From 3591a331152393977000ef3d734e3f1301ecaacf Mon Sep 17 00:00:00 2001 From: Andrey Bondrov Date: Tue, 27 Sep 2016 03:25:32 +1000 Subject: [PATCH] New version 1.1.0b New library major 1.1 Adjust patchset to match new version Update files --- .abf.yml | 4 +- openssl-0.9.8a-no-rpath.patch | 11 --- openssl-1.0.2-add-engines.patch | 45 --------- openssl-1.0.2-enginesdir.patch | 50 ---------- openssl-1.0.2-test-use-localhost.patch | 20 ---- openssl-1.1.0-no-rpath.patch | 12 +++ openssl-1.1.0-version-add-engines.patch | 38 +++++++ openssl.spec | 125 ++++++++---------------- 8 files changed, 95 insertions(+), 210 deletions(-) delete mode 100644 openssl-0.9.8a-no-rpath.patch delete mode 100644 openssl-1.0.2-add-engines.patch delete mode 100644 openssl-1.0.2-enginesdir.patch delete mode 100644 openssl-1.0.2-test-use-localhost.patch create mode 100644 openssl-1.1.0-no-rpath.patch create mode 100644 openssl-1.1.0-version-add-engines.patch diff --git a/.abf.yml b/.abf.yml index d901012..84ccca0 100644 --- a/.abf.yml +++ b/.abf.yml @@ -1,3 +1,3 @@ sources: - openssl-1.0.2h.tar.gz: 577585f5f5d299c44dd3c993d3c0ac7a219e4949 - openssl-1.0.2h.tar.gz.asc: d4d40be7aab859c7d705eb28f9b473d700871ab4 + openssl-1.1.0b.tar.gz: cbf391d0d68a9f144c24c5c3c5028c07fa00264c + openssl-1.1.0b.tar.gz.asc: f18b8e7c7abdc103c06ccab61298e4149cd12160 diff --git a/openssl-0.9.8a-no-rpath.patch b/openssl-0.9.8a-no-rpath.patch deleted file mode 100644 index 8f8fb91..0000000 --- a/openssl-0.9.8a-no-rpath.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- openssl-0.9.8a/Makefile.shared.no-rpath 2005-06-23 22:47:54.000000000 +0200 -+++ openssl-0.9.8a/Makefile.shared 2005-11-16 22:35:37.000000000 +0100 -@@ -153,7 +153,7 @@ - NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" - --DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)" -+DO_GNU_APP=LDFLAGS="$(CFLAGS)" - - #This is rather special. It's a special target with which one can link - #applications without bothering with any features that have anything to diff --git a/openssl-1.0.2-add-engines.patch b/openssl-1.0.2-add-engines.patch deleted file mode 100644 index d70d17d..0000000 --- a/openssl-1.0.2-add-engines.patch +++ /dev/null @@ -1,45 +0,0 @@ ---- openssl-1.0.2/apps/version.c.version-add-engines 2015-01-25 13:46:17.556753160 +0100 -+++ openssl-1.0.2/apps/version.c 2015-01-25 13:55:16.310634385 +0100 -@@ -131,6 +131,7 @@ - #ifndef OPENSSL_NO_BF - # include - #endif -+#include - - #undef PROG - #define PROG version_main -@@ -140,7 +141,7 @@ int MAIN(int, char **); - int MAIN(int argc, char **argv) - { - int i, ret = 0; -- int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0; -+ int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0, engines = 0; - - apps_startup(); - -@@ -164,7 +165,7 @@ int MAIN(int argc, char **argv) - else if (strcmp(argv[i], "-d") == 0) - dir = 1; - else if (strcmp(argv[i], "-a") == 0) -- date = version = cflags = options = platform = dir = 1; -+ date = version = cflags = options = platform = dir = engines = 1; - else { - BIO_printf(bio_err, "usage:version -[avbofpd]\n"); - ret = 1; -@@ -208,6 +209,16 @@ int MAIN(int argc, char **argv) - printf("%s\n", SSLeay_version(SSLEAY_CFLAGS)); - if (dir) - printf("%s\n", SSLeay_version(SSLEAY_DIR)); -+ if (engines) { -+ ENGINE *e; -+ printf("engines: "); -+ e = ENGINE_get_first(); -+ while(e) { -+ printf("%s ", ENGINE_get_id(e)); -+ e = ENGINE_get_next(e); -+ } -+ printf("\n"); -+ } - end: - apps_shutdown(); - OPENSSL_EXIT(ret); diff --git a/openssl-1.0.2-enginesdir.patch b/openssl-1.0.2-enginesdir.patch deleted file mode 100644 index a87df5b..0000000 --- a/openssl-1.0.2-enginesdir.patch +++ /dev/null @@ -1,50 +0,0 @@ ---- openssl-1.0.2/Configure.engines 2015-01-25 13:56:48.037706400 +0100 -+++ openssl-1.0.2/Configure 2015-01-25 13:56:48.038706401 +0100 -@@ -710,6 +710,7 @@ my $idx_multilib = $idx++; - my $prefix=""; - my $libdir=""; - my $openssldir=""; -+my $enginesdir=""; - my $exe_ext=""; - my $install_prefix= "$ENV{'INSTALL_PREFIX'}"; - my $cross_compile_prefix=""; -@@ -937,6 +938,10 @@ PROCESS_ARGS: - { - $openssldir=$1; - } -+ elsif (/^--enginesdir=(.*)$/) -+ { -+ $enginesdir=$1; -+ } - elsif (/^--install.prefix=(.*)$/) - { - $install_prefix=$1; -@@ -1193,7 +1198,7 @@ chop $prefix if $prefix =~ /.\/$/; - - $openssldir=$prefix . "/ssl" if $openssldir eq ""; - $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/; -- -+$enginesdir="$prefix/lib/engines" if $enginesdir eq ""; - - print "IsMK1MF=$IsMK1MF\n"; - -@@ -1879,7 +1884,7 @@ while () - } - elsif (/^#define\s+ENGINESDIR/) - { -- my $foo = "$prefix/$libdir/engines"; -+ my $foo = "$enginesdir"; - $foo =~ s/\\/\\\\/g; - print OUT "#define ENGINESDIR \"$foo\"\n"; - } ---- openssl-1.0.2/engines/Makefile.engines 2015-01-25 13:56:48.039706402 +0100 -+++ openssl-1.0.2/engines/Makefile 2015-01-25 13:57:23.706518032 +0100 -@@ -124,7 +124,7 @@ install: - esac; \ - cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ - fi; \ -- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ -+ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ - done; \ - fi diff --git a/openssl-1.0.2-test-use-localhost.patch b/openssl-1.0.2-test-use-localhost.patch deleted file mode 100644 index ed22009..0000000 --- a/openssl-1.0.2-test-use-localhost.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- openssl-1.0.2/ssl/ssltest.c.test-use-localhost 2015-01-25 13:57:41.440606522 +0100 -+++ openssl-1.0.2/ssl/ssltest.c 2015-01-25 13:59:04.039611530 +0100 -@@ -1516,16 +1516,7 @@ int main(int argc, char *argv[]) - - #ifndef OPENSSL_NO_KRB5 - if (c_ssl && c_ssl->kssl_ctx) { -- char localhost[MAXHOSTNAMELEN + 2]; -- -- if (gethostname(localhost, sizeof localhost - 1) == 0) { -- localhost[sizeof localhost - 1] = '\0'; -- if (strlen(localhost) == sizeof localhost - 1) { -- BIO_printf(bio_err, "localhost name too long\n"); -- goto end; -- } -- kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER, localhost); -- } -+ kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER, "localhost"); - } - #endif /* OPENSSL_NO_KRB5 */ - diff --git a/openssl-1.1.0-no-rpath.patch b/openssl-1.1.0-no-rpath.patch new file mode 100644 index 0000000..92b0e85 --- /dev/null +++ b/openssl-1.1.0-no-rpath.patch @@ -0,0 +1,12 @@ +diff -up openssl-1.1.0-pre5/Makefile.shared.no-rpath openssl-1.1.0-pre5/Makefile.shared +--- openssl-1.1.0-pre5/Makefile.shared.no-rpath 2016-07-18 14:41:53.081002002 +0200 ++++ openssl-1.1.0-pre5/Makefile.shared 2016-07-18 14:43:08.790467584 +0200 +@@ -175,7 +175,7 @@ DO_GNU_SO=\ + ALLSYMSFLAGS='-Wl,--whole-archive'; \ + NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ + $(DO_GNU_SO_COMMON) +-DO_GNU_APP=LDFLAGS="$(CFLAGS) $(LDFLAGS) -Wl,-rpath,$(LIBRPATH)" ++DO_GNU_APP=LDFLAGS="$(CFLAGS) $(LDFLAGS)" + + #This is rather special. It's a special target with which one can link + #applications without bothering with any features that have anything to diff --git a/openssl-1.1.0-version-add-engines.patch b/openssl-1.1.0-version-add-engines.patch new file mode 100644 index 0000000..8088f14 --- /dev/null +++ b/openssl-1.1.0-version-add-engines.patch @@ -0,0 +1,38 @@ +diff -up openssl-1.1.0-pre5/apps/version.c.version-add-engines openssl-1.1.0-pre5/apps/version.c +--- openssl-1.1.0-pre5/apps/version.c.version-add-engines 2016-07-18 15:25:52.694531409 +0200 ++++ openssl-1.1.0-pre5/apps/version.c 2016-07-18 15:32:53.943062181 +0200 +@@ -153,7 +153,7 @@ int version_main(int argc, char **argv) + { + int ret = 1, dirty = 0; + int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0; +- int engdir = 0; ++ int engdir = 0, engines = 0; + char *prog; + OPTION_CHOICE o; + +@@ -190,7 +190,7 @@ int version_main(int argc, char **argv) + dirty = version = 1; + break; + case OPT_A: +- cflags = version = date = platform = dir = engdir = 1; ++ cflags = version = date = platform = dir = engdir = engines = 1; + break; + } + } +@@ -235,6 +235,16 @@ int version_main(int argc, char **argv) + printf("%s\n", OpenSSL_version(OPENSSL_DIR)); + if (engdir) + printf("%s\n", OpenSSL_version(OPENSSL_ENGINES_DIR)); ++ if (engines) { ++ ENGINE *e; ++ printf("engines: "); ++ e = ENGINE_get_first(); ++ while (e) { ++ printf("%s ", ENGINE_get_id(e)); ++ e = ENGINE_get_next(e); ++ } ++ printf("\n"); ++ } + ret = 0; + end: + return (ret); diff --git a/openssl.spec b/openssl.spec index 91a0c6c..7581559 100644 --- a/openssl.spec +++ b/openssl.spec @@ -1,4 +1,4 @@ -%define major 1.0.0 +%define major 1.1 %define engines_name %mklibname openssl-engines %{major} %define libcrypto %mklibname crypto %{major} %define libssl %mklibname ssl %{major} @@ -7,14 +7,11 @@ %define conflict2 %mklibname openssl 0.9.8 -# Number of threads to spawn when testing some threading fixes. -#define thread_test_threads %{?threads:%{threads}}%{!?threads:1} - %define with_krb5 %{?_with_krb5:1}%{!?_with_krb5:0} Summary: Secure Sockets Layer communications libs & utils Name: openssl -Version: 1.0.2h +Version: 1.1.0b Release: 1 License: BSD-like Group: System/Libraries @@ -24,19 +21,14 @@ Source1: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz.asc Source2: Makefile.certificate Source3: make-dummy-cert Source4: openssl-thread-test.c -# Handle RPM_OPT_FLAGS in Configure -Patch2: openssl-1.0.2e-optflags.patch -Patch3: openssl-1.0.1c-fix-perlpath.pl # (oe) support Brazilian Government OTHERNAME X509v3 field (#14158) # http://www.iti.gov.br/resolucoes/RESOLU__O_13_DE_26_04_2002.PDF Patch6: openssl-1.0.2-icpbrasil.patch Patch7: openssl-1.0.2-defaults.patch Patch8: openssl-0.9.8a-link-krb5.patch Patch12: openssl-1.0.2-x509.patch -Patch13: openssl-1.0.2-add-engines.patch -Patch302: openssl-1.0.2-enginesdir.patch -Patch303: openssl-0.9.8a-no-rpath.patch -Patch304: openssl-1.0.2-test-use-localhost.patch +Patch13: openssl-1.1.0-version-add-engines.patch +Patch303: openssl-1.1.0-no-rpath.patch BuildRequires: bc %{?_with_krb5:BuildRequires: krb5-devel} BuildRequires: sctp-devel @@ -52,8 +44,8 @@ various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. %files -%doc FAQ INSTALL LICENSE NEWS PROBLEMS main-doc-info/README* -%doc README README.ASN1 README.ENGINE +%doc FAQ INSTALL LICENSE NEWS main-doc-info/README* +%doc README README.ENGINE %dir %{_sysconfdir}/pki %dir %{_sysconfdir}/pki/CA %dir %{_sysconfdir}/pki/CA/private @@ -80,8 +72,8 @@ Provides: openssl-engines = %{EVRD} This package provides engines for openssl. %files -n %{engines_name} -%attr(0755,root,root) %dir %{_libdir}/openssl-%{version}/engines -%attr(0755,root,root) %{_libdir}/openssl-%{version}/engines/*.so +%attr(0755,root,root) %dir %{_libdir}/engines-%{major}/ +%attr(0755,root,root) %{_libdir}/engines-%{major}/*.so #---------------------------------------------------------------------------- @@ -95,7 +87,7 @@ The libraries files are needed for various cryptographic algorithms and protocols, including DES, RC4, RSA and SSL. %files -n %{libcrypto} -%doc FAQ INSTALL LICENSE NEWS PROBLEMS README* +%doc FAQ INSTALL LICENSE NEWS README* %{_libdir}/libcrypto.so.%{major}* #---------------------------------------------------------------------------- @@ -116,7 +108,7 @@ The libraries files are needed for various cryptographic algorithms and protocols, including DES, RC4, RSA and SSL. %files -n %{libssl} -%doc FAQ INSTALL LICENSE NEWS PROBLEMS README* +%doc FAQ INSTALL LICENSE NEWS README* %{_libdir}/libssl.so.%{major}* #---------------------------------------------------------------------------- @@ -136,7 +128,7 @@ for various cryptographic algorithms and protocols, including DES, RC4, RSA and SSL. %files -n %{devname} -%doc CHANGES doc/* devel-doc-info/README* +%doc CHANGES doc/* %dir %{_includedir}/openssl %{multiarch_includedir}/openssl/opensslconf.h %{_includedir}/openssl/* @@ -166,22 +158,17 @@ cryptographic algorithms and protocols, including DES, RC4, RSA and SSL. %prep %setup -q -%patch2 -p1 -b .optflags -%patch3 -p1 -b .perl %patch6 -p1 -b .icpbrasil %patch7 -p1 -b .defaults %{?_with_krb5:%patch8 -p1 -b .krb5} %patch12 -p1 -b .x509 %patch13 -p1 -b .version-add-engines -%patch302 -p1 -b .engines %patch303 -p1 -b .no-rpath -%patch304 -p1 -b .test-use-localhost -perl -pi -e "s,^(OPENSSL_LIBNAME=).+$,\1%{_lib}," Makefile.org engines/Makefile - -# fix perl path -perl util/perlpath.pl %{_bindir}/perl +# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be +# marked as not requiring an executable stack. +sed -i -e 's|-O3|%{optflags} -Wa,--noexecstack|g' Configurations/10-main.conf cp %{SOURCE2} Makefile.certificate cp %{SOURCE3} make-dummy-cert @@ -210,47 +197,16 @@ sslarch=linux-generic32 # RPM_OPT_FLAGS, so we can skip specifiying them here. ./Configure \ --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \ - --enginesdir=%{_libdir}/openssl-%{version}/engines \ --prefix=%{_prefix} --libdir=%{_lib}/ %{?_with_krb5:--with-krb5-flavor=MIT -I%{_prefix}/kerberos/include -L%{_prefix}/kerberos/%{_lib}} \ - zlib no-idea no-rc5 enable-camellia enable-seed enable-tlsext enable-rfc3779 enable-cms sctp shared ${sslarch} + zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \ + enable-cms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method \ + no-mdc2 no-ec2m no-gost no-srp \ + shared ${sslarch} -# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be -# marked as not requiring an executable stack. -RPM_OPT_FLAGS="%{optflags} -Wa,--noexecstack" - -make depend -make all build-shared - -# Generate hashes for the included certs. -make rehash build-shared - -%check -# Verify that what was compiled actually works. -export LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}} - -make -C test apps tests - -gcc -o openssl-thread-test \ - %{?_with_krb5:`krb5-config --cflags`} \ - -I./include \ - %{optflags} \ - openssl-thread-test.c \ - -L. -lssl -lcrypto \ - %{?_with_krb5:`krb5-config --libs`} \ - -lpthread -lz -ldl - -./openssl-thread-test --threads %{thread_test_threads} +%make all %install - -%makeinstall \ - INSTALL_PREFIX=%{buildroot} \ - MANDIR=%{_mandir} \ - build-shared - -# the makefiles is too borked... -install -d %{buildroot}%{_libdir}/openssl-%{version} -mv %{buildroot}%{_libdir}/engines %{buildroot}%{_libdir}/openssl-%{version}/engines +%makeinstall_std # make the rootcerts dir install -d %{buildroot}%{_sysconfdir}/pki/tls/rootcerts @@ -262,7 +218,7 @@ install -m0644 Makefile.certificate %{buildroot}%{_sysconfdir}/pki/tls/certs/Mak install -m0755 make-dummy-cert %{buildroot}%{_sysconfdir}/pki/tls/certs/make-dummy-cert # Pick a CA script. -mv %{buildroot}%{_sysconfdir}/pki/tls/misc/CA.sh %{buildroot}%{_sysconfdir}/pki/tls/misc/CA +mv %{buildroot}%{_sysconfdir}/pki/tls/misc/CA.pl %{buildroot}%{_sysconfdir}/pki/tls/misc/CA install -d %{buildroot}%{_sysconfdir}/pki/CA install -d %{buildroot}%{_sysconfdir}/pki/CA/private @@ -275,11 +231,6 @@ ln -snf openssl %{buildroot}%{_bindir}/ssleay mv %{buildroot}%{_mandir}/man1/passwd.1 %{buildroot}%{_mandir}/man1/ssl-passwd.1 ln -sf ssl-passwd.1%{_extension} %{buildroot}%{_mandir}/man1/openssl-passwd.1%{_extension} -for i in rand err; do - mv %{buildroot}%{_mandir}/man3/$i.3 %{buildroot}%{_mandir}/man3/ssl-$i.3 - ln -snf ssl-$i.3%{_extension} %{buildroot}%{_mandir}/man3/openssl-$i.3%{_extension} -done - rm -rf {main,devel}-doc-info mkdir -p {main,devel}-doc-info cat - << EOF > main-doc-info/README.Mandriva-manpage @@ -288,26 +239,15 @@ The man page of passwd, passwd.1, has been renamed to ssl-passwd.1 to avoid a conflict with passwd.1 man page from the package passwd. EOF -cat - << EOF > devel-doc-info/README.Mandriva-manpage -Warning: -The man page of rand, rand.3, has been renamed to ssl-rand.3 -to avoid a conflict with rand.3 from the package man-pages -The man page of err, err.3, has been renamed to ssl-err.3 -to avoid a conflict with err.3 from the package man-pages -EOF - chmod 755 %{buildroot}%{_libdir}/pkgconfig %multiarch_includes %{buildroot}%{_includedir}/openssl/opensslconf.h # strip cannot touch these unless 755 -chmod 755 %{buildroot}%{_libdir}/openssl-%{version}/engines/*.so* +chmod 755 %{buildroot}%{_libdir}/engines-%{major}/*.so* chmod 755 %{buildroot}%{_libdir}/*.so* chmod 755 %{buildroot}%{_bindir}/* -# nuke a mistake -rm -f %{buildroot}%{_mandir}/man3/.3 - # Fix libdir. pushd %{buildroot}%{_libdir}/pkgconfig for i in *.pc ; do @@ -322,3 +262,24 @@ popd perl -pi -e "s|^CATOP=.*|CATOP=%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfdir}/pki/tls/misc/CA perl -pi -e "s|^\\\$CATOP\=\".*|\\\$CATOP\=\"%{_sysconfdir}/pki/tls\";|g" %{buildroot}%{_sysconfdir}/pki/tls/misc/CA.pl perl -pi -e "s|\./demoCA|%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfdir}/pki/tls/openssl.cnf + +# drop example config +rm -f %{buildroot}%{_sysconfdir}/pki/tls/openssl.cnf.dist + +%check +# Verify that what was compiled actually works. +export LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}} + +make test + +gcc -o openssl-thread-test \ + %{?_with_krb5:`krb5-config --cflags`} \ + -I./include \ + %{optflags} \ + openssl-thread-test.c \ + -L. -lssl -lcrypto \ + %{?_with_krb5:`krb5-config --libs`} \ + -lpthread -lz -ldl + +./openssl-thread-test --threads 1 +