--- openssl-1.0.1e-30.spec 2014-10-16 16:59:22.000000000 +0200 +++ openssl1.spec 2014-11-15 13:23:10.000000000 +0100 @@ -19,9 +19,9 @@ %define multilib_arches %{ix86} ia64 ppc ppc64 s390 s390x sparcv9 sparc64 x86_64 Summary: A general purpose cryptography library with TLS implementation -Name: openssl +Name: openssl1 Version: 1.0.1e -Release: 30%{?dist}.4 +Release: 30%{?dist}.4rh5 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. # The original openssl upstream tarball cannot be shipped in the .src.rpm. @@ -108,6 +108,10 @@ Patch110: openssl-1.0.1e-cve-2014-3567.patch Patch111: openssl-1.0.1e-cve-2014-3513.patch Patch112: openssl-1.0.1e-fallback-scsv.patch +Patch200: openssl-1.0.1e-srvrclnt-no-ssl23.patch +Patch201: openssl-1.0.1e-default-cipher-suite.patch +Patch202: openssl-1.0.1e-testssl.patch +Patch203: openssl-1.0.1e-newctx-disable-ssl23.patch License: OpenSSL Group: System Environment/Libraries @@ -116,7 +120,7 @@ BuildRequires: coreutils, krb5-devel, perl, sed, zlib-devel, /usr/bin/cmp BuildRequires: /usr/bin/rename Requires: coreutils, make -Requires: ca-certificates >= 2008-5 +#Requires: ca-certificates >= 2008-5 %description The OpenSSL toolkit provides support for secure communications between @@ -129,6 +133,7 @@ Group: Development/Libraries Requires: %{name} = %{version}-%{release}, krb5-devel, zlib-devel Requires: pkgconfig +Provides: openssl-devel %description devel OpenSSL is a toolkit for supporting cryptography. The openssl-devel @@ -158,7 +163,7 @@ from other formats to the formats used by the OpenSSL toolkit. %prep -%setup -q -n %{name}-%{version} +%setup -q -n openssl-%{version} # The hobble_openssl is called here redundantly, just to be sure. # The tarball has already the sources removed. @@ -238,6 +243,11 @@ %patch111 -p1 -b .srtp-leak %patch112 -p1 -b .fallback-scsv +#patch200 -p1 -b .ssl23 +# we can't apply patch here because otherwise "make check" will fail +#patch201 -p1 -b .ciphersuite +%patch203 -p1 -b .newctx-no-ssl23 + sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h # Modify the various perl scripts to reference perl in the right location. @@ -292,7 +302,7 @@ --prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \ zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \ enable-cms enable-md2 no-mdc2 no-rc5 no-ec2m no-gost no-srp \ - --with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl/engines \ + --with-krb5-flavor=MIT --enginesdir=%{_libdir}/openssl1/engines \ --with-krb5-dir=/usr shared ${sslarch} %{?!nofips:fips} # Add -Wa,--noexecstack here so that libcrypto's assembler modules will be @@ -340,15 +350,15 @@ ln -sf .libssl.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{soversion}.hmac \ %{nil} -%define __provides_exclude_from %{_libdir}/openssl +%define __provides_exclude_from %{_libdir}/openssl1 %install [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT # Install OpenSSL. -install -d $RPM_BUILD_ROOT{%{_bindir},%{_includedir},%{_libdir},%{_mandir},%{_libdir}/openssl} +install -d $RPM_BUILD_ROOT{%{_bindir},%{_includedir},%{_libdir},%{_mandir},%{_libdir}/openssl1} make INSTALL_PREFIX=$RPM_BUILD_ROOT install make INSTALL_PREFIX=$RPM_BUILD_ROOT install_docs -mv $RPM_BUILD_ROOT%{_libdir}/engines $RPM_BUILD_ROOT%{_libdir}/openssl +mv $RPM_BUILD_ROOT%{_libdir}/engines $RPM_BUILD_ROOT%{_libdir}/openssl1 mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man/* $RPM_BUILD_ROOT%{_mandir}/ rmdir $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT%{_libdir}/*.so.%{soversion} @@ -434,6 +444,16 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fips_premain.* rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* +# make openssl1 package compatible to openssl +mv $RPM_BUILD_ROOT/%{_bindir}/openssl $RPM_BUILD_ROOT/%{_bindir}/openssl1 +rm -rf \ + $RPM_BUILD_ROOT/%{_sysconfdir}/pki \ + $RPM_BUILD_ROOT/%{_mandir} \ + $RPM_BUILD_ROOT/%{_bindir}/c_rehash + +# cipher suite +patch $RPM_BUILD_ROOT/%{_prefix}/include/openssl/ssl.h <%{PATCH201} + %clean [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT @@ -444,56 +464,33 @@ %doc doc/openssl_button.html doc/openssl_button.gif %doc doc/ssleay.txt %doc README.FIPS -%{_sysconfdir}/pki/tls/certs/make-dummy-cert -%{_sysconfdir}/pki/tls/certs/renew-dummy-cert -%{_sysconfdir}/pki/tls/certs/Makefile -%{_sysconfdir}/pki/tls/misc/CA -%dir %{_sysconfdir}/pki/CA -%dir %{_sysconfdir}/pki/CA/private -%dir %{_sysconfdir}/pki/CA/certs -%dir %{_sysconfdir}/pki/CA/crl -%dir %{_sysconfdir}/pki/CA/newcerts -%{_sysconfdir}/pki/tls/misc/c_* -%attr(0755,root,root) %{_bindir}/openssl -%attr(0644,root,root) %{_mandir}/man1*/[ABD-Zabcd-z]* -%attr(0644,root,root) %{_mandir}/man5*/* -%attr(0644,root,root) %{_mandir}/man7*/* -%dir %{_sysconfdir}/pki/tls -%dir %{_sysconfdir}/pki/tls/certs -%dir %{_sysconfdir}/pki/tls/misc -%dir %{_sysconfdir}/pki/tls/private -%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf +%attr(0755,root,root) %{_bindir}/openssl1 %attr(0755,root,root) %{_libdir}/libcrypto.so.%{version} %attr(0755,root,root) %{_libdir}/libcrypto.so.%{soversion} %attr(0755,root,root) %{_libdir}/libssl.so.%{version} %attr(0755,root,root) %{_libdir}/libssl.so.%{soversion} %attr(0644,root,root) %{_libdir}/.libcrypto.so.*.hmac %attr(0644,root,root) %{_libdir}/.libssl.so.*.hmac -%attr(0755,root,root) %{_libdir}/openssl +%attr(0755,root,root) %{_libdir}/openssl1 %files devel %defattr(-,root,root) %{_prefix}/include/openssl %attr(0755,root,root) %{_libdir}/*.so -%attr(0644,root,root) %{_mandir}/man3*/* %attr(0644,root,root) %{_libdir}/pkgconfig/*.pc %files static %defattr(-,root,root) %attr(0644,root,root) %{_libdir}/*.a -%files perl -%defattr(-,root,root) -%attr(0755,root,root) %{_bindir}/c_rehash -%attr(0644,root,root) %{_mandir}/man1*/*.pl* -%{_sysconfdir}/pki/tls/misc/*.pl -%{_sysconfdir}/pki/tls/misc/tsget - %post -p /sbin/ldconfig %postun -p /sbin/ldconfig %changelog +* Tue Nov 11 2014 Frank Bergmann 1.0.1e-30.4rh5 +- rename package to openssl1, strip parts and use it as addtional rhel5 rpm + * Thu Oct 16 2014 Tomáš Mráz 1.0.1e-30.4 - use FIPS approved method for computation of d in RSA