New version 1.0.2l

Re-diff some patches Move engines to openssl-1.0.0/engines directory to avoid rebuilding external engines for every new openssl version
2025-02-23 08:12:50 +00:00 · 2017-06-30 23:02:17 +10:00 · 2017-06-30 23:02:17 +10:00 · e0ab5014dc
commit e0ab5014dc
parent a8866a92fd
4 changed files with 85 additions and 81 deletions
--- a/.abf.yml
+++ b/.abf.yml
@ -1,3 +1,3 @@
 sources:
-  openssl-1.0.2k.tar.gz: 5f26a624479c51847ebd2f22bb9f84b3b44dcb44
+  openssl-1.0.2l.tar.gz: b58d5d0e9cea20e571d903aafa853e2ccd914138
-  openssl-1.0.2k.tar.gz.asc: 8a0e10287f55529f1bbe582ea634b3f414b42eb5
+  openssl-1.0.2l.tar.gz.asc: 82a8013979d2aaa437bf58bf99355317b25e2e2a
--- a/openssl-1.0.2l-gost-engine.patch
+++ b/openssl-1.0.2l-gost-engine.patch
@ -1,6 +1,6 @@
-diff -urN openssl-1.0.2j/crypto/asn1/a_mbstr.c openssl-1.0.2j-patched/crypto/asn1/a_mbstr.c
+diff -urN openssl-1.0.2l/crypto/asn1/a_mbstr.c openssl-1.0.2l-patched/crypto/asn1/a_mbstr.c
--- openssl-1.0.2j/crypto/asn1/a_mbstr.c	2016-09-26 19:49:07.000000000 +1000
+--- openssl-1.0.2l/crypto/asn1/a_mbstr.c	2017-05-25 22:54:34.134746123 +1000
-+++ openssl-1.0.2j-patched/crypto/asn1/a_mbstr.c	2016-12-09 17:41:01.051681648 +1000
+++ openssl-1.0.2l-patched/crypto/asn1/a_mbstr.c	2017-06-30 22:32:46.624534512 +1000
@@ -173,6 +173,8 @@
         str_type = V_ASN1_PRINTABLESTRING;
     else if (mask & B_ASN1_IA5STRING)
@ -10,24 +10,24 @@ diff -urN openssl-1.0.2j/crypto/asn1/a_mbstr.c openssl-1.0.2j-patched/crypto/asn
     else if (mask & B_ASN1_T61STRING)
         str_type = V_ASN1_T61STRING;
     else if (mask & B_ASN1_BMPSTRING) {
-diff -urN openssl-1.0.2j/crypto/asn1/a_strnid.c openssl-1.0.2j-patched/crypto/asn1/a_strnid.c
+diff -urN openssl-1.0.2l/crypto/asn1/a_strnid.c openssl-1.0.2l-patched/crypto/asn1/a_strnid.c
--- openssl-1.0.2j/crypto/asn1/a_strnid.c	2016-09-26 19:49:07.000000000 +1000
+--- openssl-1.0.2l/crypto/asn1/a_strnid.c	2017-05-25 22:54:38.134746123 +1000
-+++ openssl-1.0.2j-patched/crypto/asn1/a_strnid.c	2016-12-09 17:41:01.051681648 +1000
+++ openssl-1.0.2l-patched/crypto/asn1/a_strnid.c	2017-06-30 22:34:13.106542001 +1000
-@@ -192,7 +192,10 @@
+@@ -193,7 +193,10 @@
     {NID_name, 1, ub_name, DIRSTRING_TYPE, 0},
     {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
     {NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
-    {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}
+     {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
-+    {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
+-    {NID_jurisdictionCountryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}
 +    {NID_jurisdictionCountryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
 +    {NID_INN, 1, 12, B_ASN1_NUMERICSTRING, STABLE_NO_MASK},
 +    {NID_OGRN, 1, 13, B_ASN1_NUMERICSTRING, STABLE_NO_MASK},
 +    {NID_SNILS, 1, 11, B_ASN1_NUMERICSTRING, STABLE_NO_MASK}
 };
 static int sk_table_cmp(const ASN1_STRING_TABLE *const *a,
-diff -urN openssl-1.0.2j/crypto/cms/cms_sd.c openssl-1.0.2j-patched/crypto/cms/cms_sd.c
+diff -urN openssl-1.0.2l/crypto/cms/cms_sd.c openssl-1.0.2l-patched/crypto/cms/cms_sd.c
--- openssl-1.0.2j/crypto/cms/cms_sd.c	2016-09-26 19:49:07.000000000 +1000
+--- openssl-1.0.2l/crypto/cms/cms_sd.c	2017-05-25 22:54:34.134746123 +1000
-+++ openssl-1.0.2j-patched/crypto/cms/cms_sd.c	2016-12-09 17:41:01.051681648 +1000
+++ openssl-1.0.2l-patched/crypto/cms/cms_sd.c	2017-06-30 22:32:46.626534512 +1000
@@ -943,6 +943,8 @@
 int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
 {
@ -37,9 +37,9 @@ diff -urN openssl-1.0.2j/crypto/cms/cms_sd.c openssl-1.0.2j-patched/crypto/cms/c
         || !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1)
         || !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1)
         || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
-diff -urN openssl-1.0.2j/crypto/evp/evp.h openssl-1.0.2j-patched/crypto/evp/evp.h
+diff -urN openssl-1.0.2l/crypto/evp/evp.h openssl-1.0.2l-patched/crypto/evp/evp.h
--- openssl-1.0.2j/crypto/evp/evp.h	2016-09-26 19:49:07.000000000 +1000
+--- openssl-1.0.2l/crypto/evp/evp.h	2017-05-25 22:54:34.134746123 +1000
-+++ openssl-1.0.2j-patched/crypto/evp/evp.h	2016-12-09 17:43:29.024687755 +1000
+++ openssl-1.0.2l-patched/crypto/evp/evp.h	2017-06-30 22:32:46.627534512 +1000
@@ -423,6 +423,35 @@
 # define         EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT      0x1b
 # define         EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE  0x1c
@ -76,9 +76,9 @@ diff -urN openssl-1.0.2j/crypto/evp/evp.h openssl-1.0.2j-patched/crypto/evp/evp.
 /* RFC 5246 defines additional data to be 13 bytes in length */
 # define         EVP_AEAD_TLS1_AAD_LEN           13
-diff -urN openssl-1.0.2j/crypto/evp/evp_pbe.c openssl-1.0.2j-patched/crypto/evp/evp_pbe.c
+diff -urN openssl-1.0.2l/crypto/evp/evp_pbe.c openssl-1.0.2l-patched/crypto/evp/evp_pbe.c
--- openssl-1.0.2j/crypto/evp/evp_pbe.c	2016-09-26 19:49:07.000000000 +1000
+--- openssl-1.0.2l/crypto/evp/evp_pbe.c	2017-05-25 22:54:34.134746123 +1000
-+++ openssl-1.0.2j-patched/crypto/evp/evp_pbe.c	2016-12-09 17:41:01.052681648 +1000
+++ openssl-1.0.2l-patched/crypto/evp/evp_pbe.c	2017-06-30 22:32:46.627534512 +1000
@@ -121,6 +121,10 @@
     {EVP_PBE_TYPE_PRF, NID_hmacWithSHA384, -1, NID_sha384, 0},
     {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0},
@ -90,9 +90,9 @@ diff -urN openssl-1.0.2j/crypto/evp/evp_pbe.c openssl-1.0.2j-patched/crypto/evp/
 };
 #ifdef TEST
-diff -urN openssl-1.0.2j/crypto/objects/obj_dat.h openssl-1.0.2j-patched/crypto/objects/obj_dat.h
+diff -urN openssl-1.0.2l/crypto/objects/obj_dat.h openssl-1.0.2l-patched/crypto/objects/obj_dat.h
--- openssl-1.0.2j/crypto/objects/obj_dat.h	2016-09-26 19:49:34.000000000 +1000
+--- openssl-1.0.2l/crypto/objects/obj_dat.h	2017-05-25 22:55:20.134746123 +1000
-+++ openssl-1.0.2j-patched/crypto/objects/obj_dat.h	2016-12-09 17:41:01.053681648 +1000
+++ openssl-1.0.2l-patched/crypto/objects/obj_dat.h	2017-06-30 22:32:46.631534513 +1000
@@ -62,12 +62,12 @@
  * [including the GNU Public Licence.]
  */
@ -484,9 +484,9 @@ diff -urN openssl-1.0.2j/crypto/objects/obj_dat.h openssl-1.0.2j-patched/crypto/
 108,	/* OBJ_cast5_cbc                    1 2 840 113533 7 66 10 */
 112,	/* OBJ_pbeWithMD5AndCast5_CBC       1 2 840 113533 7 66 12 */
 782,	/* OBJ_id_PasswordBasedMAC          1 2 840 113533 7 66 13 */
-diff -urN openssl-1.0.2j/crypto/objects/objects.txt openssl-1.0.2j-patched/crypto/objects/objects.txt
+diff -urN openssl-1.0.2l/crypto/objects/objects.txt openssl-1.0.2l-patched/crypto/objects/objects.txt
--- openssl-1.0.2j/crypto/objects/objects.txt	2016-09-26 19:49:07.000000000 +1000
+--- openssl-1.0.2l/crypto/objects/objects.txt	2017-05-25 22:54:34.134746123 +1000
-+++ openssl-1.0.2j-patched/crypto/objects/objects.txt	2016-12-09 17:41:01.053681648 +1000
+++ openssl-1.0.2l-patched/crypto/objects/objects.txt	2017-06-30 22:32:46.633534513 +1000
@@ -1156,6 +1156,7 @@
 member-body 643 2 2	: cryptopro
@ -570,9 +570,9 @@ diff -urN openssl-1.0.2j/crypto/objects/objects.txt openssl-1.0.2j-patched/crypt
 # Definitions for Camellia cipher - CBC MODE
 1 2 392 200011 61 1 1 1 2 : CAMELLIA-128-CBC		: camellia-128-cbc
-diff -urN openssl-1.0.2j/crypto/objects/obj_mac.h openssl-1.0.2j-patched/crypto/objects/obj_mac.h
+diff -urN openssl-1.0.2l/crypto/objects/obj_mac.h openssl-1.0.2l-patched/crypto/objects/obj_mac.h
--- openssl-1.0.2j/crypto/objects/obj_mac.h	2016-09-26 19:49:33.000000000 +1000
+--- openssl-1.0.2l/crypto/objects/obj_mac.h	2017-05-25 22:54:34.134746123 +1000
-+++ openssl-1.0.2j-patched/crypto/objects/obj_mac.h	2016-12-09 17:41:01.054681648 +1000
+++ openssl-1.0.2l-patched/crypto/objects/obj_mac.h	2017-06-30 22:32:46.635534513 +1000
@@ -3678,6 +3678,10 @@
 #define NID_cryptocom           806
 #define OBJ_cryptocom           OBJ_member_body,643L,2L,9L
@ -771,9 +771,9 @@ diff -urN openssl-1.0.2j/crypto/objects/obj_mac.h openssl-1.0.2j-patched/crypto/
 #define SN_camellia_128_cbc             "CAMELLIA-128-CBC"
 #define LN_camellia_128_cbc             "camellia-128-cbc"
 #define NID_camellia_128_cbc            751
-diff -urN openssl-1.0.2j/crypto/objects/obj_mac.num openssl-1.0.2j-patched/crypto/objects/obj_mac.num
+diff -urN openssl-1.0.2l/crypto/objects/obj_mac.num openssl-1.0.2l-patched/crypto/objects/obj_mac.num
--- openssl-1.0.2j/crypto/objects/obj_mac.num	2016-09-26 19:49:32.000000000 +1000
+--- openssl-1.0.2l/crypto/objects/obj_mac.num	2017-05-25 22:54:34.134746123 +1000
-+++ openssl-1.0.2j-patched/crypto/objects/obj_mac.num	2016-12-09 17:41:01.054681648 +1000
+++ openssl-1.0.2l-patched/crypto/objects/obj_mac.num	2017-06-30 22:32:46.636534513 +1000
@@ -955,3 +955,45 @@
 jurisdictionLocalityName		955
 jurisdictionStateOrProvinceName		956
@ -820,9 +820,9 @@ diff -urN openssl-1.0.2j/crypto/objects/obj_mac.num openssl-1.0.2j-patched/crypt
 +grasshopper_cbc		997
 +grasshopper_cfb		998
 +grasshopper_mac		999
-diff -urN openssl-1.0.2j/crypto/objects/obj_xref.h openssl-1.0.2j-patched/crypto/objects/obj_xref.h
+diff -urN openssl-1.0.2l/crypto/objects/obj_xref.h openssl-1.0.2l-patched/crypto/objects/obj_xref.h
--- openssl-1.0.2j/crypto/objects/obj_xref.h	2016-09-26 19:49:35.000000000 +1000
+--- openssl-1.0.2l/crypto/objects/obj_xref.h	2017-05-25 22:54:34.134746123 +1000
-+++ openssl-1.0.2j-patched/crypto/objects/obj_xref.h	2016-12-09 17:41:01.054681648 +1000
+++ openssl-1.0.2l-patched/crypto/objects/obj_xref.h	2017-06-30 22:32:46.636534513 +1000
@@ -56,6 +56,10 @@
      NID_dh_cofactor_kdf},
     {NID_dhSinglePass_cofactorDH_sha512kdf_scheme, NID_sha512,
@ -841,9 +841,9 @@ diff -urN openssl-1.0.2j/crypto/objects/obj_xref.h openssl-1.0.2j-patched/crypto
 +    &sigoid_srt[40],
 +    &sigoid_srt[41],
 };
-diff -urN openssl-1.0.2j/crypto/objects/obj_xref.txt openssl-1.0.2j-patched/crypto/objects/obj_xref.txt
+diff -urN openssl-1.0.2l/crypto/objects/obj_xref.txt openssl-1.0.2l-patched/crypto/objects/obj_xref.txt
--- openssl-1.0.2j/crypto/objects/obj_xref.txt	2016-09-26 19:49:07.000000000 +1000
+--- openssl-1.0.2l/crypto/objects/obj_xref.txt	2017-05-25 22:54:34.134746123 +1000
-+++ openssl-1.0.2j-patched/crypto/objects/obj_xref.txt	2016-12-09 17:41:01.054681648 +1000
+++ openssl-1.0.2l-patched/crypto/objects/obj_xref.txt	2017-06-30 22:32:46.637534513 +1000
@@ -44,6 +44,8 @@
 id_GostR3411_94_with_GostR3410_94	id_GostR3411_94 id_GostR3410_94
 id_GostR3411_94_with_GostR3410_94_cc	id_GostR3411_94 id_GostR3410_94_cc
@ -853,9 +853,9 @@ diff -urN openssl-1.0.2j/crypto/objects/obj_xref.txt openssl-1.0.2j-patched/cryp
 # ECDH KDFs and their corresponding message digests and schemes
 dhSinglePass_stdDH_sha1kdf_scheme		sha1	dh_std_kdf
 dhSinglePass_stdDH_sha224kdf_scheme		sha224	dh_std_kdf
-diff -urN openssl-1.0.2j/crypto/pkcs12/p12_mutl.c openssl-1.0.2j-patched/crypto/pkcs12/p12_mutl.c
+diff -urN openssl-1.0.2l/crypto/pkcs12/p12_mutl.c openssl-1.0.2l-patched/crypto/pkcs12/p12_mutl.c
--- openssl-1.0.2j/crypto/pkcs12/p12_mutl.c	2016-09-26 19:49:07.000000000 +1000
+--- openssl-1.0.2l/crypto/pkcs12/p12_mutl.c	2017-05-25 22:54:38.134746123 +1000
-+++ openssl-1.0.2j-patched/crypto/pkcs12/p12_mutl.c	2016-12-09 17:41:01.055681648 +1000
+++ openssl-1.0.2l-patched/crypto/pkcs12/p12_mutl.c	2017-06-30 22:32:46.637534513 +1000
@@ -65,6 +65,28 @@
 # include <openssl/rand.h>
 # include <openssl/pkcs12.h>
@ -916,9 +916,9 @@ diff -urN openssl-1.0.2j/crypto/pkcs12/p12_mutl.c openssl-1.0.2j-patched/crypto/
         PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
         return 0;
     }
-diff -urN openssl-1.0.2j/crypto/pkcs7/pk7_smime.c openssl-1.0.2j-patched/crypto/pkcs7/pk7_smime.c
+diff -urN openssl-1.0.2l/crypto/pkcs7/pk7_smime.c openssl-1.0.2l-patched/crypto/pkcs7/pk7_smime.c
--- openssl-1.0.2j/crypto/pkcs7/pk7_smime.c	2016-09-26 19:49:07.000000000 +1000
+--- openssl-1.0.2l/crypto/pkcs7/pk7_smime.c	2017-05-25 22:54:34.134746123 +1000
-+++ openssl-1.0.2j-patched/crypto/pkcs7/pk7_smime.c	2016-12-09 17:41:01.055681648 +1000
+++ openssl-1.0.2l-patched/crypto/pkcs7/pk7_smime.c	2017-06-30 22:32:46.637534513 +1000
@@ -185,6 +185,8 @@
                 goto err;
             }
--- a/openssl-1.0.2l-icpbrasil.patch
+++ b/openssl-1.0.2l-icpbrasil.patch
@ -1,11 +1,13 @@
--- openssl-1.0.2/crypto/x509v3/v3_alt.c.icpbrasil	2015-01-25 11:19:48.878752990 +0100
+diff -aur openssl-1.0.2l/crypto/x509v3/v3_alt.c openssl-1.0.2l_patched/crypto/x509v3/v3_alt.c
-+++ openssl-1.0.2/crypto/x509v3/v3_alt.c	2015-01-25 11:25:54.345266327 +0100
+--- openssl-1.0.2l/crypto/x509v3/v3_alt.c	2017-05-25 14:54:38.000000000 +0200
-@@ -116,10 +116,53 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X
+++ openssl-1.0.2l_patched/crypto/x509v3/v3_alt.c	2017-05-26 08:33:41.285793387 +0200
@@ -116,9 +116,57 @@
 {
     unsigned char *p;
     char oline[256], htmp[5];
 +
 +    int rc = 0;
 +
 +    /* see http://www.iti.gov.br/resolucoes/RESOLU__O_13_DE_26_04_2002.PDF
 +     * for the OID definitions and more details
 +     * All content is ASN.1 OCTET STRING
@ -38,7 +40,6 @@
     int i;
     switch (gen->type) {
     case GEN_OTHERNAME:
 -        X509V3_add_value("othername", "<unsupported>", &ret);
 +        rc = OBJ_obj2txt(oline, sizeof(oline), gen->d.otherName->type_id, 1);
 +        if (rc)
 +            if ((!strncmp(oline, oid_id_pf, sizeof(oid_id_pf)))   ||
@ -47,11 +48,14 @@
 +                (!strncmp(oline, oid_pj_name, sizeof(oid_pj_name))) ||
 +                (!strncmp(oline, oid_pj_cnpj, sizeof(oid_pj_cnpj))))
 +                /* FIXME: is that string always null terminated? */
-+                X509V3_add_value("othername", gen->d.otherName->value->value.octet_string->data, &ret);
+                if (!X509V3_add_value("othername", gen->d.otherName->value->value.octet_string->data, &ret))
 +                    return NULL;
 +            else
-+                X509V3_add_value("othername","<unsupported>", &ret);
+                if (!X509V3_add_value("othername","<unsupported>", &ret))
 +                    return NULL;
 +        else
-+            X509V3_add_value("othername","<unsupported>", &ret);
+            if (!X509V3_add_value("othername","<unsupported>", &ret))
 +                return NULL;
         if (!X509V3_add_value("othername", "<unsupported>", &ret))
             return NULL;
         break;
     case GEN_X400:
--- a/openssl.spec
+++ b/openssl.spec
@ -14,8 +14,8 @@
 Summary:	Secure Sockets Layer communications libs & utils
 Name:		openssl
-Version:	1.0.2k
+Version:	1.0.2l
-Release:	2
+Release:	1
 License:	BSD-like
 Group:		System/Libraries
 Url:		https://www.openssl.org
@ -26,7 +26,7 @@ Source3:	make-dummy-cert
 Source4:	openssl-thread-test.c
 # Based on https://github.com/gost-engine/engine
 # Never remove gost-engine patches
-Patch0:		openssl-1.0.2j-gost-engine.patch
+Patch0:		openssl-1.0.2l-gost-engine.patch
 # Copy https://github.com/gost-engine/engine/tree/openssl_1_0_2
 # over engines/ccgost/ and make diff
 Patch1:		openssl-1.0.2j-gost-engine-2.patch
@ -35,7 +35,7 @@ Patch2:		openssl-1.0.2e-optflags.patch
 Patch3:		openssl-1.0.1c-fix-perlpath.pl
 # (oe) support Brazilian Government OTHERNAME X509v3 field (#14158)
 # http://www.iti.gov.br/resolucoes/RESOLU__O_13_DE_26_04_2002.PDF
-Patch6:		openssl-1.0.2-icpbrasil.patch
+Patch6:		openssl-1.0.2l-icpbrasil.patch
 Patch7:		openssl-1.0.2-defaults.patch
 Patch12:	openssl-1.0.2-x509.patch
 Patch13:	openssl-1.0.2-add-engines.patch
@ -85,8 +85,8 @@ Provides:	openssl-engines = %{EVRD}
 This package provides engines for openssl.
 %files -n %{engines_name}
-%attr(0755,root,root) %dir %{_libdir}/openssl-%{version}/engines
+%attr(0755,root,root) %dir %{_libdir}/openssl-%{major}/engines
-%attr(0755,root,root) %{_libdir}/openssl-%{version}/engines/*.so
+%attr(0755,root,root) %{_libdir}/openssl-%{major}/engines/*.so
 #----------------------------------------------------------------------------
@ -216,7 +216,7 @@ sslarch=linux-generic32
 # RPM_OPT_FLAGS, so we can skip specifiying them here.
 ./Configure \
 	--openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
-	--enginesdir=%{_libdir}/openssl-%{version}/engines \
+	--enginesdir=%{_libdir}/openssl-%{major}/engines \
 	--prefix=%{_prefix} --libdir=%{_lib}/ %{?_with_krb5:--with-krb5-flavor=MIT -I%{_prefix}/kerberos/include -L%{_prefix}/kerberos/%{_lib}} \
 	zlib no-idea no-rc5 enable-camellia enable-seed enable-tlsext enable-rfc3779 enable-cms sctp shared ${sslarch}
@ -255,8 +255,8 @@ gcc -o openssl-thread-test \
 	build-shared
 # the makefiles is too borked...
-install -d %{buildroot}%{_libdir}/openssl-%{version}
+install -d %{buildroot}%{_libdir}/openssl-%{major}
-mv %{buildroot}%{_libdir}/engines %{buildroot}%{_libdir}/openssl-%{version}/engines
+mv %{buildroot}%{_libdir}/engines %{buildroot}%{_libdir}/openssl-%{major}/engines
 # make the rootcerts dir
 install -d %{buildroot}%{_sysconfdir}/pki/tls/rootcerts
@ -307,7 +307,7 @@ chmod 755 %{buildroot}%{_libdir}/pkgconfig
 %multiarch_includes %{buildroot}%{_includedir}/openssl/opensslconf.h
 # strip cannot touch these unless 755
-chmod 755 %{buildroot}%{_libdir}/openssl-%{version}/engines/*.so*
+chmod 755 %{buildroot}%{_libdir}/openssl-%{major}/engines/*.so*
 chmod 755 %{buildroot}%{_libdir}/*.so*
 chmod 755 %{buildroot}%{_bindir}/*