diff --git a/.abf.yml b/.abf.yml index cfdce8d..a33f90e 100644 --- a/.abf.yml +++ b/.abf.yml @@ -1,2 +1,2 @@ sources: - "openssl-1.0.0d.tar.gz": 32ca934f380a547061ddab7221b1a34e4e07e8d5 + "openssl-1.0.0g.tar.gz": 2b517baada2338663c27314cb922f9755e73e07f diff --git a/openssl-0.9.6b-mdkconfig.patch b/openssl-0.9.6b-mdkconfig.patch deleted file mode 100644 index f7589a6..0000000 --- a/openssl-0.9.6b-mdkconfig.patch +++ /dev/null @@ -1,116 +0,0 @@ ---- openssl-0.9.6b/ssl/s3_lib.c.mdkconfig Fri Mar 9 11:08:04 2001 -+++ openssl-0.9.6b/ssl/s3_lib.c Tue Dec 4 17:44:27 2001 -@@ -204,6 +204,7 @@ - SSL_ALL_STRENGTHS, - }, - /* Cipher 1B */ -+#if 0 - { - 1, - SSL3_TXT_ADH_DES_192_CBC_SHA, -@@ -216,6 +217,7 @@ - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, -+#endif - - /* RSA again */ - /* Cipher 03 */ -@@ -310,6 +312,7 @@ - SSL_ALL_STRENGTHS, - }, - /* Cipher 0A */ -+#if 0 - { - 1, - SSL3_TXT_RSA_DES_192_CBC3_SHA, -@@ -322,6 +325,7 @@ - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, -+#endif - - /* The DH ciphers */ - /* Cipher 0B */ -@@ -351,6 +355,7 @@ - SSL_ALL_STRENGTHS, - }, - /* Cipher 0D */ -+#if 0 - { - 0, - SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, -@@ -363,6 +368,7 @@ - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, -+#endif - /* Cipher 0E */ - { - 0, -@@ -390,6 +396,7 @@ - SSL_ALL_STRENGTHS, - }, - /* Cipher 10 */ -+#if 0 - { - 0, - SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, -@@ -402,6 +409,7 @@ - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, -+#endif - - /* The Ephemeral DH ciphers */ - /* Cipher 11 */ -@@ -431,6 +439,7 @@ - SSL_ALL_STRENGTHS, - }, - /* Cipher 13 */ -+#if 0 - { - 1, - SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, -@@ -443,6 +452,7 @@ - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, -+#endif - /* Cipher 14 */ - { - 1, -@@ -470,6 +480,7 @@ - SSL_ALL_STRENGTHS, - }, - /* Cipher 16 */ -+#if 0 - { - 1, - SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, -@@ -482,6 +493,7 @@ - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, -+#endif - - /* Fortezza */ - /* Cipher 1C */ ---- openssl-0.9.6b/ssl/s2_lib.c.mdkconfig Tue Dec 26 13:06:47 2000 -+++ openssl-0.9.6b/ssl/s2_lib.c Tue Dec 4 17:54:13 2001 -@@ -162,6 +162,7 @@ - SSL_ALL_STRENGTHS, - }, - /* DES_192_EDE3_CBC_WITH_MD5 */ -+#if 0 - { - 1, - SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5, -@@ -174,6 +175,7 @@ - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, -+#endif - /* RC4_64_WITH_MD5 */ - #if 1 - { diff --git a/openssl-1.0.0-defaults.patch b/openssl-1.0.0-defaults.patch index a3fb035..1dc660a 100644 --- a/openssl-1.0.0-defaults.patch +++ b/openssl-1.0.0-defaults.patch @@ -33,12 +33,3 @@ diff -p -up openssl-1.0.0/apps/openssl.cnf.defaults openssl-1.0.0/apps/openssl.c # we can do this but it is not needed normally :-) #1.organizationName = Second Organization Name (eg, company) -@@ -145,7 +147,7 @@ localityName = Locality Name (eg, city - organizationalUnitName = Organizational Unit Name (eg, section) - #organizationalUnitName_default = - --commonName = Common Name (eg, YOUR name) -+commonName = Common Name (eg, your name or your server\'s hostname) - commonName_max = 64 - - emailAddress = Email Address diff --git a/openssl-1.0.0d.tar.gz.asc b/openssl-1.0.0d.tar.gz.asc deleted file mode 100644 index 297f975..0000000 --- a/openssl-1.0.0d.tar.gz.asc +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.11 (GNU/Linux) - -iQCVAgUATVF6RKpYnaxaapuFAQIIGAP8CpLzaSqIylsrllK6YJwcma+4LHWgt22R -m0qjHpBUBrVYRvvs05ybLFgyoSfiV5pZ8D0p89bkF/dI8BT8L+gTwAodle6dnple -6gqZj6kKDzOV8NXAKnyqgtd8G8USj4lOO1bF4s32pdw+qeOuGQ8Zl9nNDUlFbHN+ -NVpKctUbWi4= -=wNaz ------END PGP SIGNATURE----- diff --git a/openssl-1.0.0g.tar.gz.asc b/openssl-1.0.0g.tar.gz.asc new file mode 100644 index 0000000..94a843e --- /dev/null +++ b/openssl-1.0.0g.tar.gz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.11 (GNU/Linux) + +iQEVAwUATxbMXqLSm3vylcdZAQKxWAf/U5niW1XqDa8P0pYacHVRmpi4B/fZCsuv +Vse3gC+aizCN3Fq1GgrAaaA3EdECEGXkAg8/l0ovfQNUWEO2EDIcC6oprESCEDSl +fOuWKMAOcWekFNpLIH3fPLXSNN0aTKZR9B0kTF/NGqkFr0SlQLqkdrrP+6bhhH0e +hnh0L8TqRpk+zlaGxxrl4L1G0cEug4e5Dolp/Zt7UmWo09fsRSZ4ceR3X5k4EYmu +Br47U/zWUID/zaAFLut6F7WShMp8vrtkCHes+o6Cy9jEmeN3FfpLJC7NSK1g5K1R +RAfAlKO0hqCOqWhYdvWHbR2vmOdPniTS528jIWUfJjBnNnRZ8rURRw== +=h9qf +-----END PGP SIGNATURE----- diff --git a/openssl.spec b/openssl.spec index 5a46fb5..8d24303 100644 --- a/openssl.spec +++ b/openssl.spec @@ -4,21 +4,17 @@ %define develname %mklibname openssl -d %define staticname %mklibname openssl -s -d -%define conflict1 %mklibname openssl 0.9.7 %define conflict2 %mklibname openssl 0.9.8 # Number of threads to spawn when testing some threading fixes. #define thread_test_threads %{?threads:%{threads}}%{!?threads:1} -# French policy is to not use ciphers stronger than 128 bits -%define french_policy 0 - %define with_krb5 %{?_with_krb5:1}%{!?_with_krb5:0} Summary: Secure Sockets Layer communications libs & utils Name: openssl -Version: %{maj}d -Release: %mkrel 2 +Version: %{maj}g +Release: 1 License: BSD-like Group: System/Libraries URL: http://www.openssl.org/ @@ -28,8 +24,6 @@ Source2: Makefile.certificate Source3: make-dummy-cert Source4: openssl-thread-test.c Source5: README.pkcs11 -# (gb) 0.9.6b-5mdk: Limit available SSL ciphers to 128 bits -Patch0: openssl-0.9.6b-mdkconfig.patch # (gb) 0.9.7b-4mdk: Handle RPM_OPT_FLAGS in Configure Patch2: openssl-optflags.diff # (oe) support Brazilian Government OTHERNAME X509v3 field (#14158) @@ -48,7 +42,7 @@ Patch16: pkcs11_engine-1.0.0.diff Patch300: openssl-1.0.0-mips.patch Patch301: openssl-1.0.0-arm.patch Patch302: openssl-1.0.0-enginesdir.patch -Requires: %{libname} = %{version}-%{release} +Requires: %{engines_name} = %{version}-%{release} Requires: perl-base Requires: rootcerts %{?_with_krb5:BuildRequires: krb5-devel} @@ -56,7 +50,6 @@ BuildRequires: chrpath BuildRequires: zlib-devel # (tv) for test suite: BuildRequires: bc -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot %description The openssl certificate management tool and the shared libraries that provide @@ -75,9 +68,7 @@ This package provides engines for openssl. %package -n %{libname} Summary: Secure Sockets Layer communications libs Group: System/Libraries -Requires: %{engines_name} >= %{version}-%{release} Provides: %{libname} = %{version}-%{release} -Conflicts: openssh < 3.5p1-4mdk %description -n %{libname} The libraries files are needed for various cryptographic algorithms @@ -90,9 +81,6 @@ Requires: %{libname} = %{version}-%{release} Provides: libopenssl-devel Provides: openssl-devel = %{version}-%{release} Obsoletes: openssl-devel -# temporary opsolete, will be a conflict later. a compat package -# with openssl-0.9.7 devel libs will be provided soon -Obsoletes: %{conflict1}-devel Obsoletes: %{conflict2}-devel Obsoletes: %{mklibname openssl 1.0.0}-devel Provides: %{name}-devel = %{version}-%{release} @@ -108,9 +96,6 @@ Group: Development/Other Requires: %{develname} = %{version}-%{release} Provides: libopenssl-static-devel Provides: openssl-static-devel = %{version}-%{release} -# temporary opsolete, will be a conflict later. a compat package -# with openssl-0.9.7 static-devel libs will be provided soon -Obsoletes: %{conflict1}-static-devel Obsoletes: %{conflict2}-static-devel Obsoletes: %{mklibname openssl 1.0.0}-static-devel Provides: %{name}-static-devel = %{version}-%{release} @@ -122,9 +107,6 @@ cryptographic algorithms and protocols, including DES, RC4, RSA and SSL. %prep %setup -q -n %{name}-%{version} -%if %{french_policy} -%patch0 -p1 -b .frenchpolicy -%endif %patch2 -p1 -b .optflags %patch6 -p0 -b .icpbrasil %patch7 -p1 -b .defaults @@ -173,6 +155,9 @@ sslarch="linux-generic32 -DB_ENDIAN -DNO_ASM" %ifarch s390x sslarch="linux-generic64 -DB_ENDIAN -DNO_ASM" %endif +%ifarch %{arm} +sslarch=linux-generic32 +%endif # ia64, x86_64, ppc, ppc64 are OK by default # Configure the build tree. Override OpenSSL defaults with known-good defaults @@ -182,9 +167,8 @@ sslarch="linux-generic64 -DB_ENDIAN -DNO_ASM" --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \ --enginesdir=%{_libdir}/openssl-%{version}/engines \ --prefix=%{_prefix} --libdir=%{_lib}/ %{?_with_krb5:--with-krb5-flavor=MIT -I%{_prefix}/kerberos/include -L%{_prefix}/kerberos/%{_lib}} \ - no-idea no-rc5 enable-camellia shared enable-tlsext ${sslarch} --pk11-libname=%{_libdir}/pkcs11/PKCS11_API.so - -# zlib no-idea no-mdc2 no-rc5 no-ec no-ecdh no-ecdsa shared ${sslarch} + --pk11-libname=%{_libdir}/pkcs11/PKCS11_API.so \ + zlib no-idea no-rc5 enable-camellia enable-seed enable-tlsext enable-rfc3779 enable-cms shared ${sslarch} \ # Add -Wa,--noexecstack here so that libcrypto's assembler modules will be # marked as not requiring an executable stack. @@ -245,11 +229,11 @@ ln -snf openssl %{buildroot}%{_bindir}/ssleay # The man pages rand.3 and passwd.1 conflict with other packages # Rename them to ssl-* and also make a symlink from openssl-* to ssl-* mv %{buildroot}%{_mandir}/man1/passwd.1 %{buildroot}%{_mandir}/man1/ssl-passwd.1 -ln -sf ssl-passwd.1.bz2 %{buildroot}%{_mandir}/man1/openssl-passwd.1.bz2 +ln -sf ssl-passwd.1%{_extension} %{buildroot}%{_mandir}/man1/openssl-passwd.1%{_extension} for i in rand err; do mv %{buildroot}%{_mandir}/man3/$i.3 %{buildroot}%{_mandir}/man3/ssl-$i.3 - ln -snf ssl-$i.3.bz2 %{buildroot}%{_mandir}/man3/openssl-$i.3.bz2 + ln -snf ssl-$i.3%{_extension} %{buildroot}%{_mandir}/man3/openssl-$i.3%{_extension} done rm -rf {main,devel}-doc-info @@ -298,19 +282,7 @@ perl -pi -e "s|^CATOP=.*|CATOP=%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfd perl -pi -e "s|^\\\$CATOP\=\".*|\\\$CATOP\=\"%{_sysconfdir}/pki/tls\";|g" %{buildroot}%{_sysconfdir}/pki/tls/misc/CA.pl perl -pi -e "s|\./demoCA|%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfdir}/pki/tls/openssl.cnf -%if %mdkversion < 200900 -%post -n %{libname} -p /sbin/ldconfig -%endif - -%if %mdkversion < 200900 -%postun -n %{libname} -p /sbin/ldconfig -%endif - -%clean -rm -fr %{buildroot} - %files -%defattr(-,root,root) %doc FAQ INSTALL LICENSE NEWS PROBLEMS main-doc-info/README* %doc README README.ASN1 README.ENGINE README.pkcs11 %dir %{_sysconfdir}/pki @@ -329,17 +301,14 @@ rm -fr %{buildroot} %attr(0644,root,root) %{_mandir}/man[157]/* %files -n %{libname} -%defattr(-,root,root) %doc FAQ INSTALL LICENSE NEWS PROBLEMS README* %attr(0755,root,root) %{_libdir}/lib*.so.* %files -n %{engines_name} -%defattr(-,root,root) %attr(0755,root,root) %dir %{_libdir}/openssl-%{version}/engines %attr(0755,root,root) %{_libdir}/openssl-%{version}/engines/*.so %files -n %{develname} -%defattr(-,root,root) %doc CHANGES doc/* devel-doc-info/README* %attr(0755,root,root) %dir %{_includedir}/openssl %{multiarch_includedir}/openssl/opensslconf.h @@ -349,12 +318,40 @@ rm -fr %{buildroot} %attr(0644,root,root) %{_libdir}/pkgconfig/* %files -n %{staticname} -%defattr(-,root,root) %attr(0644,root,root) %{_libdir}/lib*.a %changelog -* Mon May 02 2011 Oden Eriksson 1.0.0d-2mdv2011.0 +* Thu Jan 19 2012 Oden Eriksson 1.0.0g-1 ++ Revision: 762530 +- 1.0.0g + +* Mon Jan 09 2012 Oden Eriksson 1.0.0f-1 ++ Revision: 758821 +- 1.0.0f +- enable some new'ish features per default (enable-seed enable-rfc3779 enable-cms) + +* Thu Dec 01 2011 Matthew Dawkins 1.0.0e-3 ++ Revision: 735862 +- rebuild for openssl +- solves dep LOOP problems +- removed clean section, mkrel + +* Tue Nov 29 2011 Oden Eriksson 1.0.0e-2 ++ Revision: 735413 +- bump release +- more fixes to make sure rpm -Fvh works better +- drop the french fixes patch, it has never been used +- applied some fixes by Matthew Dawkins + +* Tue Sep 06 2011 Oden Eriksson 1.0.0e-1 ++ Revision: 698456 +- 1.0.0e (fixes CVE-2011-3207, CVE-2011-3210) + + + Matthew Dawkins + - fix arm build + +* Mon May 02 2011 Oden Eriksson 1.0.0d-2 + Revision: 661710 - multiarch fixes @@ -443,7 +440,7 @@ rm -fr %{buildroot} + Revision: 455585 - P22: fixes a regression with CVE-2009-2409 (#54349) -* Sun Sep 27 2009 Olivier Blin 0.9.8k-4mdv2010.0 +* Sun Sep 27 2009 Olivier Blin 0.9.8k-4mdv2010.0 + Revision: 450189 - mips and arm support (from Arnaud Patard) @@ -542,7 +539,7 @@ rm -fr %{buildroot} + Revision: 176044 - fix #38237 (Please include SNI support patch) - + Olivier Blin + + Olivier Blin - restore BuildRoot + Thierry Vignaud