Djam/openssl
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/openssl.git synced 2025-02-22 15:52:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

New version 1.0.2l

Browse source 
Re-diff some patches
Move engines to openssl-1.0.0/engines directory to avoid rebuilding external engines for every new openssl version
This commit is contained in:
Andrey Bondrov 2017-06-30 23:02:17 +10:00
parent a8866a92fd
commit e0ab5014dc
4 changed files with 85 additions and 81 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.abf.yml
View file

@ -1,3 +1,3 @@
sources:
openssl-1.0.2k.tar.gz: 5f26a624479c51847ebd2f22bb9f84b3b44dcb44
openssl-1.0.2k.tar.gz.asc: 8a0e10287f55529f1bbe582ea634b3f414b42eb5
openssl-1.0.2l.tar.gz: b58d5d0e9cea20e571d903aafa853e2ccd914138
openssl-1.0.2l.tar.gz.asc: 82a8013979d2aaa437bf58bf99355317b25e2e2a

86
openssl-1.0.2j-gost-engine.patch → openssl-1.0.2l-gost-engine.patch
View file

@ -1,6 +1,6 @@
diff -urN openssl-1.0.2j/crypto/asn1/a_mbstr.c openssl-1.0.2j-patched/crypto/asn1/a_mbstr.c
--- openssl-1.0.2j/crypto/asn1/a_mbstr.c 2016-09-26 19:49:07.000000000 +1000
+++ openssl-1.0.2j-patched/crypto/asn1/a_mbstr.c 2016-12-09 17:41:01.051681648 +1000
diff -urN openssl-1.0.2l/crypto/asn1/a_mbstr.c openssl-1.0.2l-patched/crypto/asn1/a_mbstr.c
--- openssl-1.0.2l/crypto/asn1/a_mbstr.c 2017-05-25 22:54:34.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/asn1/a_mbstr.c 2017-06-30 22:32:46.624534512 +1000
@@ -173,6 +173,8 @@
str_type = V_ASN1_PRINTABLESTRING;
else if (mask & B_ASN1_IA5STRING)
@ -10,24 +10,24 @@ diff -urN openssl-1.0.2j/crypto/asn1/a_mbstr.c openssl-1.0.2j-patched/crypto/asn
else if (mask & B_ASN1_T61STRING)
str_type = V_ASN1_T61STRING;
else if (mask & B_ASN1_BMPSTRING) {
diff -urN openssl-1.0.2j/crypto/asn1/a_strnid.c openssl-1.0.2j-patched/crypto/asn1/a_strnid.c
--- openssl-1.0.2j/crypto/asn1/a_strnid.c 2016-09-26 19:49:07.000000000 +1000
+++ openssl-1.0.2j-patched/crypto/asn1/a_strnid.c 2016-12-09 17:41:01.051681648 +1000
@@ -192,7 +192,10 @@
{NID_name, 1, ub_name, DIRSTRING_TYPE, 0},
diff -urN openssl-1.0.2l/crypto/asn1/a_strnid.c openssl-1.0.2l-patched/crypto/asn1/a_strnid.c
--- openssl-1.0.2l/crypto/asn1/a_strnid.c 2017-05-25 22:54:38.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/asn1/a_strnid.c 2017-06-30 22:34:13.106542001 +1000
@@ -193,7 +193,10 @@
{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
{NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
- {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}
+ {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
{NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
- {NID_jurisdictionCountryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}
+ {NID_jurisdictionCountryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+ {NID_INN, 1, 12, B_ASN1_NUMERICSTRING, STABLE_NO_MASK},
+ {NID_OGRN, 1, 13, B_ASN1_NUMERICSTRING, STABLE_NO_MASK},
+ {NID_SNILS, 1, 11, B_ASN1_NUMERICSTRING, STABLE_NO_MASK}
};
static int sk_table_cmp(const ASN1_STRING_TABLE *const *a,
diff -urN openssl-1.0.2j/crypto/cms/cms_sd.c openssl-1.0.2j-patched/crypto/cms/cms_sd.c
--- openssl-1.0.2j/crypto/cms/cms_sd.c 2016-09-26 19:49:07.000000000 +1000
+++ openssl-1.0.2j-patched/crypto/cms/cms_sd.c 2016-12-09 17:41:01.051681648 +1000
diff -urN openssl-1.0.2l/crypto/cms/cms_sd.c openssl-1.0.2l-patched/crypto/cms/cms_sd.c
--- openssl-1.0.2l/crypto/cms/cms_sd.c 2017-05-25 22:54:34.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/cms/cms_sd.c 2017-06-30 22:32:46.626534512 +1000
@@ -943,6 +943,8 @@
int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
{
@ -37,9 +37,9 @@ diff -urN openssl-1.0.2j/crypto/cms/cms_sd.c openssl-1.0.2j-patched/crypto/cms/c
|| !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1)
|| !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1)
|| !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
diff -urN openssl-1.0.2j/crypto/evp/evp.h openssl-1.0.2j-patched/crypto/evp/evp.h
--- openssl-1.0.2j/crypto/evp/evp.h 2016-09-26 19:49:07.000000000 +1000
+++ openssl-1.0.2j-patched/crypto/evp/evp.h 2016-12-09 17:43:29.024687755 +1000
diff -urN openssl-1.0.2l/crypto/evp/evp.h openssl-1.0.2l-patched/crypto/evp/evp.h
--- openssl-1.0.2l/crypto/evp/evp.h 2017-05-25 22:54:34.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/evp/evp.h 2017-06-30 22:32:46.627534512 +1000
@@ -423,6 +423,35 @@
# define EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT 0x1b
# define EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE 0x1c
@ -76,9 +76,9 @@ diff -urN openssl-1.0.2j/crypto/evp/evp.h openssl-1.0.2j-patched/crypto/evp/evp.
/* RFC 5246 defines additional data to be 13 bytes in length */
# define EVP_AEAD_TLS1_AAD_LEN 13
diff -urN openssl-1.0.2j/crypto/evp/evp_pbe.c openssl-1.0.2j-patched/crypto/evp/evp_pbe.c
--- openssl-1.0.2j/crypto/evp/evp_pbe.c 2016-09-26 19:49:07.000000000 +1000
+++ openssl-1.0.2j-patched/crypto/evp/evp_pbe.c 2016-12-09 17:41:01.052681648 +1000
diff -urN openssl-1.0.2l/crypto/evp/evp_pbe.c openssl-1.0.2l-patched/crypto/evp/evp_pbe.c
--- openssl-1.0.2l/crypto/evp/evp_pbe.c 2017-05-25 22:54:34.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/evp/evp_pbe.c 2017-06-30 22:32:46.627534512 +1000
@@ -121,6 +121,10 @@
{EVP_PBE_TYPE_PRF, NID_hmacWithSHA384, -1, NID_sha384, 0},
{EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0},
@ -90,9 +90,9 @@ diff -urN openssl-1.0.2j/crypto/evp/evp_pbe.c openssl-1.0.2j-patched/crypto/evp/
};
#ifdef TEST
diff -urN openssl-1.0.2j/crypto/objects/obj_dat.h openssl-1.0.2j-patched/crypto/objects/obj_dat.h
--- openssl-1.0.2j/crypto/objects/obj_dat.h 2016-09-26 19:49:34.000000000 +1000
+++ openssl-1.0.2j-patched/crypto/objects/obj_dat.h 2016-12-09 17:41:01.053681648 +1000
diff -urN openssl-1.0.2l/crypto/objects/obj_dat.h openssl-1.0.2l-patched/crypto/objects/obj_dat.h
--- openssl-1.0.2l/crypto/objects/obj_dat.h 2017-05-25 22:55:20.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/objects/obj_dat.h 2017-06-30 22:32:46.631534513 +1000
@@ -62,12 +62,12 @@
* [including the GNU Public Licence.]
*/
@ -484,9 +484,9 @@ diff -urN openssl-1.0.2j/crypto/objects/obj_dat.h openssl-1.0.2j-patched/crypto/
108, /* OBJ_cast5_cbc 1 2 840 113533 7 66 10 */
112, /* OBJ_pbeWithMD5AndCast5_CBC 1 2 840 113533 7 66 12 */
782, /* OBJ_id_PasswordBasedMAC 1 2 840 113533 7 66 13 */
diff -urN openssl-1.0.2j/crypto/objects/objects.txt openssl-1.0.2j-patched/crypto/objects/objects.txt
--- openssl-1.0.2j/crypto/objects/objects.txt 2016-09-26 19:49:07.000000000 +1000
+++ openssl-1.0.2j-patched/crypto/objects/objects.txt 2016-12-09 17:41:01.053681648 +1000
diff -urN openssl-1.0.2l/crypto/objects/objects.txt openssl-1.0.2l-patched/crypto/objects/objects.txt
--- openssl-1.0.2l/crypto/objects/objects.txt 2017-05-25 22:54:34.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/objects/objects.txt 2017-06-30 22:32:46.633534513 +1000
@@ -1156,6 +1156,7 @@
member-body 643 2 2 : cryptopro
@ -570,9 +570,9 @@ diff -urN openssl-1.0.2j/crypto/objects/objects.txt openssl-1.0.2j-patched/crypt
# Definitions for Camellia cipher - CBC MODE
1 2 392 200011 61 1 1 1 2 : CAMELLIA-128-CBC : camellia-128-cbc
diff -urN openssl-1.0.2j/crypto/objects/obj_mac.h openssl-1.0.2j-patched/crypto/objects/obj_mac.h
--- openssl-1.0.2j/crypto/objects/obj_mac.h 2016-09-26 19:49:33.000000000 +1000
+++ openssl-1.0.2j-patched/crypto/objects/obj_mac.h 2016-12-09 17:41:01.054681648 +1000
diff -urN openssl-1.0.2l/crypto/objects/obj_mac.h openssl-1.0.2l-patched/crypto/objects/obj_mac.h
--- openssl-1.0.2l/crypto/objects/obj_mac.h 2017-05-25 22:54:34.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/objects/obj_mac.h 2017-06-30 22:32:46.635534513 +1000
@@ -3678,6 +3678,10 @@
#define NID_cryptocom 806
#define OBJ_cryptocom OBJ_member_body,643L,2L,9L
@ -771,9 +771,9 @@ diff -urN openssl-1.0.2j/crypto/objects/obj_mac.h openssl-1.0.2j-patched/crypto/
#define SN_camellia_128_cbc "CAMELLIA-128-CBC"
#define LN_camellia_128_cbc "camellia-128-cbc"
#define NID_camellia_128_cbc 751
diff -urN openssl-1.0.2j/crypto/objects/obj_mac.num openssl-1.0.2j-patched/crypto/objects/obj_mac.num
--- openssl-1.0.2j/crypto/objects/obj_mac.num 2016-09-26 19:49:32.000000000 +1000
+++ openssl-1.0.2j-patched/crypto/objects/obj_mac.num 2016-12-09 17:41:01.054681648 +1000
diff -urN openssl-1.0.2l/crypto/objects/obj_mac.num openssl-1.0.2l-patched/crypto/objects/obj_mac.num
--- openssl-1.0.2l/crypto/objects/obj_mac.num 2017-05-25 22:54:34.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/objects/obj_mac.num 2017-06-30 22:32:46.636534513 +1000
@@ -955,3 +955,45 @@
jurisdictionLocalityName 955
jurisdictionStateOrProvinceName 956
@ -820,9 +820,9 @@ diff -urN openssl-1.0.2j/crypto/objects/obj_mac.num openssl-1.0.2j-patched/crypt
+grasshopper_cbc 997
+grasshopper_cfb 998
+grasshopper_mac 999
diff -urN openssl-1.0.2j/crypto/objects/obj_xref.h openssl-1.0.2j-patched/crypto/objects/obj_xref.h
--- openssl-1.0.2j/crypto/objects/obj_xref.h 2016-09-26 19:49:35.000000000 +1000
+++ openssl-1.0.2j-patched/crypto/objects/obj_xref.h 2016-12-09 17:41:01.054681648 +1000
diff -urN openssl-1.0.2l/crypto/objects/obj_xref.h openssl-1.0.2l-patched/crypto/objects/obj_xref.h
--- openssl-1.0.2l/crypto/objects/obj_xref.h 2017-05-25 22:54:34.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/objects/obj_xref.h 2017-06-30 22:32:46.636534513 +1000
@@ -56,6 +56,10 @@
NID_dh_cofactor_kdf},
{NID_dhSinglePass_cofactorDH_sha512kdf_scheme, NID_sha512,
@ -841,9 +841,9 @@ diff -urN openssl-1.0.2j/crypto/objects/obj_xref.h openssl-1.0.2j-patched/crypto
+ &sigoid_srt[40],
+ &sigoid_srt[41],
};
diff -urN openssl-1.0.2j/crypto/objects/obj_xref.txt openssl-1.0.2j-patched/crypto/objects/obj_xref.txt
--- openssl-1.0.2j/crypto/objects/obj_xref.txt 2016-09-26 19:49:07.000000000 +1000
+++ openssl-1.0.2j-patched/crypto/objects/obj_xref.txt 2016-12-09 17:41:01.054681648 +1000
diff -urN openssl-1.0.2l/crypto/objects/obj_xref.txt openssl-1.0.2l-patched/crypto/objects/obj_xref.txt
--- openssl-1.0.2l/crypto/objects/obj_xref.txt 2017-05-25 22:54:34.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/objects/obj_xref.txt 2017-06-30 22:32:46.637534513 +1000
@@ -44,6 +44,8 @@
id_GostR3411_94_with_GostR3410_94 id_GostR3411_94 id_GostR3410_94
id_GostR3411_94_with_GostR3410_94_cc id_GostR3411_94 id_GostR3410_94_cc
@ -853,9 +853,9 @@ diff -urN openssl-1.0.2j/crypto/objects/obj_xref.txt openssl-1.0.2j-patched/cryp
# ECDH KDFs and their corresponding message digests and schemes
dhSinglePass_stdDH_sha1kdf_scheme sha1 dh_std_kdf
dhSinglePass_stdDH_sha224kdf_scheme sha224 dh_std_kdf
diff -urN openssl-1.0.2j/crypto/pkcs12/p12_mutl.c openssl-1.0.2j-patched/crypto/pkcs12/p12_mutl.c
--- openssl-1.0.2j/crypto/pkcs12/p12_mutl.c 2016-09-26 19:49:07.000000000 +1000
+++ openssl-1.0.2j-patched/crypto/pkcs12/p12_mutl.c 2016-12-09 17:41:01.055681648 +1000
diff -urN openssl-1.0.2l/crypto/pkcs12/p12_mutl.c openssl-1.0.2l-patched/crypto/pkcs12/p12_mutl.c
--- openssl-1.0.2l/crypto/pkcs12/p12_mutl.c 2017-05-25 22:54:38.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/pkcs12/p12_mutl.c 2017-06-30 22:32:46.637534513 +1000
@@ -65,6 +65,28 @@
# include <openssl/rand.h>
# include <openssl/pkcs12.h>
@ -916,9 +916,9 @@ diff -urN openssl-1.0.2j/crypto/pkcs12/p12_mutl.c openssl-1.0.2j-patched/crypto/
PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
return 0;
}
diff -urN openssl-1.0.2j/crypto/pkcs7/pk7_smime.c openssl-1.0.2j-patched/crypto/pkcs7/pk7_smime.c
--- openssl-1.0.2j/crypto/pkcs7/pk7_smime.c 2016-09-26 19:49:07.000000000 +1000
+++ openssl-1.0.2j-patched/crypto/pkcs7/pk7_smime.c 2016-12-09 17:41:01.055681648 +1000
diff -urN openssl-1.0.2l/crypto/pkcs7/pk7_smime.c openssl-1.0.2l-patched/crypto/pkcs7/pk7_smime.c
--- openssl-1.0.2l/crypto/pkcs7/pk7_smime.c 2017-05-25 22:54:34.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/pkcs7/pk7_smime.c 2017-06-30 22:32:46.637534513 +1000
@@ -185,6 +185,8 @@
goto err;
}

56
openssl-1.0.2-icpbrasil.patch → openssl-1.0.2l-icpbrasil.patch
View file

@ -1,44 +1,45 @@
--- openssl-1.0.2/crypto/x509v3/v3_alt.c.icpbrasil 2015-01-25 11:19:48.878752990 +0100
+++ openssl-1.0.2/crypto/x509v3/v3_alt.c 2015-01-25 11:25:54.345266327 +0100
@@ -116,10 +116,53 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X
diff -aur openssl-1.0.2l/crypto/x509v3/v3_alt.c openssl-1.0.2l_patched/crypto/x509v3/v3_alt.c
--- openssl-1.0.2l/crypto/x509v3/v3_alt.c 2017-05-25 14:54:38.000000000 +0200
+++ openssl-1.0.2l_patched/crypto/x509v3/v3_alt.c 2017-05-26 08:33:41.285793387 +0200
@@ -116,9 +116,57 @@
{
unsigned char *p;
char oline[256], htmp[5];
+
+ int rc = 0;
+
+ /* see http://www.iti.gov.br/resolucoes/RESOLU__O_13_DE_26_04_2002.PDF
+ * for the OID definitions and more details
+ * All content is ASN.1 OCTET STRING
+ */
+ /* person related */
+ const char oid_id_pf[] = "2.16.76.1.3.1"; /* person identification data as follows:
+ * birth date: ddmmyyyy (8)
+ * CPF number: (11)
+ * PIS/PASEP number: (11)
+ * RG number: (11)
+ * RG emmitter and state: (6)
+ */
+ * birth date: ddmmyyyy (8)
+ * CPF number: (11)
+ * PIS/PASEP number: (11)
+ * RG number: (11)
+ * RG emmitter and state: (6)
+ */
+ const char oid_el_pf[] = "2.16.76.1.3.5"; /* Electoral data:
+ * card number: (11)
+ * electoral zone: (3)
+ * electoral section: (4)
+ * city and state: (22)
+ */
+ * card number: (11)
+ * electoral zone: (3)
+ * electoral section: (4)
+ * city and state: (22)
+ */
+ /* company related */
+ const char oid_pj_id1[] = "2.16.76.1.3.4"; /* info about the person responsible for the company's certificate:
+ * birth date: ddmmyyyy (8)
+ * CPF number: (11)
+ * PIS/PASEP number: (11)
+ * RG number: (11)
+ * RG emitter and state: (6)
+ */
+ * birth date: ddmmyyyy (8)
+ * CPF number: (11)
+ * PIS/PASEP number: (11)
+ * RG number: (11)
+ * RG emitter and state: (6)
+ */
+ const char oid_pj_name[] = "2.16.76.1.3.2"; /* Name of the person responsible for the company's certificate */
+ const char oid_pj_cnpj[] = "2.16.76.1.3.3"; /* CNPJ number of the company*/
+
int i;
switch (gen->type) {
case GEN_OTHERNAME:
- X509V3_add_value("othername", "<unsupported>", &ret);
+ rc = OBJ_obj2txt(oline, sizeof(oline), gen->d.otherName->type_id, 1);
+ if (rc)
+ if ((!strncmp(oline, oid_id_pf, sizeof(oid_id_pf))) ||
@ -47,11 +48,14 @@
+ (!strncmp(oline, oid_pj_name, sizeof(oid_pj_name))) ||
+ (!strncmp(oline, oid_pj_cnpj, sizeof(oid_pj_cnpj))))
+ /* FIXME: is that string always null terminated? */
+ X509V3_add_value("othername", gen->d.otherName->value->value.octet_string->data, &ret);
+ if (!X509V3_add_value("othername", gen->d.otherName->value->value.octet_string->data, &ret))
+ return NULL;
+ else
+ X509V3_add_value("othername","<unsupported>", &ret);
+ if (!X509V3_add_value("othername","<unsupported>", &ret))
+ return NULL;
+ else
+ X509V3_add_value("othername","<unsupported>", &ret);
+ if (!X509V3_add_value("othername","<unsupported>", &ret))
+ return NULL;
if (!X509V3_add_value("othername", "<unsupported>", &ret))
return NULL;
break;
case GEN_X400:

20
openssl.spec
View file

@ -14,8 +14,8 @@
Summary: Secure Sockets Layer communications libs & utils
Name: openssl
Version: 1.0.2k
Release: 2
Version: 1.0.2l
Release: 1
License: BSD-like
Group: System/Libraries
Url: https://www.openssl.org
@ -26,7 +26,7 @@ Source3: make-dummy-cert
Source4: openssl-thread-test.c
# Based on https://github.com/gost-engine/engine
# Never remove gost-engine patches
Patch0: openssl-1.0.2j-gost-engine.patch
Patch0: openssl-1.0.2l-gost-engine.patch
# Copy https://github.com/gost-engine/engine/tree/openssl_1_0_2
# over engines/ccgost/ and make diff
Patch1: openssl-1.0.2j-gost-engine-2.patch
@ -35,7 +35,7 @@ Patch2: openssl-1.0.2e-optflags.patch
Patch3: openssl-1.0.1c-fix-perlpath.pl
# (oe) support Brazilian Government OTHERNAME X509v3 field (#14158)
# http://www.iti.gov.br/resolucoes/RESOLU__O_13_DE_26_04_2002.PDF
Patch6: openssl-1.0.2-icpbrasil.patch
Patch6: openssl-1.0.2l-icpbrasil.patch
Patch7: openssl-1.0.2-defaults.patch
Patch12: openssl-1.0.2-x509.patch
Patch13: openssl-1.0.2-add-engines.patch
@ -85,8 +85,8 @@ Provides: openssl-engines = %{EVRD}
This package provides engines for openssl.
%files -n %{engines_name}
%attr(0755,root,root) %dir %{_libdir}/openssl-%{version}/engines
%attr(0755,root,root) %{_libdir}/openssl-%{version}/engines/*.so
%attr(0755,root,root) %dir %{_libdir}/openssl-%{major}/engines
%attr(0755,root,root) %{_libdir}/openssl-%{major}/engines/*.so
#----------------------------------------------------------------------------
@ -216,7 +216,7 @@ sslarch=linux-generic32
# RPM_OPT_FLAGS, so we can skip specifiying them here.
./Configure \
--openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
--enginesdir=%{_libdir}/openssl-%{version}/engines \
--enginesdir=%{_libdir}/openssl-%{major}/engines \
--prefix=%{_prefix} --libdir=%{_lib}/ %{?_with_krb5:--with-krb5-flavor=MIT -I%{_prefix}/kerberos/include -L%{_prefix}/kerberos/%{_lib}} \
zlib no-idea no-rc5 enable-camellia enable-seed enable-tlsext enable-rfc3779 enable-cms sctp shared ${sslarch}
@ -255,8 +255,8 @@ gcc -o openssl-thread-test \
build-shared
# the makefiles is too borked...
install -d %{buildroot}%{_libdir}/openssl-%{version}
mv %{buildroot}%{_libdir}/engines %{buildroot}%{_libdir}/openssl-%{version}/engines
install -d %{buildroot}%{_libdir}/openssl-%{major}
mv %{buildroot}%{_libdir}/engines %{buildroot}%{_libdir}/openssl-%{major}/engines
# make the rootcerts dir
install -d %{buildroot}%{_sysconfdir}/pki/tls/rootcerts
@ -307,7 +307,7 @@ chmod 755 %{buildroot}%{_libdir}/pkgconfig
%multiarch_includes %{buildroot}%{_includedir}/openssl/opensslconf.h
# strip cannot touch these unless 755
chmod 755 %{buildroot}%{_libdir}/openssl-%{version}/engines/*.so*
chmod 755 %{buildroot}%{_libdir}/openssl-%{major}/engines/*.so*
chmod 755 %{buildroot}%{_libdir}/*.so*
chmod 755 %{buildroot}%{_bindir}/*