Репозитории ALT
| 5.1: | 0.9.8p-alt0.M51.1 |
| 4.1: | 0.9.8d-alt4.M41.2 |
| 4.0: | 0.9.8d-alt4 |
| +updates: | 0.9.8d-alt4 |
Группа :: Система/Основа
Пакет: openssl098
навигация по пакетам
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Name: openssl098
Version: 0.9.8d
Release: alt4.M41.2
Summary: OpenSSL - Secure Sockets Layer and cryptography shared libraries and tools
License: BSD-style
Group: System/Base
Url: http://www.openssl.org
Packager: Dmitry V. Levin <ldv at altlinux.org>
Source: ftp://ftp.openssl.org/source/openssl-%version.tar
Source1: openssl-config
Source2: Makefile.certificate
Source3: make-dummy-cert
Source4: ts-20060923.ChangeLog
Patch1: openssl-0.9.8-cvs-20070919-SSL_get_shared_ciphers.patch
Patch8: http://www.opentsa.org/ts/ts-20060923-0_9_8c.patch
Patch9: http://www.cryptocom.ru/OpenSource/openssl-asymm-0.9.8d-20061110.diff
Patch11: openssl-0.9.7g-owl-alt-issetugid.patch
Patch12: openssl-0.9.7g-alt-config.patch
Patch13: openssl-0.9.7g-owl-warnings.patch
Patch21: openssl-0.9.8d-rh-alt-soversion.patch
Patch22: openssl-0.9.8a-rh-enginesdir.patch
Patch23: openssl-0.9.8a-rh-rpath.patch
Patch24: openssl-0.9.8a-rh-padlock.patch
Patch25: openssl-0.9.7g-rh-mdk-ia64-asm.patch
Patch26: openssl-0.9.7g-rh-version-engines.patch
Patch27: openssl-0.9.8a-rh-reuse-cipher-change.patch
Patch28: openssl-0.9.8b-rh-ipv6-apps.patch
Patch29: openssl-0.9.8b-rh-aliasing.patch
Patch30: openssl-0.9.8b-rh-x509-name-cmp.patch
Patch31: openssl-0.9.8b-rh-x509-add-dir.patch
Patch32: openssl-0.9.8b-rh-test-use-localhost.patch
Patch33: openssl-0.9.8b-rh-cve-2007-3108.patch
Patch34: openssl-0.9.7a-rh-ssl-strict-matching.patch
# Look at:
# http://www.openssl.org/news/vulnerabilities.html
Patch41: openssl-0.9.7d-CVE-2008-5077.patch
Patch42: openssl-fips-0.9.8e-cve-2009-0590.patch
Patch43: openssl-CVE-2009-0789.patch
Patch44: openssl-fips-0.9.8e-dtls-fixes.patch
Patch45: openssl-fips-0.9.8e-dtls-dos.patch
Patch46: openssl-fips-0.9.8e-cve-2009-3555.patch
Patch47: openssl-fips-0.9.8e-cve-2009-3245.patch
Patch48: openssl-alt-2009-4355.patch
Patch49: openssl-fips-0.9.8e-cve-2010-0433.patch
Patch50: openssl-fips-0.9.8e-cve-2010-4180.patch
Patch51: openssl-fips-0.9.8e-cve-2011-4109.patch
Patch52: openssl-fips-0.9.8e-cve-2011-4576.patch
Patch53: openssl-fips-0.9.8e-cve-2011-4619.patch
Patch54: openssl-fips-0.9.8e-cve-2012-0884.patch
Patch55: openssl-fips-0.9.8e-cve-2012-1165.patch
Patch56: openssl-fips-0.9.8e-cve-2012-2110.patch
Patch57: openssl-fips-0.9.8e-cve-2012-2333.patch
%define openssldir /var/lib/ssl
%define old_openssldir %_libdir/ssl
%def_enable compat
%def_without tsa
%def_without asymm
BuildRequires: bc
%package -n libssl6
Summary: OpenSSL shared libraries
Group: System/Libraries
Provides: libssl = %version-%release
Obsoletes: libssl < 0:%version-%release
# due to openssldir migration
Conflicts: openssl < 0:0.9.8d-alt1
%{?_with_tsa:Provides: openssl-tsa = %version-%release}
Requires: ca-certificates
%package -n libssl-devel
Summary: OpenSSL include files and development libraries
Group: Development/C
Provides: %_bindir/openssl-config
Provides: openssl-devel = %version-%release
Obsoletes: openssl-devel
Requires: libssl6 = %version-%release
# due to /usr/bin/openssl-config
Conflicts: openssl < 0:0.9.8d-alt1
# manpage clash: crypto(3).
Conflicts: erlang <= 0:R9C.0-alt2
%{?_with_tsa:Provides: openssl-tsa-devel = %version-%release}
%package -n libssl-devel-static
Summary: OpenSSL static libraries
Group: Development/C
Provides: openssl-devel-static = %version-%release
Obsoletes: openssl-devel-static
Requires: libssl-devel = %version-%release
%{?_with_tsa:Provides: openssl-tsa-devel-static = %version-%release}
%package -n openssl
Summary: OpenSSL tools
Group: System/Base
Provides: %_bindir/openssl-config
Provides: %openssldir
Provides: SSL
Conflicts: SSLeay
# due to /usr/bin/openssl-config
Conflicts: libssl-devel < 0:0.9.8d-alt1
Requires: libssl6 = %version-%release
%if_with tsa
BuildRequires: perl-WWW-Curl
Provides: tsa-server = %version-%release
Provides: tsa-client = %version-%release
Requires: libssl-tsa = %version-%release
%endif
%package -n openssl-doc
Summary: OpenSSL documentation and demos
Group: Development/C
Requires: openssl = %version-%release
%package -n openssl-engines
Summary: OpenSSL ENGINE interface modules
Group: System/Libraries
Requires: libssl6 = %version-%release
%package -n tsget
Summary: Time Stamping HTTP/HTTPS client
Group: Security/Networking
Requires: libssl-tsa = %version-%release
%description
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, fully featured, and Open Source toolkit implementing the
Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
protocols with full-strength cryptography world-wide. The project is
managed by a worldwide community of volunteers that use the Internet to
communicate, plan, and develop the OpenSSL tookit and its related
documentation.
OpenSSL is based on the excellent SSLeay library developed from Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style licence, which basically means that you are free to get and
use it for commercial and non-commercial purposes.
%description -n libssl6
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, fully featured, and Open Source toolkit implementing the
Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
protocols with full-strength cryptography world-wide. The project is
managed by a worldwide community of volunteers that use the Internet to
communicate, plan, and develop the OpenSSL tookit and its related
documentation.
OpenSSL is based on the excellent SSLeay library developed from Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style licence, which basically means that you are free to get and
use it for commercial and non-commercial purposes.
This package contains the OpenSSL shared libraries.
%description -n libssl-devel
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, fully featured, and Open Source toolkit implementing the
Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
protocols with full-strength cryptography world-wide. The project is
managed by a worldwide community of volunteers that use the Internet to
communicate, plan, and develop the OpenSSL tookit and its related
documentation.
OpenSSL is based on the excellent SSLeay library developed from Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style licence, which basically means that you are free to get and
use it for commercial and non-commercial purposes.
This package contains the OpenSSL cryptography and SSL/TLS
include files and development libraries required when building
OpenSSL-based applications.
%description -n libssl-devel-static
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, fully featured, and Open Source toolkit implementing the
Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
protocols with full-strength cryptography world-wide. The project is
managed by a worldwide community of volunteers that use the Internet to
communicate, plan, and develop the OpenSSL tookit and its related
documentation.
OpenSSL is based on the excellent SSLeay library developed from Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style licence, which basically means that you are free to get and
use it for commercial and non-commercial purposes.
This package contains the OpenSSL cryptography and SSL/TLS
static libraries required when developing OpenSSL-based statically
linked applications.
%description -n openssl
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, fully featured, and Open Source toolkit implementing the
Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
protocols with full-strength cryptography world-wide. The project is
managed by a worldwide community of volunteers that use the Internet to
communicate, plan, and develop the OpenSSL tookit and its related
documentation.
OpenSSL is based on the excellent SSLeay library developed from Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style licence, which basically means that you are free to get and
use it for commercial and non-commercial purposes.
This package contains the base OpenSSL cryptography and SSL/TLS tools.
%description -n openssl-doc
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, fully featured, and Open Source toolkit implementing the
Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
protocols with full-strength cryptography world-wide. The project is
managed by a worldwide community of volunteers that use the Internet to
communicate, plan, and develop the OpenSSL tookit and its related
documentation.
OpenSSL is based on the excellent SSLeay library developed from Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style licence, which basically means that you are free to get and
use it for commercial and non-commercial purposes.
This package contains the OpenSSL cryptography and SSL/TLS extra
documentation and demos required when developing applications.
%description -n openssl-engines
With OpenSSL 0.9.6, a new component was added to support alternative
cryptography implementations, most commonly for interfacing with external
crypto devices (eg. accelerator cards). This component is called ENGINE,
and its presence in OpenSSL 0.9.6 (and subsequent bug-fix releases) caused
a little confusion as 0.9.6** releases were rolled in two versions,
a "standard" and an "engine" version. In development for 0.9.7, the
ENGINE code has been merged into the main branch and will be present in
the standard releases from 0.9.7 forwards.
There are currently built-in ENGINE implementations for the following
crypto devices:
o CryptoSwift
o Compaq Atalla
o nCipher CHIL
o Nuron
o Broadcom uBSec
In addition, dynamic binding to external ENGINE implementations is now
provided by a special ENGINE called "dynamic".
%description -n tsget
The tsget command can be used for sending a time stamp request, as
specified in RFC 3161, to a time stamp server over HTTP or HTTPS and
storing the time stamp response in a file. This tool cannot be used for
creating the requests and verifying responses, you can use the OpenSSL
ts(1) command to do that. tsget can send several requests to the server
without closing the TCP connection if more than one requests are specified
on the command line.
%prep
%setup -q -n openssl-%version
%patch1 -p1
%{?_with_tsa:%patch8 -p1}
%{?_with_asymm:%patch9 -p0}
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch21 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p1
%patch26 -p1
%patch27 -p1
%patch28 -p1
%patch29 -p1
%patch30 -p1
%patch31 -p1
%patch32 -p1
%patch33 -p1
%patch34 -p1
%patch41 -p1
%patch42 -p1
%patch43 -p1
%patch44 -p1
%patch45 -p1
%patch46 -p1
%patch47 -p1
%patch48 -p1
%patch49 -p1
%patch50 -p1
%patch51 -p1
%patch52 -p1
%patch53 -p1
%patch54 -p1
%patch55 -p1
%patch56 -p1
%patch57 -p1
find -type f -name \*.orig -delete
# Correct shared library name.
%__subst 's/\\\$(SHLIB_MAJOR)\.\\\$(SHLIB_MINOR)/\\$(VERSION)/g' Configure
%__subst 's/\${SHLIB_MAJOR}\.\${SHLIB_MINOR}/\${VERSION}/g' Makefile.org
# Correct compilation options.
%add_optflags -fno-strict-aliasing -Wa,--noexecstack
%__subst 's/-O\([0-9s]\>\)\?\( -fomit-frame-pointer\)\?\( -m.86\)\?/\\\$(RPM_OPT_FLAGS)/' \
Configure
# Save timestamp during copy.
find -type f -name Makefile\* -print0 |
xargs -r0 grep -FZl 'cp $$' -- |
xargs -r0 %__subst -p 's/cp \$\$/cp -pv $$/g' --
# Fix libdir.
find -type f -name Makefile\* -print0 |
xargs -r0 grep -Zl '/lib\>' -- |
xargs -r0 %__subst -p 's,/lib\>\([^$]\|$\),/\${SLIB}\1,g' --
# Be more verbose.
%__subst -p 's/^\([[:space:]]\+\) at /\1/' Makefile*
%build
ADD_ARGS=%_os-%_arch
%ifarch %ix86
ADD_ARGS=linux-elf
%ifarch i386
ADD_ARGS="$ADD_ARGS 386"
%endif
%endif
./Configure shared -DSSL_ALLOW_ADH --prefix=%prefix \
--openssldir=%openssldir \
--enginesdir=%_libdir/openssl/engines \
$ADD_ARGS
# SMP-incompatible build.
%__make SLIB=%_lib SHLIB_SOVERSION=6
# Make soname symlinks.
/sbin/ldconfig -nv .
# Save library timestamps for later check.
touch -r libcrypto.so.%version libcrypto-stamp
touch -r libssl.so.%version libssl-stamp
LD_LIBRARY_PATH=`pwd` %__make rehash
LD_LIBRARY_PATH=`pwd` %__make test
%install
# The make_install macro doesn't work here.
%__make install \
SLIB=%_lib \
INSTALL_PREFIX=%buildroot \
MANDIR=%_mandir
# Fail if one of shared libraries was rebuit.
if [ libcrypto.so.%version -nt libcrypto-stamp -o \
libssl.so.%version -nt libssl-stamp ]; then
echo 'Shared library was rebuilt by "make install".'
exit 1
fi
# Fail if the openssl binary is statically linked against OpenSSL at this
# stage (which could happen if "make install" caused anything to rebuild).
LD_LIBRARY_PATH=`pwd` ldd %buildroot%_bindir/openssl |tee openssl.libs
grep -qw libssl openssl.libs
grep -qw libcrypto openssl.libs
# Install openssl-config script.
install -pDm755 %_sourcedir/openssl-config %buildroot%_bindir/openssl-config
%__subst -p 's,%%version,%version,g;s,%%openssldir,%openssldir,g' \
%buildroot%_bindir/openssl-config
# Relocate shared libraries from %_libdir/ to /lib/.
mkdir -p %buildroot{/%_lib,%_libdir/openssl,%_sbindir}
for f in %buildroot%_libdir/*.so; do
t=`objdump -p "$f" |awk '/SONAME/ {print $2}'`
[ -n "$t" ]
ln -snf ../../%_lib/"$t" "$f"
done
mv %buildroot%_libdir/*.so.* %buildroot/%_lib/
mv %buildroot%_libdir/engines %buildroot/%_libdir/openssl/
# Relocate openssl.cnf from %%openssldir/ to %_sysconfdir/openssl/.
mkdir -p %buildroot%_sysconfdir/openssl
mv %buildroot%openssldir/openssl.cnf %buildroot%_sysconfdir/openssl/
ln -s `relative %_sysconfdir/openssl/openssl.cnf %openssldir/openssl.cnf` %buildroot%openssldir/
# Rename some man pages, fix references.
for f in passwd.1 err.3 rand.3 threads.3 config.5; do
name="${f%%.*}"
sect="${f##*.}"
NAME=`printf %%s "$name" |tr '[:lower:]' '[:upper:]'`
%__subst "s/\\<$NAME $sect\\>/SSL&/" %buildroot%_mandir/man"$sect/$f"
mv -v %buildroot%_mandir/man"$sect"/{,ssl}"$f"
find %buildroot%_mandir -type f -print0 |
xargs -r0 grep -FZl "\\fI$name\\fR\\|($sect)" -- |
xargs -r0 %__subst -p "s/\\\\fI$name\\\\fR\\\\|($sect)/\\\\fIssl$name\\\\fR\\\\|($sect)/" --
find %buildroot%_mandir -type l |while read link; do
[ "$(readlink -n "$link")" = "$f" ] || continue
ln -sfv "ssl$f" "$link"
done
done
ln -s sslconfig.5 %buildroot%_mandir/man5/openssl.cnf.5
# Make backwards-compatibility symlink to ssleay.
ln -snf openssl %buildroot%_bindir/ssleay
# Install a makefile for generating keys and self-signed certs,
# and a script for generating them on the fly.
install -pDm644 %_sourcedir/Makefile.certificate \
%buildroot%openssldir/certs/Makefile
install -pDm644 %_sourcedir/make-dummy-cert \
%buildroot%openssldir/certs/make-dummy-cert
# Install standard root certificates.
ln -s ../../..%_datadir/ca-certificates/ca-bundle.crt \
%buildroot%openssldir/cert.pem
mv %buildroot%openssldir/misc/CA{.sh,}
rm %buildroot%openssldir/misc/CA.pl
%define docdir %_docdir/openssl-%version
mkdir -p %buildroot%docdir
%if_with tsa
mv %buildroot%openssldir/misc/tsget %buildroot%_sbindir/
install -pm644 %_sourcedir/ts-20060923.ChangeLog %buildroot%docdir/TSA-Changelog
%endif #with tsa
install -pm644 CHANGES* LICENSE NEWS README* %buildroot%docdir/
bzip2 -9 %buildroot%docdir/CHANGES*
cp -a demos doc %buildroot%docdir/
rm -rf %buildroot%docdir/doc/{apps,crypto,ssl}
%post -n libssl6 -p %post_ldconfig_sys
%postun -n libssl6 -p %postun_ldconfig
%if_enabled compat
%pre -n openssl
[ $1 -gt 1 ] || exit 0
if [ ! -e %_sysconfdir/openssl -a ! -L %_sysconfdir/openssl -a -e %old_openssldir/openssl.cnf ]; then
%__mkdir_p %_sysconfdir/openssl &&
%__cp -a %old_openssldir/openssl.cnf %_sysconfdir/openssl/
fi
if [ ! -e %openssldir -a ! -L %openssldir -a -d %old_openssldir ]; then
%__cp -a %old_openssldir %openssldir
fi
%endif #compat
%files -n libssl6
/%_lib/*
%config(noreplace) %_sysconfdir/openssl
%dir %openssldir
%openssldir/*.cnf
%openssldir/*.pem
%dir %docdir
%docdir/[A-Z]*
%files -n libssl-devel
%_bindir/openssl-config
%_libdir/*.so
%_libdir/pkgconfig/*
%_includedir/*
%files -n libssl-devel-static
%_libdir/*.a
%files -n openssl
%_bindir/*
%dir %openssldir
%openssldir/misc
%openssldir/certs
%dir %attr(700,root,root) %openssldir/private
%_mandir/man[157]/*
%if_with tsa
%exclude %_man1dir/tsget.*
%endif
%files -n openssl-doc
%dir %docdir
%docdir/[a-z]*
%_man3dir/*
%files -n openssl-engines
%_libdir/openssl
%if_with tsa
%files -n tsget
%_sbindir/tsget
%_man1dir/tsget.*
%endif
%changelog
…
Полный changelog можно просмотреть здесь
Version: 0.9.8d
Release: alt4.M41.2
Summary: OpenSSL - Secure Sockets Layer and cryptography shared libraries and tools
License: BSD-style
Group: System/Base
Url: http://www.openssl.org
Packager: Dmitry V. Levin <ldv at altlinux.org>
Source: ftp://ftp.openssl.org/source/openssl-%version.tar
Source1: openssl-config
Source2: Makefile.certificate
Source3: make-dummy-cert
Source4: ts-20060923.ChangeLog
Patch1: openssl-0.9.8-cvs-20070919-SSL_get_shared_ciphers.patch
Patch8: http://www.opentsa.org/ts/ts-20060923-0_9_8c.patch
Patch9: http://www.cryptocom.ru/OpenSource/openssl-asymm-0.9.8d-20061110.diff
Patch11: openssl-0.9.7g-owl-alt-issetugid.patch
Patch12: openssl-0.9.7g-alt-config.patch
Patch13: openssl-0.9.7g-owl-warnings.patch
Patch21: openssl-0.9.8d-rh-alt-soversion.patch
Patch22: openssl-0.9.8a-rh-enginesdir.patch
Patch23: openssl-0.9.8a-rh-rpath.patch
Patch24: openssl-0.9.8a-rh-padlock.patch
Patch25: openssl-0.9.7g-rh-mdk-ia64-asm.patch
Patch26: openssl-0.9.7g-rh-version-engines.patch
Patch27: openssl-0.9.8a-rh-reuse-cipher-change.patch
Patch28: openssl-0.9.8b-rh-ipv6-apps.patch
Patch29: openssl-0.9.8b-rh-aliasing.patch
Patch30: openssl-0.9.8b-rh-x509-name-cmp.patch
Patch31: openssl-0.9.8b-rh-x509-add-dir.patch
Patch32: openssl-0.9.8b-rh-test-use-localhost.patch
Patch33: openssl-0.9.8b-rh-cve-2007-3108.patch
Patch34: openssl-0.9.7a-rh-ssl-strict-matching.patch
# Look at:
# http://www.openssl.org/news/vulnerabilities.html
Patch41: openssl-0.9.7d-CVE-2008-5077.patch
Patch42: openssl-fips-0.9.8e-cve-2009-0590.patch
Patch43: openssl-CVE-2009-0789.patch
Patch44: openssl-fips-0.9.8e-dtls-fixes.patch
Patch45: openssl-fips-0.9.8e-dtls-dos.patch
Patch46: openssl-fips-0.9.8e-cve-2009-3555.patch
Patch47: openssl-fips-0.9.8e-cve-2009-3245.patch
Patch48: openssl-alt-2009-4355.patch
Patch49: openssl-fips-0.9.8e-cve-2010-0433.patch
Patch50: openssl-fips-0.9.8e-cve-2010-4180.patch
Patch51: openssl-fips-0.9.8e-cve-2011-4109.patch
Patch52: openssl-fips-0.9.8e-cve-2011-4576.patch
Patch53: openssl-fips-0.9.8e-cve-2011-4619.patch
Patch54: openssl-fips-0.9.8e-cve-2012-0884.patch
Patch55: openssl-fips-0.9.8e-cve-2012-1165.patch
Patch56: openssl-fips-0.9.8e-cve-2012-2110.patch
Patch57: openssl-fips-0.9.8e-cve-2012-2333.patch
%define openssldir /var/lib/ssl
%define old_openssldir %_libdir/ssl
%def_enable compat
%def_without tsa
%def_without asymm
BuildRequires: bc
%package -n libssl6
Summary: OpenSSL shared libraries
Group: System/Libraries
Provides: libssl = %version-%release
Obsoletes: libssl < 0:%version-%release
# due to openssldir migration
Conflicts: openssl < 0:0.9.8d-alt1
%{?_with_tsa:Provides: openssl-tsa = %version-%release}
Requires: ca-certificates
%package -n libssl-devel
Summary: OpenSSL include files and development libraries
Group: Development/C
Provides: %_bindir/openssl-config
Provides: openssl-devel = %version-%release
Obsoletes: openssl-devel
Requires: libssl6 = %version-%release
# due to /usr/bin/openssl-config
Conflicts: openssl < 0:0.9.8d-alt1
# manpage clash: crypto(3).
Conflicts: erlang <= 0:R9C.0-alt2
%{?_with_tsa:Provides: openssl-tsa-devel = %version-%release}
%package -n libssl-devel-static
Summary: OpenSSL static libraries
Group: Development/C
Provides: openssl-devel-static = %version-%release
Obsoletes: openssl-devel-static
Requires: libssl-devel = %version-%release
%{?_with_tsa:Provides: openssl-tsa-devel-static = %version-%release}
%package -n openssl
Summary: OpenSSL tools
Group: System/Base
Provides: %_bindir/openssl-config
Provides: %openssldir
Provides: SSL
Conflicts: SSLeay
# due to /usr/bin/openssl-config
Conflicts: libssl-devel < 0:0.9.8d-alt1
Requires: libssl6 = %version-%release
%if_with tsa
BuildRequires: perl-WWW-Curl
Provides: tsa-server = %version-%release
Provides: tsa-client = %version-%release
Requires: libssl-tsa = %version-%release
%endif
%package -n openssl-doc
Summary: OpenSSL documentation and demos
Group: Development/C
Requires: openssl = %version-%release
%package -n openssl-engines
Summary: OpenSSL ENGINE interface modules
Group: System/Libraries
Requires: libssl6 = %version-%release
%package -n tsget
Summary: Time Stamping HTTP/HTTPS client
Group: Security/Networking
Requires: libssl-tsa = %version-%release
%description
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, fully featured, and Open Source toolkit implementing the
Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
protocols with full-strength cryptography world-wide. The project is
managed by a worldwide community of volunteers that use the Internet to
communicate, plan, and develop the OpenSSL tookit and its related
documentation.
OpenSSL is based on the excellent SSLeay library developed from Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style licence, which basically means that you are free to get and
use it for commercial and non-commercial purposes.
%description -n libssl6
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, fully featured, and Open Source toolkit implementing the
Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
protocols with full-strength cryptography world-wide. The project is
managed by a worldwide community of volunteers that use the Internet to
communicate, plan, and develop the OpenSSL tookit and its related
documentation.
OpenSSL is based on the excellent SSLeay library developed from Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style licence, which basically means that you are free to get and
use it for commercial and non-commercial purposes.
This package contains the OpenSSL shared libraries.
%description -n libssl-devel
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, fully featured, and Open Source toolkit implementing the
Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
protocols with full-strength cryptography world-wide. The project is
managed by a worldwide community of volunteers that use the Internet to
communicate, plan, and develop the OpenSSL tookit and its related
documentation.
OpenSSL is based on the excellent SSLeay library developed from Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style licence, which basically means that you are free to get and
use it for commercial and non-commercial purposes.
This package contains the OpenSSL cryptography and SSL/TLS
include files and development libraries required when building
OpenSSL-based applications.
%description -n libssl-devel-static
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, fully featured, and Open Source toolkit implementing the
Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
protocols with full-strength cryptography world-wide. The project is
managed by a worldwide community of volunteers that use the Internet to
communicate, plan, and develop the OpenSSL tookit and its related
documentation.
OpenSSL is based on the excellent SSLeay library developed from Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style licence, which basically means that you are free to get and
use it for commercial and non-commercial purposes.
This package contains the OpenSSL cryptography and SSL/TLS
static libraries required when developing OpenSSL-based statically
linked applications.
%description -n openssl
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, fully featured, and Open Source toolkit implementing the
Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
protocols with full-strength cryptography world-wide. The project is
managed by a worldwide community of volunteers that use the Internet to
communicate, plan, and develop the OpenSSL tookit and its related
documentation.
OpenSSL is based on the excellent SSLeay library developed from Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style licence, which basically means that you are free to get and
use it for commercial and non-commercial purposes.
This package contains the base OpenSSL cryptography and SSL/TLS tools.
%description -n openssl-doc
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, fully featured, and Open Source toolkit implementing the
Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
protocols with full-strength cryptography world-wide. The project is
managed by a worldwide community of volunteers that use the Internet to
communicate, plan, and develop the OpenSSL tookit and its related
documentation.
OpenSSL is based on the excellent SSLeay library developed from Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style licence, which basically means that you are free to get and
use it for commercial and non-commercial purposes.
This package contains the OpenSSL cryptography and SSL/TLS extra
documentation and demos required when developing applications.
%description -n openssl-engines
With OpenSSL 0.9.6, a new component was added to support alternative
cryptography implementations, most commonly for interfacing with external
crypto devices (eg. accelerator cards). This component is called ENGINE,
and its presence in OpenSSL 0.9.6 (and subsequent bug-fix releases) caused
a little confusion as 0.9.6** releases were rolled in two versions,
a "standard" and an "engine" version. In development for 0.9.7, the
ENGINE code has been merged into the main branch and will be present in
the standard releases from 0.9.7 forwards.
There are currently built-in ENGINE implementations for the following
crypto devices:
o CryptoSwift
o Compaq Atalla
o nCipher CHIL
o Nuron
o Broadcom uBSec
In addition, dynamic binding to external ENGINE implementations is now
provided by a special ENGINE called "dynamic".
%description -n tsget
The tsget command can be used for sending a time stamp request, as
specified in RFC 3161, to a time stamp server over HTTP or HTTPS and
storing the time stamp response in a file. This tool cannot be used for
creating the requests and verifying responses, you can use the OpenSSL
ts(1) command to do that. tsget can send several requests to the server
without closing the TCP connection if more than one requests are specified
on the command line.
%prep
%setup -q -n openssl-%version
%patch1 -p1
%{?_with_tsa:%patch8 -p1}
%{?_with_asymm:%patch9 -p0}
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch21 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p1
%patch26 -p1
%patch27 -p1
%patch28 -p1
%patch29 -p1
%patch30 -p1
%patch31 -p1
%patch32 -p1
%patch33 -p1
%patch34 -p1
%patch41 -p1
%patch42 -p1
%patch43 -p1
%patch44 -p1
%patch45 -p1
%patch46 -p1
%patch47 -p1
%patch48 -p1
%patch49 -p1
%patch50 -p1
%patch51 -p1
%patch52 -p1
%patch53 -p1
%patch54 -p1
%patch55 -p1
%patch56 -p1
%patch57 -p1
find -type f -name \*.orig -delete
# Correct shared library name.
%__subst 's/\\\$(SHLIB_MAJOR)\.\\\$(SHLIB_MINOR)/\\$(VERSION)/g' Configure
%__subst 's/\${SHLIB_MAJOR}\.\${SHLIB_MINOR}/\${VERSION}/g' Makefile.org
# Correct compilation options.
%add_optflags -fno-strict-aliasing -Wa,--noexecstack
%__subst 's/-O\([0-9s]\>\)\?\( -fomit-frame-pointer\)\?\( -m.86\)\?/\\\$(RPM_OPT_FLAGS)/' \
Configure
# Save timestamp during copy.
find -type f -name Makefile\* -print0 |
xargs -r0 grep -FZl 'cp $$' -- |
xargs -r0 %__subst -p 's/cp \$\$/cp -pv $$/g' --
# Fix libdir.
find -type f -name Makefile\* -print0 |
xargs -r0 grep -Zl '/lib\>' -- |
xargs -r0 %__subst -p 's,/lib\>\([^$]\|$\),/\${SLIB}\1,g' --
# Be more verbose.
%__subst -p 's/^\([[:space:]]\+\) at /\1/' Makefile*
%build
ADD_ARGS=%_os-%_arch
%ifarch %ix86
ADD_ARGS=linux-elf
%ifarch i386
ADD_ARGS="$ADD_ARGS 386"
%endif
%endif
./Configure shared -DSSL_ALLOW_ADH --prefix=%prefix \
--openssldir=%openssldir \
--enginesdir=%_libdir/openssl/engines \
$ADD_ARGS
# SMP-incompatible build.
%__make SLIB=%_lib SHLIB_SOVERSION=6
# Make soname symlinks.
/sbin/ldconfig -nv .
# Save library timestamps for later check.
touch -r libcrypto.so.%version libcrypto-stamp
touch -r libssl.so.%version libssl-stamp
LD_LIBRARY_PATH=`pwd` %__make rehash
LD_LIBRARY_PATH=`pwd` %__make test
%install
# The make_install macro doesn't work here.
%__make install \
SLIB=%_lib \
INSTALL_PREFIX=%buildroot \
MANDIR=%_mandir
# Fail if one of shared libraries was rebuit.
if [ libcrypto.so.%version -nt libcrypto-stamp -o \
libssl.so.%version -nt libssl-stamp ]; then
echo 'Shared library was rebuilt by "make install".'
exit 1
fi
# Fail if the openssl binary is statically linked against OpenSSL at this
# stage (which could happen if "make install" caused anything to rebuild).
LD_LIBRARY_PATH=`pwd` ldd %buildroot%_bindir/openssl |tee openssl.libs
grep -qw libssl openssl.libs
grep -qw libcrypto openssl.libs
# Install openssl-config script.
install -pDm755 %_sourcedir/openssl-config %buildroot%_bindir/openssl-config
%__subst -p 's,%%version,%version,g;s,%%openssldir,%openssldir,g' \
%buildroot%_bindir/openssl-config
# Relocate shared libraries from %_libdir/ to /lib/.
mkdir -p %buildroot{/%_lib,%_libdir/openssl,%_sbindir}
for f in %buildroot%_libdir/*.so; do
t=`objdump -p "$f" |awk '/SONAME/ {print $2}'`
[ -n "$t" ]
ln -snf ../../%_lib/"$t" "$f"
done
mv %buildroot%_libdir/*.so.* %buildroot/%_lib/
mv %buildroot%_libdir/engines %buildroot/%_libdir/openssl/
# Relocate openssl.cnf from %%openssldir/ to %_sysconfdir/openssl/.
mkdir -p %buildroot%_sysconfdir/openssl
mv %buildroot%openssldir/openssl.cnf %buildroot%_sysconfdir/openssl/
ln -s `relative %_sysconfdir/openssl/openssl.cnf %openssldir/openssl.cnf` %buildroot%openssldir/
# Rename some man pages, fix references.
for f in passwd.1 err.3 rand.3 threads.3 config.5; do
name="${f%%.*}"
sect="${f##*.}"
NAME=`printf %%s "$name" |tr '[:lower:]' '[:upper:]'`
%__subst "s/\\<$NAME $sect\\>/SSL&/" %buildroot%_mandir/man"$sect/$f"
mv -v %buildroot%_mandir/man"$sect"/{,ssl}"$f"
find %buildroot%_mandir -type f -print0 |
xargs -r0 grep -FZl "\\fI$name\\fR\\|($sect)" -- |
xargs -r0 %__subst -p "s/\\\\fI$name\\\\fR\\\\|($sect)/\\\\fIssl$name\\\\fR\\\\|($sect)/" --
find %buildroot%_mandir -type l |while read link; do
[ "$(readlink -n "$link")" = "$f" ] || continue
ln -sfv "ssl$f" "$link"
done
done
ln -s sslconfig.5 %buildroot%_mandir/man5/openssl.cnf.5
# Make backwards-compatibility symlink to ssleay.
ln -snf openssl %buildroot%_bindir/ssleay
# Install a makefile for generating keys and self-signed certs,
# and a script for generating them on the fly.
install -pDm644 %_sourcedir/Makefile.certificate \
%buildroot%openssldir/certs/Makefile
install -pDm644 %_sourcedir/make-dummy-cert \
%buildroot%openssldir/certs/make-dummy-cert
# Install standard root certificates.
ln -s ../../..%_datadir/ca-certificates/ca-bundle.crt \
%buildroot%openssldir/cert.pem
mv %buildroot%openssldir/misc/CA{.sh,}
rm %buildroot%openssldir/misc/CA.pl
%define docdir %_docdir/openssl-%version
mkdir -p %buildroot%docdir
%if_with tsa
mv %buildroot%openssldir/misc/tsget %buildroot%_sbindir/
install -pm644 %_sourcedir/ts-20060923.ChangeLog %buildroot%docdir/TSA-Changelog
%endif #with tsa
install -pm644 CHANGES* LICENSE NEWS README* %buildroot%docdir/
bzip2 -9 %buildroot%docdir/CHANGES*
cp -a demos doc %buildroot%docdir/
rm -rf %buildroot%docdir/doc/{apps,crypto,ssl}
%post -n libssl6 -p %post_ldconfig_sys
%postun -n libssl6 -p %postun_ldconfig
%if_enabled compat
%pre -n openssl
[ $1 -gt 1 ] || exit 0
if [ ! -e %_sysconfdir/openssl -a ! -L %_sysconfdir/openssl -a -e %old_openssldir/openssl.cnf ]; then
%__mkdir_p %_sysconfdir/openssl &&
%__cp -a %old_openssldir/openssl.cnf %_sysconfdir/openssl/
fi
if [ ! -e %openssldir -a ! -L %openssldir -a -d %old_openssldir ]; then
%__cp -a %old_openssldir %openssldir
fi
%endif #compat
%files -n libssl6
/%_lib/*
%config(noreplace) %_sysconfdir/openssl
%dir %openssldir
%openssldir/*.cnf
%openssldir/*.pem
%dir %docdir
%docdir/[A-Z]*
%files -n libssl-devel
%_bindir/openssl-config
%_libdir/*.so
%_libdir/pkgconfig/*
%_includedir/*
%files -n libssl-devel-static
%_libdir/*.a
%files -n openssl
%_bindir/*
%dir %openssldir
%openssldir/misc
%openssldir/certs
%dir %attr(700,root,root) %openssldir/private
%_mandir/man[157]/*
%if_with tsa
%exclude %_man1dir/tsget.*
%endif
%files -n openssl-doc
%dir %docdir
%docdir/[a-z]*
%_man3dir/*
%files -n openssl-engines
%_libdir/openssl
%if_with tsa
%files -n tsget
%_sbindir/tsget
%_man1dir/tsget.*
%endif
%changelog
…
Полный changelog можно просмотреть здесь