Djam/openssl
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/openssl.git synced 2025-02-23 08:12:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

New version 1.1.0b

Browse source 
New library major 1.1
Adjust patchset to match new version
Update files
This commit is contained in:
Andrey Bondrov 2016-09-27 03:25:32 +10:00
parent f9a9a3ce4a
commit 3591a33115
8 changed files with 95 additions and 210 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.abf.yml
View file

@ -1,3 +1,3 @@
sources:
openssl-1.0.2h.tar.gz: 577585f5f5d299c44dd3c993d3c0ac7a219e4949
openssl-1.0.2h.tar.gz.asc: d4d40be7aab859c7d705eb28f9b473d700871ab4
openssl-1.1.0b.tar.gz: cbf391d0d68a9f144c24c5c3c5028c07fa00264c
openssl-1.1.0b.tar.gz.asc: f18b8e7c7abdc103c06ccab61298e4149cd12160

11
openssl-0.9.8a-no-rpath.patch
View file

@ -1,11 +0,0 @@
--- openssl-0.9.8a/Makefile.shared.no-rpath 2005-06-23 22:47:54.000000000 +0200
+++ openssl-0.9.8a/Makefile.shared 2005-11-16 22:35:37.000000000 +0100
@@ -153,7 +153,7 @@
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
+DO_GNU_APP=LDFLAGS="$(CFLAGS)"
#This is rather special. It's a special target with which one can link
#applications without bothering with any features that have anything to

45
openssl-1.0.2-add-engines.patch
View file

@ -1,45 +0,0 @@
--- openssl-1.0.2/apps/version.c.version-add-engines 2015-01-25 13:46:17.556753160 +0100
+++ openssl-1.0.2/apps/version.c 2015-01-25 13:55:16.310634385 +0100
@@ -131,6 +131,7 @@
#ifndef OPENSSL_NO_BF
# include <openssl/blowfish.h>
#endif
+#include <openssl/engine.h>
#undef PROG
#define PROG version_main
@@ -140,7 +141,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
int i, ret = 0;
- int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0;
+ int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0, engines = 0;
apps_startup();
@@ -164,7 +165,7 @@ int MAIN(int argc, char **argv)
else if (strcmp(argv[i], "-d") == 0)
dir = 1;
else if (strcmp(argv[i], "-a") == 0)
- date = version = cflags = options = platform = dir = 1;
+ date = version = cflags = options = platform = dir = engines = 1;
else {
BIO_printf(bio_err, "usage:version -[avbofpd]\n");
ret = 1;
@@ -208,6 +209,16 @@ int MAIN(int argc, char **argv)
printf("%s\n", SSLeay_version(SSLEAY_CFLAGS));
if (dir)
printf("%s\n", SSLeay_version(SSLEAY_DIR));
+ if (engines) {
+ ENGINE *e;
+ printf("engines: ");
+ e = ENGINE_get_first();
+ while(e) {
+ printf("%s ", ENGINE_get_id(e));
+ e = ENGINE_get_next(e);
+ }
+ printf("\n");
+ }
end:
apps_shutdown();
OPENSSL_EXIT(ret);

50
openssl-1.0.2-enginesdir.patch
View file

@ -1,50 +0,0 @@
--- openssl-1.0.2/Configure.engines 2015-01-25 13:56:48.037706400 +0100
+++ openssl-1.0.2/Configure 2015-01-25 13:56:48.038706401 +0100
@@ -710,6 +710,7 @@ my $idx_multilib = $idx++;
my $prefix="";
my $libdir="";
my $openssldir="";
+my $enginesdir="";
my $exe_ext="";
my $install_prefix= "$ENV{'INSTALL_PREFIX'}";
my $cross_compile_prefix="";
@@ -937,6 +938,10 @@ PROCESS_ARGS:
{
$openssldir=$1;
}
+ elsif (/^--enginesdir=(.*)$/)
+ {
+ $enginesdir=$1;
+ }
elsif (/^--install.prefix=(.*)$/)
{
$install_prefix=$1;
@@ -1193,7 +1198,7 @@ chop $prefix if $prefix =~ /.\/$/;
$openssldir=$prefix . "/ssl" if $openssldir eq "";
$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
-
+$enginesdir="$prefix/lib/engines" if $enginesdir eq "";
print "IsMK1MF=$IsMK1MF\n";
@@ -1879,7 +1884,7 @@ while (<IN>)
}
elsif (/^#define\s+ENGINESDIR/)
{
- my $foo = "$prefix/$libdir/engines";
+ my $foo = "$enginesdir";
$foo =~ s/\\/\\\\/g;
print OUT "#define ENGINESDIR \"$foo\"\n";
}
--- openssl-1.0.2/engines/Makefile.engines 2015-01-25 13:56:48.039706402 +0100
+++ openssl-1.0.2/engines/Makefile 2015-01-25 13:57:23.706518032 +0100
@@ -124,7 +124,7 @@ install:
esac; \
cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
fi; \
- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
+ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
done; \
fi

20
openssl-1.0.2-test-use-localhost.patch
View file

@ -1,20 +0,0 @@
--- openssl-1.0.2/ssl/ssltest.c.test-use-localhost 2015-01-25 13:57:41.440606522 +0100
+++ openssl-1.0.2/ssl/ssltest.c 2015-01-25 13:59:04.039611530 +0100
@@ -1516,16 +1516,7 @@ int main(int argc, char *argv[])
#ifndef OPENSSL_NO_KRB5
if (c_ssl && c_ssl->kssl_ctx) {
- char localhost[MAXHOSTNAMELEN + 2];
-
- if (gethostname(localhost, sizeof localhost - 1) == 0) {
- localhost[sizeof localhost - 1] = '\0';
- if (strlen(localhost) == sizeof localhost - 1) {
- BIO_printf(bio_err, "localhost name too long\n");
- goto end;
- }
- kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER, localhost);
- }
+ kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER, "localhost");
}
#endif /* OPENSSL_NO_KRB5 */

12
openssl-1.1.0-no-rpath.patch Normal file
View file

@ -0,0 +1,12 @@
diff -up openssl-1.1.0-pre5/Makefile.shared.no-rpath openssl-1.1.0-pre5/Makefile.shared
--- openssl-1.1.0-pre5/Makefile.shared.no-rpath 2016-07-18 14:41:53.081002002 +0200
+++ openssl-1.1.0-pre5/Makefile.shared 2016-07-18 14:43:08.790467584 +0200
@@ -175,7 +175,7 @@ DO_GNU_SO=\
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
$(DO_GNU_SO_COMMON)
-DO_GNU_APP=LDFLAGS="$(CFLAGS) $(LDFLAGS) -Wl,-rpath,$(LIBRPATH)"
+DO_GNU_APP=LDFLAGS="$(CFLAGS) $(LDFLAGS)"
#This is rather special. It's a special target with which one can link
#applications without bothering with any features that have anything to

38
openssl-1.1.0-version-add-engines.patch Normal file
View file

@ -0,0 +1,38 @@
diff -up openssl-1.1.0-pre5/apps/version.c.version-add-engines openssl-1.1.0-pre5/apps/version.c
--- openssl-1.1.0-pre5/apps/version.c.version-add-engines 2016-07-18 15:25:52.694531409 +0200
+++ openssl-1.1.0-pre5/apps/version.c 2016-07-18 15:32:53.943062181 +0200
@@ -153,7 +153,7 @@ int version_main(int argc, char **argv)
{
int ret = 1, dirty = 0;
int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0;
- int engdir = 0;
+ int engdir = 0, engines = 0;
char *prog;
OPTION_CHOICE o;
@@ -190,7 +190,7 @@ int version_main(int argc, char **argv)
dirty = version = 1;
break;
case OPT_A:
- cflags = version = date = platform = dir = engdir = 1;
+ cflags = version = date = platform = dir = engdir = engines = 1;
break;
}
}
@@ -235,6 +235,16 @@ int version_main(int argc, char **argv)
printf("%s\n", OpenSSL_version(OPENSSL_DIR));
if (engdir)
printf("%s\n", OpenSSL_version(OPENSSL_ENGINES_DIR));
+ if (engines) {
+ ENGINE *e;
+ printf("engines: ");
+ e = ENGINE_get_first();
+ while (e) {
+ printf("%s ", ENGINE_get_id(e));
+ e = ENGINE_get_next(e);
+ }
+ printf("\n");
+ }
ret = 0;
end:
return (ret);

125
openssl.spec
View file

@ -1,4 +1,4 @@
%define major 1.0.0
%define major 1.1
%define engines_name %mklibname openssl-engines %{major}
%define libcrypto %mklibname crypto %{major}
%define libssl %mklibname ssl %{major}
@ -7,14 +7,11 @@
%define conflict2 %mklibname openssl 0.9.8
# Number of threads to spawn when testing some threading fixes.
#define thread_test_threads %{?threads:%{threads}}%{!?threads:1}
%define with_krb5 %{?_with_krb5:1}%{!?_with_krb5:0}
Summary: Secure Sockets Layer communications libs & utils
Name: openssl
Version: 1.0.2h
Version: 1.1.0b
Release: 1
License: BSD-like
Group: System/Libraries
@ -24,19 +21,14 @@ Source1: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz.asc
Source2: Makefile.certificate
Source3: make-dummy-cert
Source4: openssl-thread-test.c
# Handle RPM_OPT_FLAGS in Configure
Patch2: openssl-1.0.2e-optflags.patch
Patch3: openssl-1.0.1c-fix-perlpath.pl
# (oe) support Brazilian Government OTHERNAME X509v3 field (#14158)
# http://www.iti.gov.br/resolucoes/RESOLU__O_13_DE_26_04_2002.PDF
Patch6: openssl-1.0.2-icpbrasil.patch
Patch7: openssl-1.0.2-defaults.patch
Patch8: openssl-0.9.8a-link-krb5.patch
Patch12: openssl-1.0.2-x509.patch
Patch13: openssl-1.0.2-add-engines.patch
Patch302: openssl-1.0.2-enginesdir.patch
Patch303: openssl-0.9.8a-no-rpath.patch
Patch304: openssl-1.0.2-test-use-localhost.patch
Patch13: openssl-1.1.0-version-add-engines.patch
Patch303: openssl-1.1.0-no-rpath.patch
BuildRequires: bc
%{?_with_krb5:BuildRequires: krb5-devel}
BuildRequires: sctp-devel
@ -52,8 +44,8 @@ various encryption and decription algorithms and protocols, including DES, RC4,
RSA and SSL.
%files
%doc FAQ INSTALL LICENSE NEWS PROBLEMS main-doc-info/README*
%doc README README.ASN1 README.ENGINE
%doc FAQ INSTALL LICENSE NEWS main-doc-info/README*
%doc README README.ENGINE
%dir %{_sysconfdir}/pki
%dir %{_sysconfdir}/pki/CA
%dir %{_sysconfdir}/pki/CA/private
@ -80,8 +72,8 @@ Provides: openssl-engines = %{EVRD}
This package provides engines for openssl.
%files -n %{engines_name}
%attr(0755,root,root) %dir %{_libdir}/openssl-%{version}/engines
%attr(0755,root,root) %{_libdir}/openssl-%{version}/engines/*.so
%attr(0755,root,root) %dir %{_libdir}/engines-%{major}/
%attr(0755,root,root) %{_libdir}/engines-%{major}/*.so
#----------------------------------------------------------------------------
@ -95,7 +87,7 @@ The libraries files are needed for various cryptographic algorithms
and protocols, including DES, RC4, RSA and SSL.
%files -n %{libcrypto}
%doc FAQ INSTALL LICENSE NEWS PROBLEMS README*
%doc FAQ INSTALL LICENSE NEWS README*
%{_libdir}/libcrypto.so.%{major}*
#----------------------------------------------------------------------------
@ -116,7 +108,7 @@ The libraries files are needed for various cryptographic algorithms
and protocols, including DES, RC4, RSA and SSL.
%files -n %{libssl}
%doc FAQ INSTALL LICENSE NEWS PROBLEMS README*
%doc FAQ INSTALL LICENSE NEWS README*
%{_libdir}/libssl.so.%{major}*
#----------------------------------------------------------------------------
@ -136,7 +128,7 @@ for various cryptographic algorithms and protocols, including DES, RC4, RSA
and SSL.
%files -n %{devname}
%doc CHANGES doc/* devel-doc-info/README*
%doc CHANGES doc/*
%dir %{_includedir}/openssl
%{multiarch_includedir}/openssl/opensslconf.h
%{_includedir}/openssl/*
@ -166,22 +158,17 @@ cryptographic algorithms and protocols, including DES, RC4, RSA and SSL.
%prep
%setup -q
%patch2 -p1 -b .optflags
%patch3 -p1 -b .perl
%patch6 -p1 -b .icpbrasil
%patch7 -p1 -b .defaults
%{?_with_krb5:%patch8 -p1 -b .krb5}
%patch12 -p1 -b .x509
%patch13 -p1 -b .version-add-engines
%patch302 -p1 -b .engines
%patch303 -p1 -b .no-rpath
%patch304 -p1 -b .test-use-localhost
perl -pi -e "s,^(OPENSSL_LIBNAME=).+$,\1%{_lib}," Makefile.org engines/Makefile
# fix perl path
perl util/perlpath.pl %{_bindir}/perl
# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
# marked as not requiring an executable stack.
sed -i -e 's|-O3|%{optflags} -Wa,--noexecstack|g' Configurations/10-main.conf
cp %{SOURCE2} Makefile.certificate
cp %{SOURCE3} make-dummy-cert
@ -210,47 +197,16 @@ sslarch=linux-generic32
# RPM_OPT_FLAGS, so we can skip specifiying them here.
./Configure \
--openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
--enginesdir=%{_libdir}/openssl-%{version}/engines \
--prefix=%{_prefix} --libdir=%{_lib}/ %{?_with_krb5:--with-krb5-flavor=MIT -I%{_prefix}/kerberos/include -L%{_prefix}/kerberos/%{_lib}} \
zlib no-idea no-rc5 enable-camellia enable-seed enable-tlsext enable-rfc3779 enable-cms sctp shared ${sslarch}
zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
enable-cms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method \
no-mdc2 no-ec2m no-gost no-srp \
shared ${sslarch}
# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
# marked as not requiring an executable stack.
RPM_OPT_FLAGS="%{optflags} -Wa,--noexecstack"
make depend
make all build-shared
# Generate hashes for the included certs.
make rehash build-shared
%check
# Verify that what was compiled actually works.
export LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
make -C test apps tests
gcc -o openssl-thread-test \
%{?_with_krb5:`krb5-config --cflags`} \
-I./include \
%{optflags} \
openssl-thread-test.c \
-L. -lssl -lcrypto \
%{?_with_krb5:`krb5-config --libs`} \
-lpthread -lz -ldl
./openssl-thread-test --threads %{thread_test_threads}
%make all
%install
%makeinstall \
INSTALL_PREFIX=%{buildroot} \
MANDIR=%{_mandir} \
build-shared
# the makefiles is too borked...
install -d %{buildroot}%{_libdir}/openssl-%{version}
mv %{buildroot}%{_libdir}/engines %{buildroot}%{_libdir}/openssl-%{version}/engines
%makeinstall_std
# make the rootcerts dir
install -d %{buildroot}%{_sysconfdir}/pki/tls/rootcerts
@ -262,7 +218,7 @@ install -m0644 Makefile.certificate %{buildroot}%{_sysconfdir}/pki/tls/certs/Mak
install -m0755 make-dummy-cert %{buildroot}%{_sysconfdir}/pki/tls/certs/make-dummy-cert
# Pick a CA script.
mv %{buildroot}%{_sysconfdir}/pki/tls/misc/CA.sh %{buildroot}%{_sysconfdir}/pki/tls/misc/CA
mv %{buildroot}%{_sysconfdir}/pki/tls/misc/CA.pl %{buildroot}%{_sysconfdir}/pki/tls/misc/CA
install -d %{buildroot}%{_sysconfdir}/pki/CA
install -d %{buildroot}%{_sysconfdir}/pki/CA/private
@ -275,11 +231,6 @@ ln -snf openssl %{buildroot}%{_bindir}/ssleay
mv %{buildroot}%{_mandir}/man1/passwd.1 %{buildroot}%{_mandir}/man1/ssl-passwd.1
ln -sf ssl-passwd.1%{_extension} %{buildroot}%{_mandir}/man1/openssl-passwd.1%{_extension}
for i in rand err; do
mv %{buildroot}%{_mandir}/man3/$i.3 %{buildroot}%{_mandir}/man3/ssl-$i.3
ln -snf ssl-$i.3%{_extension} %{buildroot}%{_mandir}/man3/openssl-$i.3%{_extension}
done
rm -rf {main,devel}-doc-info
mkdir -p {main,devel}-doc-info
cat - << EOF > main-doc-info/README.Mandriva-manpage
@ -288,26 +239,15 @@ The man page of passwd, passwd.1, has been renamed to ssl-passwd.1
to avoid a conflict with passwd.1 man page from the package passwd.
EOF
cat - << EOF > devel-doc-info/README.Mandriva-manpage
Warning:
The man page of rand, rand.3, has been renamed to ssl-rand.3
to avoid a conflict with rand.3 from the package man-pages
The man page of err, err.3, has been renamed to ssl-err.3
to avoid a conflict with err.3 from the package man-pages
EOF
chmod 755 %{buildroot}%{_libdir}/pkgconfig
%multiarch_includes %{buildroot}%{_includedir}/openssl/opensslconf.h
# strip cannot touch these unless 755
chmod 755 %{buildroot}%{_libdir}/openssl-%{version}/engines/*.so*
chmod 755 %{buildroot}%{_libdir}/engines-%{major}/*.so*
chmod 755 %{buildroot}%{_libdir}/*.so*
chmod 755 %{buildroot}%{_bindir}/*
# nuke a mistake
rm -f %{buildroot}%{_mandir}/man3/.3
# Fix libdir.
pushd %{buildroot}%{_libdir}/pkgconfig
for i in *.pc ; do
@ -322,3 +262,24 @@ popd
perl -pi -e "s|^CATOP=.*|CATOP=%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfdir}/pki/tls/misc/CA
perl -pi -e "s|^\\\$CATOP\=\".*|\\\$CATOP\=\"%{_sysconfdir}/pki/tls\";|g" %{buildroot}%{_sysconfdir}/pki/tls/misc/CA.pl
perl -pi -e "s|\./demoCA|%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfdir}/pki/tls/openssl.cnf
# drop example config
rm -f %{buildroot}%{_sysconfdir}/pki/tls/openssl.cnf.dist
%check
# Verify that what was compiled actually works.
export LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
make test
gcc -o openssl-thread-test \
%{?_with_krb5:`krb5-config --cflags`} \
-I./include \
%{optflags} \
openssl-thread-test.c \
-L. -lssl -lcrypto \
%{?_with_krb5:`krb5-config --libs`} \
-lpthread -lz -ldl
./openssl-thread-test --threads 1