last_constant_time.patch Patch109: 0006-rsa-rsa_eay.c-make-RSAerr-call-in-rsa_ossl_private_d.patch Patch110: 0007-rsa-rsa_pk1.c-remove-memcpy-calls-from-RSA_padding_c.patch Patch111: 0008-rsa-rsa_oaep.c-remove-memcpy-calls-from-RSA_padding_.patch Patch112: 0009-rsa-rsa_ssl.c-make-RSA_padding_check_SSLv23-constant.patch Patch113: openssl-bn_mul_mont_fixed_top.patch Patch114: openssl-bn_mod_add_fixed_top.patch Patch115: openssl-1.0.2l-aes-IV-in_SHAEXT.patch Patch116: 0001-RT-4242-reject-invalid-EC-point-coordinates.patch # OpenSSL Security Advisory [10 September 2019] Patch117: openssl-CVE-2019-1547.patch Patch118: openssl-CVE-2019-1563.patch # OpenSSL Security Advisory [6 December 2019] bsc#1158809 CVE-2019-1551 # PATCH-FIX-UPSTREAM Integer overflow in RSAZ modular exponentiation on x86_64 Patch119: openssl-1_1-CVE-2019-1551.patch # PATCH-FIX-UPSTREAM bsc#1160163 Fix missing BN_copy() Patch120: openssl-add-BN_FLG_FIXED_TOP-flag.patch # PATCH-FIX-UPSTREAM bsc#1117951 bsc#1160163 Add missing commits Patch121: openssl-add-missing-commits-for-bsc1117951.patch # OpenSSL Security Advisory [8 December 2020] bsc#1179491 CVE-2020-1971 Patch122: openssl-CVE-2020-1971.patch # OpenSSL Security Advisory [16 February 2021] [bsc#1182333,CVE-2021-23840] [bsc#1182331,CVE-2021-23841] Patch123: openssl-CVE-2021-23840.patch Patch124: openssl-CVE-2021-23841.patch # OpenSSL Security Advisory [17 August 2021] [bsc#1189521,CVE-2021-3712] Patch125: CVE-2021-3712-Fix-read-buffer-overrun-in-X509_CERT_AUX_print.patch Patch126: CVE-2021-3712-other-ASN1_STRING-issues.patch #PATCH-FIX-UPSTREAM bsc#1196877 CVE-2022-0778 Infinite loop in BN_mod_sqrt() reachable when parsing certificates Patch127: openssl-CVE-2022-0778.patch Patch128: openssl-CVE-2022-1292.patch Patch129: openssl-Fix-file-operations-in-c_rehash.patch # PATCH-FIX-UPSTREAM bsc#1201627 Update further expiring certificates that affect tests Patch130: openssl-Update-further-expiring-certificates.patch #PATCH-FIX-UPSTREAM bsc#1207534 CVE-2022-4304 Timing Oracle in RSA Decryption Patch131: openssl-CVE-2022-4304.patch #PATCH-FIX-UPSTREAM bsc#1207536 CVE-2023-0215 Use-after-free following BIO_new_NDEF() Patch132: openssl-CVE-2023-0215-1of4.patch #Patch133: openssl-CVE-2023-0215-2of4.patch Patch133: openssl-CVE-2023-0215-3of4.patch Patch134: openssl-CVE-2023-0215-4of4.patch #PATCH-FIX-UPSTREAM bsc#1207533 CVE-2023-0286 Address type confusion related to X.400 address processing Patch135: openssl-CVE-2023-0286.patch # PATCH-FIX-SUSE bsc#1202062 FIPS: Fix DH key generation in FIPS mode Patch136: openssl-fips_fix_DH_key_generation.patch # PATCH-FIX-UPSTREAM: bsc#1209624, CVE-2023-0464 Excessive Resource Usage Verifying X.509 Policy Constraints Patch137: openssl-CVE-2023-0464.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and open source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation. Derivation and License OpenSSL is based on the excellent SSLeay library developed by Eric A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an Apache-style license, which basically means that you are free to get it and to use it for commercial and noncommercial purposes. %package -n libopenssl1_0_0 Summary: Secure Sockets and Transport Layer Security License: OpenSSL Group: Productivity/Networking/Security Recommends: ca-certificates-mozilla # install libopenssl and libopenssl-hmac close together (bsc#1090765) Suggests: libopenssl1_0_0-hmac = %{version}-%{release} # bug437293 %ifarch ppc64 Obsoletes: openssl-64bit %endif # %description -n libopenssl1_0_0 The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and open source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation. Derivation and License OpenSSL is based on the excellent SSLeay library developed by Eric A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an Apache-style license, which basically means that you are free to get it and to use it for commercial and noncommercial purposes. %package -n libopenssl-devel Summary: Include Files and Libraries mandatory for Development License: OpenSSL Group: Development/Libraries/C and C++ Obsoletes: openssl-devel < %{version} Requires: %name = %version Requires: libopenssl1_0_0 = %{version} Requires: zlib-devel Provides: openssl-devel = %{version} # bug437293 %ifarch ppc64 Obsoletes: openssl-devel-64bit %endif # %description -n libopenssl-devel This package contains all necessary include files and libraries needed to develop applications that require these. %package -n libopenssl1_0_0-hmac Summary: HMAC files for FIPS-140-2 integrity checking of the openssl shared libraries License: BSD-3-Clause Group: Productivity/Networking/Security Requires: libopenssl1_0_0 = %{version}-%{release} %description -n libopenssl1_0_0-hmac The FIPS compliant operation of the openssl shared libraries is NOT possible without the HMAC hashes contained in this package! %package doc Summary: Additional Package Documentation License: OpenSSL Group: Productivity/Networking/Security %if 0%{?suse_version} >= 1140 BuildArch: noarch %endif %description doc This package contains optional documentation provided in addition to this package's base documentation. %package cavs Summary: CAVS testing framework and utilities License: OpenSSL Group: Productivity/Networking/Security Requires: libopenssl1_0_0 = %{version}-%{release} %description cavs Includes CAVS testing framework and utilities %prep %setup -q %patch0 -p1 %patch1 -p1 %patch2 -p1 %patch4 -p1 %patch5 -p1 %patch6 -p1 %patch7 -p1 %patch9 -p1 %patch10 -p1 %patch13 -p1 %patch15 -p1 %patch16 -p1 %patch17 -p1 %patch18 -p1 %patch19 -p1 %patch26 -p1 %patch33 -p1 %patch34 -p1 %patch35 -p1 %patch37 -p1 %patch38 -p1 %patch41 -p1 %patch50 -p1 %patch51 -p1 %patch53 -p1 %patch55 -p1 %patch56 -p1 %patch57 -p1 %patch58 -p1 %patch59 -p1 %patch60 -p1 %patch61 -p1 %patch62 -p1 %patch63 -p1 # revert upstream commit fd7ca7465b67336b8950a505b6d2adee867a78f7 %patch64 -R -p1 %patch65 -p1 %patch66 -p1 %patch67 -p1 %patch68 -p1 %patch69 -p1 %patch3 %patch8 -p1 %patch14 -p1 #workaround https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66728 %ifarch ppc64le %patch40 -p1 %endif %patch70 -p1 %patch71 -p1 %patch72 -p1 %patch73 -p1 %patch74 -p1 %patch75 -p1 %patch76 -p1 %patch77 -p1 %patch78 -p1 %patch79 -p1 %patch80 -p1 %patch81 -p1 # OpenSSL Security Advisory [07 Dec 2017] %patch82 -p1 %patch83 -p1 %patch84 -p1 %patch85 -p1 %patch86 -p1 %patch87 -p1 %patch88 -p1 %patch89 -p1 %patch90 -p1 %patch91 -p1 %patch92 -p1 %patch93 -p1 %patch94 -p1 %patch95 -p1 %patch96 -p1 %patch97 -p1 %patch98 -p1 %patch99 -p1 %patch100 -p1 %patch101 -p1 %patch102 -p1 %patch103 -p1 %patch104 -p1 %patch105 -p1 %patch106 -p1 %patch107 -p1 %patch108 -p1 %patch109 -p1 %patch110 -p1 %patch111 -p1 %patch112 -p1 %patch113 -p1 %patch114 -p1 %patch115 -p1 %patch116 -p1 %patch117 -p1 %patch118 -p1 %patch119 -p1 %patch120 -p1 %patch121 -p1 %patch122 -p1 # OpenSSL Security Advisory [16 February 2021] %patch123 -p1 %patch124 -p1 %patch125 -p1 %patch126 -p1 %patch127 -p1 %patch128 -p1 %patch129 -p1 %patch130 -p1 %patch131 -p1 %patch132 -p1 %patch133 -p1 %patch134 -p1 %patch135 -p1 %patch136 -p1 %patch137 -p1 cp -p %{S:10} . cp -p %{S:11} . echo "adding/overwriting some entries in the 'table' hash in Configure" # $dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags export DSO_SCHEME='dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::' cat <<EOF_ED | ed -s Configure /^); - i # # local configuration added from specfile # ... MOST of those are now correct in openssl's Configure already, # so only add them for new ports! # #config-string, $cc:$cflags:$unistd:$thread_cflag:$sys_id:$lflags:$bn_ops:$cpuid_obj:$bn_obj:$des_obj:$aes_obj:$bf_obj:$md5_obj:$sha1_obj:$cast_obj:$rc4_obj:$rmd160_obj:$rc5_obj:$wp_obj:$cmll_obj:$dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags:$multilib #"linux-elf", "gcc:-DL_ENDIAN ::-D_REENTRANT::-ldl:BN_LLONG \${x86_gcc_des} \${x86_gcc_opts}:\${x86_elf_asm}:$DSO_SCHEME:", #"linux-ia64", "gcc:-DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:\${ia64_asm}: $DSO_SCHEME:", #"linux-ppc", "gcc:-DB_ENDIAN ::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:\${no_asm}: $DSO_SCHEME:", #"linux-ppc64", "gcc:-DB_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL SIXTY_FOUR_BIT_LONG:\${no_asm}: $DSO_SCHEME:64", "linux-elf-arm","gcc:-DL_ENDIAN ::-D_REENTRANT::-ldl:BN_LLONG:\${no_asm}: $DSO_SCHEME:", "linux-mips", "gcc:-DB_ENDIAN ::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:\${no_asm}: $DSO_SCHEME:", "linux-sparcv7","gcc:-DB_ENDIAN ::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:\${no_asm}: $DSO_SCHEME:", #"linux-sparcv8","gcc:-DB_ENDIAN -DBN_DIV2W -mv8 ::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::asm/sparcv8.o::::::::::::: $DSO_SCHEME:", #"linux-x86_64", "gcc:-DL_ENDIAN -DNO_ASM -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG:\${no_asm}: $DSO_SCHEME:64", #"linux-s390", "gcc:-DB_ENDIAN ::(unknown): :-ldl:BN_LLONG:\${no_asm}: $DSO_SCHEME:", #"linux-s390x", "gcc:-DB_ENDIAN -DNO_ASM -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG:\${no_asm}: $DSO_SCHEME:64", "linux-parisc", "gcc:-DB_ENDIAN ::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR DES_PTR DES_UNROLL DES_RISC1:\${no_asm}: $DSO_SCHEME:", . wq EOF_ED # fix ENGINESDIR path sed -i 's,/lib/engines,/%_lib/engines,' Configure %build %if 0%{suse_version} >= 1230 find -type f -name "*.c" -exec sed -i -e "s@getenv@secure_getenv@g" {} + %endif %ifarch armv5el armv5tel export MACHINE=armv5el %endif %ifarch armv6l armv6hl export MACHINE=armv6l %endif ./config --test-sanity # config_flags="threads shared no-rc5 no-idea \ fips \ %ifarch x86_64 enable-ec_nistp_64_gcc_128 \ %endif enable-camellia \ zlib \ no-ec2m \ --prefix=%{_prefix} \ --libdir=%{_lib} \ --openssldir=%{ssletcdir} \ $RPM_OPT_FLAGS -std=gnu99 \ -Wa,--noexecstack \ -fomit-frame-pointer \ -DTERMIO \ -DPURIFY \ -D_GNU_SOURCE \ $(getconf LFS_CFLAGS) \ -Wall " %ifnarch hppa aarch64 config_flags="$config_flags -fstack-protector " %endif # #%{!?do_profiling:%define do_profiling 0} #%if %do_profiling # # generate feedback # ./config $config_flags # make depend CC="gcc %cflags_profile_generate" # make CC="gcc %cflags_profile_generate" # LD_LIBRARY_PATH=`pwd` make rehash CC="gcc %cflags_profile_generate" # LD_LIBRARY_PATH=`pwd` make test CC="gcc %cflags_profile_generate" # LD_LIBRARY_PATH=`pwd` apps/openssl speed # make clean # # compile with feedback # # but not if it makes a cipher slower: # #find crypto/aes -name '*.da' | xargs -r rm # ./config $config_flags %cflags_profile_feedback # make depend # make # LD_LIBRARY_PATH=`pwd` make rehash # LD_LIBRARY_PATH=`pwd` make test #%else # OpenSSL relies on uname -m (not good). Thus that little sparc line. ./config \ %ifarch sparc64 linux64-sparcv9 \ %endif $config_flags # Record mtime of changes file instead of build time to make build-compare work make PERL=perl -C crypto buildinf.h CHANGES=`stat --format="%y" %SOURCE1` cat crypto/buildinf.h sed -i -e "s|#define DATE .*|#define DATE \"built on: $CHANGES\"|" crypto/buildinf.h cat crypto/buildinf.h make depend make LD_LIBRARY_PATH=`pwd` make rehash # for FIPS mode testing; the same hashes are being created later just before # the wrap-up of the files into the package. # These files are just there for the make test below... crypto/fips/fips_standalone_hmac libcrypto.so.1.0.0 > .libcrypto.so.1.0.0.hmac crypto/fips/fips_standalone_hmac libssl.so.1.0.0 > .libssl.so.1.0.0.hmac export MALLOC_CHECK_=3 export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) LD_LIBRARY_PATH=`pwd` make test FIPSCANLIB="" %ifnarch armv4l LD_LIBRARY_PATH=`pwd` make test %endif #%endif # show settings make TABLE echo $RPM_OPT_FLAGS eval $(egrep PLATFORM='[[:alnum:]]' Makefile) grep -B1 -A22 "^\*\*\* $PLATFORM$" TABLE %install rm -rf $RPM_BUILD_ROOT make MANDIR=%{_mandir} INSTALL_PREFIX=$RPM_BUILD_ROOT install cp -a crypto/fips/fips_standalone_hmac $RPM_BUILD_ROOT/usr/bin/fips_standalone_hmac # cavs tests install -m 0755 -d %{buildroot}%{cavs_dir} cp -a crypto/fips/fips_*{test,vs} %{buildroot}%{cavs_dir} ln -sf ./%{name} $RPM_BUILD_ROOT/%{_includedir}/ssl mkdir $RPM_BUILD_ROOT/%{_datadir}/ssl mv $RPM_BUILD_ROOT/%{ssletcdir}/misc $RPM_BUILD_ROOT/%{_datadir}/ssl/ # ln -s %{ssletcdir}/private $RPM_BUILD_ROOT/%{_datadir}/ssl/private # ln -s %{ssletcdir}/openssl.cnf $RPM_BUILD_ROOT/%{_datadir}/ssl/openssl.cnf # # avoid file conflicts with man pages from other packages # pushd $RPM_BUILD_ROOT/%{_mandir} # some man pages now contain spaces. This makes several scripts go havoc, among them /usr/sbin/Check. # replace spaces by underscores #for i in man?/*\ *; do mv -v "$i" "${i// /_}"; done which readlink &>/dev/null || function readlink { ( set +x; target=$(file $1 2>/dev/null); target=${target//* }; test -f $target && echo $target; ) } for i in man?/*; do if test -L $i ; then LDEST=`readlink $i` rm -f $i ${i}ssl ln -sf ${LDEST}ssl ${i}ssl else mv $i ${i}ssl fi case "$i" in *.1) # these are the pages mentioned in openssl(1). They go into the main package. echo %doc %{_mandir}/${i}ssl.gz >> $OLDPWD/filelist;; *) # the rest goes into the openssl-doc package. echo %doc %{_mandir}/${i}ssl.gz >> $OLDPWD/filelist.doc;; esac done popd # # check wether some shared library has been installed # ls -l $RPM_BUILD_ROOT%{_libdir} test -f $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{num_version} test -f $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{num_version} test -L $RPM_BUILD_ROOT%{_libdir}/libssl.so test -L $RPM_BUILD_ROOT%{_libdir}/libcrypto.so # # see what we've got # cat > showciphers.c <<EOF #include <openssl/err.h> #include <openssl/ssl.h> int main(){ unsigned int i; SSL_CTX *ctx; SSL *ssl; SSL_METHOD *meth; meth = SSLv23_client_method(); SSLeay_add_ssl_algorithms(); ctx = SSL_CTX_new(meth); if (ctx == NULL) return 0; ssl = SSL_new(ctx); if (!ssl) return 0; for (i=0; ; i++) { int j, k; SSL_CIPHER *sc; sc = (meth->get_cipher)(i); if (!sc) break; k = SSL_CIPHER_get_bits(sc, &j); printf("%s\n", sc->name); } return 0; }; EOF gcc $RPM_OPT_FLAGS -I${RPM_BUILD_ROOT}%{_includedir} -c showciphers.c gcc -o showciphers showciphers.o -L${RPM_BUILD_ROOT}%{_libdir} -lssl -lcrypto LD_LIBRARY_PATH=${RPM_BUILD_ROOT}%{_libdir} ./showciphers > AVAILABLE_CIPHERS || true cat AVAILABLE_CIPHERS # Do not install demo scripts executable under /usr/share/doc find demos -type f -perm /111 -exec chmod 644 {} \; # the hmac hashes: # # this is a hack that re-defines the __os_install_post macro # for a simple reason: the macro strips the binaries and thereby # invalidates a HMAC that may have been created earlier. # solution: create the hashes _after_ the macro runs. # # this shows up earlier because otherwise the %%expand of # the macro is too late. # remark: This is the same as running # openssl dgst -sha256 -hmac 'orboDeJITITejsirpADONivirpUkvarP' %{expand:%%global __os_install_post {%__os_install_post $RPM_BUILD_ROOT/usr/bin/fips_standalone_hmac \ $RPM_BUILD_ROOT/%{_lib}/libssl.so.%{num_version} > \ $RPM_BUILD_ROOT/%{_lib}/.libssl.so.%{num_version}.hmac $RPM_BUILD_ROOT/usr/bin/fips_standalone_hmac \ $RPM_BUILD_ROOT/%{_lib}/libcrypto.so.%{num_version} > \ $RPM_BUILD_ROOT/%{_lib}/.libcrypto.so.%{num_version}.hmac }} #process openssllib mkdir $RPM_BUILD_ROOT/%{_lib} mv $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{num_version} $RPM_BUILD_ROOT/%{_lib}/ mv $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{num_version} $RPM_BUILD_ROOT/%{_lib}/ mv $RPM_BUILD_ROOT%{_libdir}/engines $RPM_BUILD_ROOT/%{_lib}/ cd $RPM_BUILD_ROOT%{_libdir}/ ln -sf /%{_lib}/libssl.so.%{num_version} ./libssl.so ln -sf /%{_lib}/libcrypto.so.%{num_version} ./libcrypto.so for engine in 4758cca atalla nuron sureware ubsec cswift chil aep gmp capi; do rm %{buildroot}/%{_lib}/engines/lib$engine.so done %ifnarch %{ix86} x86_64 rm %{buildroot}/%{_lib}/engines/libpadlock.so %endif %clean if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi %post -n libopenssl1_0_0 -p /sbin/ldconfig %postun -n libopenssl1_0_0 -p /sbin/ldconfig %files -n libopenssl1_0_0 %defattr(-, root, root) /%{_lib}/libssl.so.%{num_version} /%{_lib}/libcrypto.so.%{num_version} /%{_lib}/engines %files -n libopenssl1_0_0-hmac %defattr(-, root, root) /%{_lib}/.libssl.so.%{num_version}.hmac /%{_lib}/.libcrypto.so.%{num_version}.hmac %files -n libopenssl-devel %defattr(-, root, root) %{_includedir}/%{name}/ %{_includedir}/ssl %exclude %{_libdir}/libcrypto.a %exclude %{_libdir}/libssl.a %{_libdir}/libssl.so %{_libdir}/libcrypto.so %_libdir/pkgconfig/libcrypto.pc %_libdir/pkgconfig/libssl.pc %_libdir/pkgconfig/openssl.pc %files doc -f filelist.doc %defattr(-, root, root) %doc doc/* demos %doc showciphers.c %files cavs %defattr(-,root,root) %{_libexecdir}/%{name} %files -f filelist %license LICENSE %defattr(-, root, root) %doc CHANGE* INSTAL* AVAILABLE_CIPHERS %doc NEWS README README.SUSE README-FIPS.txt %dir %{ssletcdir} %config (noreplace) %{ssletcdir}/openssl.cnf %attr(700,root,root) %{ssletcdir}/private %dir %{_datadir}/ssl %{_datadir}/ssl/misc %{_bindir}/c_rehash %{_bindir}/fips_standalone_hmac %{_bindir}/%{name} %changelog
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor