Sophie

Sophie

distrib > Mageia > 7 > i586 > by-pkgid > 39d186bf5063d6a6892046a667372ec3 > files > 10

compat-openssl10-1.0.2u-1.2.mga7.src.rpm

%global soversion 1.0.0

# Number of threads to spawn when testing some threading fixes.
%global thread_test_threads %{?threads:%{threads}}%{!?threads:1}

# Arches on which we need to prevent arch conflicts on opensslconf.h, must
# also be handled in opensslconf-new.h.
%global multilib_arches %{ix86} ia64 %{mips} ppc %{power64} s390 s390x sparcv9 sparc64 x86_64

%global _performance_build 1

%define libname %mklibname compat-openssl 10 %{soversion}
%define develname %mklibname compat-openssl10 -d
%define staticname %mklibname compat-openssl10 -s -d

%define with_krb5 0

Summary: Compatibility version of the OpenSSL library
Name:    compat-openssl10
Version: 1.0.2u
%define subrel 2
Release: %mkrel 1
Epoch:   1
Source:  http://www.openssl.org/source/openssl-%{version}.tar.gz
Source2: Makefile.certificate
Source6: make-dummy-cert
Source7: renew-dummy-cert
Source8: openssl-thread-test.c
Source9: opensslconf-new.h
Source10: opensslconf-new-warning.h
# Build changes
Patch1: openssl-1.0.2e-optflags.patch
Patch2: openssl-1.0.2a-defaults.patch
Patch4: openssl-1.0.2i-enginesdir.patch
Patch5: openssl-1.0.2a-no-rpath.patch
Patch7: openssl-1.0.0-timezone.patch
Patch8: openssl-1.0.1c-perlfind.patch
Patch9: openssl-1.0.1c-aliasing.patch
# Bug fixes
Patch23: openssl-1.0.2c-default-paths.patch
Patch24: openssl-1.0.2a-issuer-hash.patch
# Functionality changes
Patch33: openssl-1.0.0-beta4-ca-dir.patch
Patch34: openssl-1.0.2a-x509.patch
Patch35: openssl-1.0.2a-version-add-engines.patch
Patch45: openssl-1.0.2a-env-zlib.patch
Patch47: openssl-1.0.2a-readme-warning.patch
Patch49: openssl-1.0.1i-algo-doc.patch
Patch50: openssl-1.0.2a-dtls1-abi.patch
Patch51: openssl-1.0.2a-version.patch
Patch60: openssl-1.0.2a-apps-dgst.patch
Patch63: openssl-1.0.2a-xmpp-starttls.patch
Patch65: openssl-1.0.2i-chil-fixes.patch
Patch66: openssl-1.0.2h-pkgconfig.patch
Patch71: openssl-1.0.2m-manfix.patch
Patch74: openssl-1.0.2a-no-md5-verify.patch
Patch90: openssl-1.0.2i-enc-fail.patch
Patch92: openssl-1.0.2a-system-cipherlist.patch
Patch93: openssl-1.0.2g-disable-sslv2v3.patch
Patch96: openssl-1.0.2e-speed-doc.patch
Patch97: openssl-1.0.2j-nokrb5-abi.patch
# Backported fixes including security fixes
Patch81: openssl-1.0.2a-padlock64.patch
Patch99: CVE-2020-1968.patch
Patch100: CVE-2020-1971-1.patch
Patch101: CVE-2020-1971-2.patch
Patch102: CVE-2020-1971-3.patch
Patch103: CVE-2020-1971-4.patch
Patch104: CVE-2020-1971-5.patch
Patch105: CVE-2021-23840.patch
Patch106: CVE-2021-23841.patch
License: OpenSSL
Group:   System/Libraries
URL:     http://www.openssl.org/
Requires: %{libname} = %{epoch}:%{version}-%{release}
Requires: rootcerts
%if %{with_krb5}
BuildRequires: pkgconfig(krb5)
%endif
BuildRequires: multiarch-utils >= 1.0.3
BuildRequires: pkgconfig(zlib)
# (tv) for test suite:
BuildRequires: bc

%description
The OpenSSL toolkit provides support for secure communications between
machines. This version of OpenSSL package contains only the libraries
and is provided for compatibility with previous releases and software
that does not support compilation with OpenSSL-1.1.


%package -n	%{libname}
Summary:	Secure Sockets Layer communications libs
Group:		System/Libraries
Requires:	crypto-policies
Conflicts:	%{mklibname openssl 1.0.0}
Obsoletes:	%{mklibname openssl 1.0.0}

%description -n	%{libname}
The OpenSSL toolkit provides support for secure communications between
machines. This version of OpenSSL package contains only the libraries
and is provided for compatibility with previous releases and software
that does not support compilation with OpenSSL-1.1.


%package -n	%{develname}
Summary: 	Files for development of applications which have to use OpenSSL-1.0.2
Group:		Development/Other
Requires:	%{name} = %{epoch}:%{version}-%{release}
Requires:	zlib-devel
Requires:	pkgconfig
# The devel subpackage intentionally conflicts with main openssl-devel
# as simultaneous use of both openssl package cannot be encouraged.
# Making the packages non-conflicting would also require further
# changes in the dependent packages.
Conflicts:	openssl-devel
Provides:	%{name}-devel = %{epoch}:%{version}-%{release}

%description -n	%{develname}
The OpenSSL toolkit provides support for secure communications between
machines. This version of OpenSSL package contains only the libraries
and is provided for compatibility with previous releases and software
that does not support compilation with OpenSSL-1.1. This package
contains include files needed to develop applications which
support various cryptographic algorithms and protocols.

%prep
%setup -q -n openssl-%{version}

%patch1 -p1 -b .optflags
%patch2 -p1 -b .defaults
%patch4 -p1 -b .enginesdir %{?_rawbuild}
%patch5 -p1 -b .no-rpath
%patch7 -p1 -b .timezone
%patch8 -p1 -b .perlfind %{?_rawbuild}
%patch9 -p1 -b .aliasing

%patch23 -p1 -b .default-paths
%patch24 -p1 -b .issuer-hash

%patch33 -p1 -b .ca-dir
%patch34 -p1 -b .x509
%patch35 -p1 -b .version-add-engines
%patch45 -p1 -b .env-zlib
%patch47 -p1 -b .warning
%patch49 -p1 -b .algo-doc
%patch50 -p1 -b .dtls1-abi
%patch51 -p1 -b .version
%patch60 -p1 -b .dgst
%patch63 -p1 -b .starttls
%patch65 -p1 -b .chil
%patch66 -p1 -b .pkgconfig
%patch71 -p1 -b .manfix
%patch74 -p1 -b .no-md5-verify
%patch90 -p1 -b .enc-fail
%patch92 -p1 -b .system
%patch93 -p1 -b .v2v3
%patch96 -p1 -b .speed-doc
%patch97 -p1 -b .nokrb5-abi

%patch81 -p1 -b .padlock64

%patch99 -p1 -b .CVE-2020-1968
%patch100 -p1 -b .CVE-2020-1971-1
%patch101 -p1 -b .CVE-2020-1971-2
%patch102 -p1 -b .CVE-2020-1971-3
%patch103 -p1 -b .CVE-2020-1971-4
%patch104 -p1 -b .CVE-2020-1971-5
%patch105 -p1
%patch106 -p1

# Modify the various perl scripts to reference perl in the right location.
perl util/perlpath.pl `dirname %{__perl}`

# Generate a table with the compile settings for my perusal.
touch Makefile
make TABLE PERL=%{__perl}

%build
# Figure out which flags we want to use.
# default
sslarch=%{_os}-%{_target_cpu}
%ifarch %ix86
sslarch=linux-elf
if ! echo %{_target} | grep -q i686 ; then
    sslflags="no-asm 386"
fi
%endif
%ifarch x86_64
sslflags=enable-ec_nistp_64_gcc_128
%endif
%ifarch sparcv9
sslarch=linux-sparcv9
sslflags=no-asm
%endif
%ifarch sparc64
sslarch=linux64-sparcv9
sslflags=no-asm
%endif
%ifarch alpha alphaev56 alphaev6 alphaev67
sslarch=linux-alpha-gcc
%endif
%ifarch s390 sh3eb sh4eb
sslarch="linux-generic32 -DB_ENDIAN"
%endif
%ifarch s390x
sslarch="linux64-s390x"
%endif
%ifarch %{arm}
sslarch=linux-armv4
%endif
%ifarch aarch64
sslarch=linux-aarch64
sslflags=enable-ec_nistp_64_gcc_128
%endif
%ifarch sh3 sh4
sslarch=linux-generic32
%endif
%ifarch ppc64 ppc64p7
sslarch=linux-ppc64
%endif
%ifarch ppc64le
sslarch="linux-ppc64le"
sslflags=enable-ec_nistp_64_gcc_128
%endif
%ifarch mips mipsel
sslarch="linux-mips32 -mips32r2"
%endif
%ifarch mips64 mips64el
sslarch="linux64-mips64 -mips64r2"
%endif
%ifarch mips64el
sslflags=enable-ec_nistp_64_gcc_128
%endif

# ia64, x86_64, ppc are OK by default
# Configure the build tree.  Override OpenSSL defaults with known-good defaults
# usable on all platforms.  The Configure script already knows to use -fPIC and
# RPM_OPT_FLAGS, so we can skip specifiying them here.
./Configure \
    --prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
    --system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \
    zlib enable-camellia enable-seed enable-tlsext enable-rfc3779 \
    enable-cms enable-md2 enable-rc5 \
    no-mdc2 no-ec2m no-gost no-srp no-krb5 \
    --enginesdir=%{_libdir}/openssl/engines \
    shared  ${sslarch}

# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
# marked as not requiring an executable stack.
# Also add -DPURIFY to make using valgrind with openssl easier as we do not
# want to depend on the uninitialized memory as a source of entropy anyway.
RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DPURIFY"
make depend
make all

# Generate hashes for the included certs.
make rehash

# Clean up the .pc files
for i in libcrypto.pc libssl.pc openssl.pc ; do
  sed -i '/^Libs.private:/{s/-L[^ ]* //;s/-Wl[^ ]* //}' $i
done

##check
## Verify that what was compiled actually works.
#
## We must revert patch33 before tests otherwise they will fail
#patch -p1 -R < %{PATCH33}
#
#LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
#export LD_LIBRARY_PATH
#OPENSSL_ENABLE_MD5_VERIFY=
#export OPENSSL_ENABLE_MD5_VERIFY
#OPENSSL_CONF=%{_builddir}/openssl-%{version}/apps/openssl.cnf
#export OPENSSL_CONF
#make -C test apps tests
##{__cc} -o openssl-thread-test \
#    -I./include \
#    $RPM_OPT_FLAGS \
#    %{SOURCE8} \
#    -L. \
#    -lssl -lcrypto \
#    -lpthread -lz -ldl
#./openssl-thread-test --threads %{thread_test_threads}
#
##define __provides_exclude_from %{_libdir}/openssl

%install
# Install OpenSSL.
install -d %{buildroot}{%{_bindir},%{_includedir},%{_libdir},%{_mandir},%{_libdir}/openssl}
make INSTALL_PREFIX=%{buildroot} LIBDIR=%{_lib} install
make INSTALL_PREFIX=%{buildroot} install_docs
mv %{buildroot}%{_libdir}/engines %{buildroot}%{_libdir}/openssl
mv %{buildroot}%{_sysconfdir}/pki/tls/man/* %{buildroot}%{_mandir}/
rmdir %{buildroot}%{_sysconfdir}/pki/tls/man

# Delete static library
rm -f %{buildroot}%{_libdir}/*.a || :

# Rename man pages so that they don't conflict with other system man pages.
pushd %{buildroot}%{_mandir}
for manpage in man*/* ; do
	if [ -L ${manpage} ]; then
		TARGET=`ls -l ${manpage} | awk '{ print $NF }'`
		ln -snf ${TARGET}ssl ${manpage}ssl
		rm -f ${manpage}
	else
		mv ${manpage} ${manpage}ssl
	fi
done
popd

# Delete non-devel man pages in the compat package
rm -rf %{buildroot}%{_mandir}/man[157]*

# Delete configuration files
rm -rf  %{buildroot}%{_sysconfdir}/pki

# Remove binaries
rm -rf %{buildroot}/%{_bindir}

# Remove engines
rm -rf %{buildroot}/%{_libdir}/openssl

%files
%license LICENSE
%doc FAQ NEWS README


%files -n %{libname}
%doc FAQ LICENSE NEWS README*
%{_libdir}/libcrypto.so.%{soversion}
%{_libdir}/libssl.so.%{soversion}

%files -n %{develname}
%doc doc/c-indentation.el doc/openssl.txt CHANGES
%{_prefix}/include/openssl
%{_libdir}/*.so
%{_mandir}/man3*/*
%attr(0644,root,root) %{_libdir}/pkgconfig/*.pc



%changelog
* Sat Feb 27 2021 neoclust <neoclust> 1:1.0.2u-1.2.mga7
+ Revision: 1693016
- Add P105-106: Fixes CVE-2021-2384[01]  (mga#28383)
+ ns80 <ns80>
- add patches from Ubuntu for CVE-2020-1971 (mga#27305)
- add Ubuntu patch for CVE-2020-1968 (mga#27305)
- new version 1.0.2u (mga#25977)
- new version 1.0.2t for CVE-2019-1547 and CVE-2019-1563 (mga#24888)

* Wed Feb 27 2019 luigiwalser <luigiwalser> 1:1.0.2r-1.mga7
+ Revision: 1370312
- 1.0.2r (fixes CVE-2019-1559)

* Thu Nov 22 2018 ns80 <ns80> 1:1.0.2q-1.mga7
+ Revision: 1333296
- new version 1.0.2q for CVE-2018-0734 and CVE-2018-5407 (mga#23870)

* Sun Sep 23 2018 umeabot <umeabot> 1:1.0.2o-3.mga7
+ Revision: 1296720
- Mageia 7 Mass Rebuild

* Fri Jun 08 2018 pterjan <pterjan> 1:1.0.2o-2.mga7
+ Revision: 1235343
- Force correct libdir, it uses wrong one on aarch64

* Sat Mar 31 2018 luigiwalser <luigiwalser> 1:1.0.2o-1.mga7
+ Revision: 1213923
- 1.0.2o

* Wed Dec 13 2017 luigiwalser <luigiwalser> 1:1.0.2n-1.mga7
+ Revision: 1182495
- 1.0.2n

* Sat Nov 11 2017 luigiwalser <luigiwalser> 1:1.0.2m-3.mga7
+ Revision: 1176944
- replace old library

* Fri Nov 10 2017 luigiwalser <luigiwalser> 1:1.0.2m-2.mga7
+ Revision: 1176807
- add back patch to fix compilation flags (fixes empty debug source package)
- remove explicit attrs on symlinks
- unmangle soname (incompatibility from fedora)
- disable krb5 build by default (as we had it before)
- remove BR chrpath (not used)

* Sun Nov 05 2017 luigiwalser <luigiwalser> 1:1.0.2m-1.mga7
+ Revision: 1176037
- 1.0.2m
- switch back to real tarball
- remove extra fedora stuff that prevents updating and building package

* Tue Aug 22 2017 neoclust <neoclust> 1:1.0.2j-9.mga7
+ Revision: 1143307
- imported package compat-openssl10


* Mon Aug 21 2017 Tomáš Mráz <tmraz@redhat.com> 1.0.2j-9
- add missing ldconfig call to post script

* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.0.2j-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.0.2j-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.0.2j-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild

* Thu Oct 20 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.2j-5
- fix -devel subpackage conflict with man-pages package (#1387175)

* Fri Oct 14 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.2j-4
- correct wrong Requires in -devel subpackage

* Fri Oct 14 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.2j-3
- add back -devel subpackage as a stop-gap measure for software
  that cannot be ported to new API easily

* Fri Oct  7 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.2j-2
- removed Buildroot and clean section
- added Conflicts with old openssl

* Thu Oct  6 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.2j-1
- updated to 1.0.2j and modified Summary

* Thu Oct  6 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.2i-3
- renamed to compat-openssl10, additional cleanups

* Fri Sep 23 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.2i-2
- compat package created

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional