From 9011d6d298e1a296eedf71b1c4b86a8ea29d0840 Mon Sep 17 00:00:00 2001 From: Silvan Calarco Date: Sat, 6 Jan 2024 08:16:51 +0100 Subject: [PATCH] rebuilt with enable-ssl2 [release 1.0.1s-2mamba;Sat Apr 30 2016] --- README.md | 5 + openssl-1.0.1a-fix_non_ia32.patch | 16 ++ openssl-1.0.1p-symbol_versioning.patch | 53 ++++ openssl-1.0.1s-legacy-engines-dir.patch | 78 ++++++ openssl-makecerts | 160 +++++++++++ openssl101.spec | 347 ++++++++++++++++++++++++ 6 files changed, 659 insertions(+) create mode 100644 openssl-1.0.1a-fix_non_ia32.patch create mode 100644 openssl-1.0.1p-symbol_versioning.patch create mode 100644 openssl-1.0.1s-legacy-engines-dir.patch create mode 100644 openssl-makecerts create mode 100644 openssl101.spec diff --git a/README.md b/README.md index 804c6d1..c86b7cf 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,7 @@ # openssl101 +The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. +This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). +This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). +This product includes software written by Tim Hudson (tjh@cryptsoft.com). + diff --git a/openssl-1.0.1a-fix_non_ia32.patch b/openssl-1.0.1a-fix_non_ia32.patch new file mode 100644 index 0000000..b747ecd --- /dev/null +++ b/openssl-1.0.1a-fix_non_ia32.patch @@ -0,0 +1,16 @@ +diff -Nru openssl-1.0.1a.orig/crypto/evp/e_rc4_hmac_md5.c openssl-1.0.1a/crypto/evp/e_rc4_hmac_md5.c +--- openssl-1.0.1a.orig/crypto/evp/e_rc4_hmac_md5.c 2012-04-18 19:51:33.000000000 +0200 ++++ openssl-1.0.1a/crypto/evp/e_rc4_hmac_md5.c 2012-04-24 12:34:58.532532269 +0200 +@@ -289,8 +289,12 @@ + + const EVP_CIPHER *EVP_rc4_hmac_md5(void) + { ++ #if defined(STITCHED_CALL) + extern unsigned int OPENSSL_ia32cap_P[]; + /* RC4_CHAR flag ------------vvvvv */ + return(OPENSSL_ia32cap_P[0]&(1<<20) ? NULL : &r4_hmac_md5_cipher); ++ #else ++ return(&r4_hmac_md5_cipher); ++ #endif + } + #endif diff --git a/openssl-1.0.1p-symbol_versioning.patch b/openssl-1.0.1p-symbol_versioning.patch new file mode 100644 index 0000000..ea664a8 --- /dev/null +++ b/openssl-1.0.1p-symbol_versioning.patch @@ -0,0 +1,53 @@ +diff -up openssl-1.0.1/Makefile.shared.version openssl-1.0.1/Makefile.shared +--- openssl-1.0.1/Makefile.shared.version 2012-03-14 20:58:20.553350959 +0100 ++++ openssl-1.0.1/Makefile.shared 2012-03-14 20:58:20.631352556 +0100 +@@ -151,7 +151,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \ + SHLIB_SUFFIX=; \ + ALLSYMSFLAGS='-Wl,--whole-archive'; \ + NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ +- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" ++ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,--default-symver,--version-script=version.map -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" + + DO_GNU_APP=LDFLAGS="$(CFLAGS)" + +diff -up openssl-1.0.1/version.map.version openssl-1.0.1/version.map +--- openssl-1.0.1/version.map.version 2012-03-14 20:58:20.631352556 +0100 ++++ openssl-1.0.1/version.map 2012-03-14 20:58:20.631352556 +0100 +@@ -0,0 +1,7 @@ ++OPENSSL_1.0.1 { ++ global: ++ SSLeay; ++ local: ++ _original*; ++ _current*; ++}; +--- openssl-1.0.1p/crypto/cversion.c.orig 2015-08-16 15:44:39.732602452 +0200 ++++ openssl-1.0.1p/crypto/cversion.c 2015-08-16 15:45:16.262509801 +0200 +@@ -97,7 +97,14 @@ + return ("not available"); + } + +-unsigned long SSLeay(void) ++unsigned long _original_SSLeay(void) + { +- return (SSLEAY_VERSION_NUMBER); ++ return(0x10000003); + } ++ ++unsigned long _current_SSLeay(void) ++{ ++ return(SSLEAY_VERSION_NUMBER); ++} ++__asm__(".symver _original_SSLeay,SSLeay@"); ++__asm__(".symver _current_SSLeay,SSLeay@@OPENSSL_1.0.1"); +--- openssl-1.0.1p/crypto/opensslv.h.orig 2015-08-16 15:44:39.733602449 +0200 ++++ openssl-1.0.1p/crypto/opensslv.h 2015-08-16 15:47:04.895305120 +0200 +@@ -88,7 +88,7 @@ + * should only keep the versions that are binary compatible with the current. + */ + # define SHLIB_VERSION_HISTORY "" +-# define SHLIB_VERSION_NUMBER "1.0.0" ++# define SHLIB_VERSION_NUMBER "1.0.1" + + + #ifdef __cplusplus diff --git a/openssl-1.0.1s-legacy-engines-dir.patch b/openssl-1.0.1s-legacy-engines-dir.patch new file mode 100644 index 0000000..13bc156 --- /dev/null +++ b/openssl-1.0.1s-legacy-engines-dir.patch @@ -0,0 +1,78 @@ +Index: openssl-1.0.0c/Makefile.org +=================================================================== +--- openssl-1.0.0c.orig/Makefile.org 2010-01-27 17:06:58.000000000 +0100 ++++ openssl-1.0.0c/Makefile.org 2010-12-13 19:41:03.000000000 +0100 +@@ -497,7 +497,7 @@ + install_sw: + @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ +- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ ++ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.1/engines \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \ + $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ + $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ +Index: openssl-1.0.0c/engines/Makefile +=================================================================== +--- openssl-1.0.0c.orig/engines/Makefile 2010-08-24 23:46:34.000000000 +0200 ++++ openssl-1.0.0c/engines/Makefile 2010-12-12 19:16:22.000000000 +0100 +@@ -107,7 +107,7 @@ + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @if [ -n "$(SHARED_LIBS)" ]; then \ + set -e; \ +- $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines; \ ++ $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.1/engines; \ + for l in $(LIBNAMES); do \ + ( echo installing $$l; \ + pfx=lib; \ +@@ -119,13 +119,13 @@ + *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ + *) sfx=".bad";; \ + esac; \ +- cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ ++ cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.1/engines/$$pfx$$l$$sfx.new; \ + else \ + sfx=".so"; \ +- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ ++ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.1/engines/$$pfx$$l$$sfx.new; \ + fi; \ +- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ +- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ ++ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.1/engines/$$pfx$$l$$sfx.new; \ ++ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.1/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.1/engines/$$pfx$$l$$sfx ); \ + done; \ + fi + @target=install; $(RECURSIVE_MAKE) +Index: openssl-1.0.0c/Configure +=================================================================== +--- openssl-1.0.0c.orig/Configure 2010-12-12 19:16:22.000000000 +0100 ++++ openssl-1.0.0c/Configure 2010-12-13 19:40:53.000000000 +0100 +@@ -1732,7 +1732,7 @@ + } + elsif (/^#define\s+ENGINESDIR/) + { +- my $foo = "$prefix/$libdir/engines"; ++ my $foo = "$prefix/$libdir/openssl-1.0.1/engines"; + $foo =~ s/\\/\\\\/g; + print OUT "#define ENGINESDIR \"$foo\"\n"; + } +Index: openssl-1.0.0c/engines/ccgost/Makefile +=================================================================== +--- openssl-1.0.0c.orig/engines/ccgost/Makefile 2010-12-13 19:41:14.000000000 +0100 ++++ openssl-1.0.0c/engines/ccgost/Makefile 2010-12-13 19:42:21.000000000 +0100 +@@ -53,13 +53,13 @@ + *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ + *) sfx=".bad";; \ + esac; \ +- cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ ++ cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.1/engines/$${pfx}$(LIBNAME)$$sfx.new; \ + else \ + sfx=".so"; \ + cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ + fi; \ +- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ +- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \ ++ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.1/engines/$${pfx}$(LIBNAME)$$sfx.new; \ ++ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.1/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.1/engines/$${pfx}$(LIBNAME)$$sfx; \ + fi + + links: diff --git a/openssl-makecerts b/openssl-makecerts new file mode 100644 index 0000000..40dc64e --- /dev/null +++ b/openssl-makecerts @@ -0,0 +1,160 @@ +#!/bin/bash +# +# Creates self-signed ssl certificates +# Copyright (c) 2003-2008 by Silvan Calarco +# Copyright (c) 2003-2005 by Davide Madrisan +# +# Create server side certificates +# documentation taken from openssl howtos http://www.openssl.org/docs/HOWTO/ + +SSLDIR=/var/ssl +[ "$CADAYS" ] || CADAYS=3650 +[ "$CERTDAYS" ] || CERTDAYS=1825 +mksslc_tempfile=`tempfile 2>/dev/null` +# 1. Creating a certificate request (optional) +# To create a certificate, you need to start with a certificate request +# or, as some certificate authorities like to put it, +# "certificate signing request", since that's exactly what they do, +# they sign it and give you the result back, thus making it authentic +# according to their policies. A certificate request can then be sent +# to a certificate authority to get it signed into a certificate, or if +# you have your own certificate authority, you may sign it yourself, or +# if you need a self-signed certificate. Because you just want a test +# certificate or because you are setting up your own CA. + +#openssl req -new -key privkey.perm -out cert.csr + +# 2. Creating a self-signed root Certification Authority certificate +# If you don't want to deal with another certificate authority, or just +# want to create a test certificate for yourself. This is similar to +# creating a certificate request, but creates a certificate instead of +# a certificate request. This is NOT the recommended way to create a +# CA certificate, see ca.txt. + +if [ ! -e $SSLDIR/cacert.pem ]; then + echo + echo "Creating a new Certification Authority" + [ "$CAPASS" -a "$CACOUNTRY" -a "$CASTATE" -a "$CACITY" -a \ + "$CAORGANIZATION" -a "$CAOU" -a "$CACOMMONNAME" -a "$CAEMAIL" ] || + echo "Please enter information about the Certification Authority" + while [ ! "$CACOUNTRY" -o ${#CACOUNTRY} -ne 2 ]; do + read -p "Two-letters country code (e.g. IT): " CACOUNTRY; + done + while [ ! "$CASTATE" ]; do read -p "State: " CASTATE; done + while [ ! "$CACITY" ]; do read -p "City: " CACITY; done + while [ ! "$CAORGANIZATION" ]; do read -p "Organization: " CAORGANIZATION; done + while [ ! "$CAOU" ]; do read -p "Operational unit: " CAOU; done + while [ ! "$CACOMMONNAME" ]; do read -p "Common name: " CACOMMONNAME; done + while [ ! "$CAEMAIL" ]; do read -p "Email: " CAEMAIL; done + while [ ! "$CAPASS" -o "$CAPASS" != "$CONFIRMPASS" ]; do + unset CAPASS + while [ ! "$CAPASS" ]; do read -s -p "Please enter a passphrase: " CAPASS; echo; done + read -s -p "Please confirm the passphrase: " CONFIRMPASS + echo + done + + echo "Generating a self-signed root Certification Authority certificate" + cat << _EOF > $mksslc_tempfile +$CAPASS +$CACOUNTRY +$CASTATE +$CACITY +$CAORGANIZATION +$CAOU +$CACOMMONNAME +$CAEMAIL +_EOF + + openssl req -passout stdin -new -x509 -keyout $SSLDIR/private/cakey.pem \ + -out $SSLDIR/cacert.pem -days 3650 < $mksslc_tempfile 2>&1 || exit 1 + +fi + +rm -f $mksslc_tempfile # remove sensible data + +[ "$CERTPASS" -a "$CERTCOUNTRY" -a "$CERTSTATE" -a "$CERTCITY" -a \ + "$CERTORGANIZATION" -a "$CERTOU" -a "$CERTCOMMONNAME" -a "$CERTEMAIL" ] || { + echo + echo "Please enter information about the self-signed server certificate" +} + +while [ ! "$CERTCOUNTRY" -o ${#CERTCOUNTRY} -ne 2 ]; do + read -p "Two-letters country code (e.g. IT) [$CACOUNTRY]: " CERTCOUNTRY + [ "$CERTCOUNTRY" ] || CERTCOUNTRY=$CACOUNTRY +done +while [ ! "$CERTSTATE" ]; do + read -p "State [$CASTATE]: " CERTSTATE + [ "$CERTSTATE" ] || CERTSTATE=$CASTATE +done +while [ ! "$CERTCITY" ]; do + read -p "City [$CACITY]: " CERTCITY + [ "$CERTCITY" ] || CERTCITY=$CACITY +done +while [ ! "$CERTORGANIZATION" ]; do + read -p "Organization [$CAORGANIZATION]: " CERTORGANIZATION + [ "$CERTORGANIZATION" ] || CERTORGANIZATION="$CAORGANIZATION" +done +while [ ! "$CERTOU" ]; do + read -p "Operational unit [$CAOU]: " CERTOU + [ "$CERTOU" ] || CERTOU=$CAOU +done +while [ ! "$CERTCOMMONNAME" ]; do + read -p "Common name [$CACOMMONNAME]: " CERTCOMMONNAME + [ "$CERTCOMMONNAME" ] || CERTCOMMONNAME=$CACOMMONNAME +done +while [ ! "$CERTEMAIL" ]; do + read -p "Email [$CAEMAIL]: " CERTEMAIL + [ "$CERTEMAIL" ] || CERTEMAIL=$CAEMAIL +done +while [ ! "$CERTPASS" -o "$CERTPASS" != "$CONFIRMPASS" ]; do + unset CERTPASS + while [ ! "$CERTPASS" ]; do read -s -p "Please enter a passphrase: " CERTPASS; echo; done + read -s -p "Please confirm the passphrase: " CONFIRMPASS + echo +done +while [ ! "$CAPASS" ]; do + read -s -p "Please, enter the CA passphrase for signing the certificate: " CAPASS +done + +[ -e $SSLDIR/certs/localhost.crt ] && { + read -p "A certificate called $SSLDIR/certs/localhost.crt already exists; overwrite [y/N]?" OVERWRITE + echo + [ "$OVERWRITE" != "y" -a "$OVERWRITE" != "Y" ] && exit 0 +} + +# 3. Generate a key without password +openssl genrsa -out $SSLDIR/private/localhost.key >/dev/null || exit 1 + +# 4. Create a server certificate signing request (CSR) +echo "Creating a server certificate request (CSR)" +cat << _EOF > $mksslc_tempfile +$CERTPASS +$CERTCOUNTRY +$CERTSTATE +$CERTCITY +$CERTORGANIZATION +$CERTOU +$CERTCOMMONNAME +$CERTEMAIL +_EOF +echo "" >> $mksslc_tempfile # A challenge password +echo "" >> $mksslc_tempfile # An optional company name + +openssl req -passout stdin -new -key $SSLDIR/private/localhost.key \ + -out $SSLDIR/localhost.csr -days $CERTDAYS < $mksslc_tempfile >/dev/null || exit 1 + +rm -f $mksslc_tempfile + +# 4. Sign a server certificate request +echo "Signing the certificate request" + +echo "$CAPASS" > $mksslc_tempfile +echo "y" >> $mksslc_tempfile # Sign the certificate? [y/n] +echo "y" >> $mksslc_tempfile # 1 out of 1 certificate requests certified, commit? + +openssl ca -days $CERTDAYS -passin stdin -policy policy_anything -out $SSLDIR/certs/localhost.crt \ + -infiles $SSLDIR/localhost.csr < $mksslc_tempfile >/dev/null || exit 1 + +rm -f $mksslc_tempfile + +exit 0 diff --git a/openssl101.spec b/openssl101.spec new file mode 100644 index 0000000..70c184c --- /dev/null +++ b/openssl101.spec @@ -0,0 +1,347 @@ +Name: openssl101 +Version: 1.0.1s +Release: 2mamba +Summary: Secure Sockets Layer communications libs and utils +Group: Network/Security +Vendor: openmamba +Distribution: openmamba +Packager: Silvan Calarco +URL: http://www.openssl.org +Source: http://www.openssl.org/source/openssl-%{version}.tar.gz +Source1: openssl-makecerts +Patch0: openssl-1.0.1a-fix_non_ia32.patch +Patch1: openssl-1.0.1p-symbol_versioning.patch +Patch2: openssl-1.0.1s-legacy-engines-dir.patch +License: BSD +## AUTOBUILDREQ-BEGIN +BuildRequires: glibc-devel +## AUTOBUILDREQ-END +Requires: lib%{name} = %{?epoch:%epoch:}%{version}-%{release} +BuildRoot: %{_tmppath}/%{name}-%{version}-root + +%description +The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. +This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). +This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). +This product includes software written by Tim Hudson (tjh@cryptsoft.com). + +%package -n lib%{name} +Summary: Library for OpenSSL +Group: System/Libraries + +%description -n lib%{name} +The libraries files are needed for various cryptographic algorithms and protocols, including DES, RC4, RSA and SSL. +This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). +This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). +This product includes software written by Tim Hudson (tjh@cryptsoft.com). + +%package -n lib%{name}-devel +Summary: Library Devel for OpenSSL +Group: Development/Libraries +Requires: lib%{name} = %{version}-%{release} + +%description -n lib%{name}-devel +Library symlinks and include files needed to compile apps with support for various cryptographic algorithms and protocols, including DES, RC4, RSA and SSL. +This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). +This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). +This product includes software written by Tim Hudson (tjh@cryptsoft.com). + +%package -n lib%{name}-static +Summary: OpenSSL static libraries +Group: Development/Libraries +Requires: lib%{name} = %{version}-%{release} +Requires: lib%{name}-devel = %{version}-%{release} + +%description -n lib%{name}-static +Static libraries needed to compile apps with support for various cryptographic algorithms and protocols, including DES, RC4, RSA and SSL. + +%debug_package + +%prep +%setup -q -n openssl-%{version} +#%patch0 -p1 +%patch1 -p1 +%patch2 -p1 + +%build +# FIXME: --openssldir=%{_libdir}/ssl +# (FHS: no executable files should be installed in /etc) +./Configure \ +%ifarch ppc + linux-ppc \ +%endif +%ifarch i586 + linux-elf \ +%endif +%ifarch x86_64 + linux-x86_64 \ + enable-ec_nistp_64_gcc_128 \ +%endif +%ifarch arm + linux-generic32 \ +%endif + shared \ + enable-md2 \ + enable-ssl2 \ + --prefix=%{_prefix} \ + --openssldir=/etc/ssl + +%ifarch ppc +sed -i "s/-m486/-march=%{_target_cpu}/g" Makefile +%endif + +sed -i 's|\(.*\)chmod 644\(.*/lib/pkgconfig\)|\1chmod 755\2|' Makefile + +%make -j1 CC=%{_host}-gcc MANDIR=%{_mandir} +%make -j1 CC=%{_host}-gcc rehash + +#export LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}} +%if "%{_host}" == "%{_build}" +make test +%endif + +%install +[ "%{buildroot}" != / ] && rm -rf "%{buildroot}" +make install CC=%{_host}-gcc INSTALL_PREFIX=%{buildroot} MANDIR=%{_mandir} + +chmod 755 %{buildroot}%{_libdir}/pkgconfig +chmod 644 %{buildroot}%{_libdir}/pkgconfig/*.pc + +mv %{buildroot}%{_mandir}/man1/passwd.* \ + %{buildroot}%{_mandir}/man1/openssl-passwd.* +mv %{buildroot}%{_mandir}/man3/err.* \ + %{buildroot}%{_mandir}/man3/openssl-err.* +mv %{buildroot}%{_mandir}/man3/rand.* \ + %{buildroot}%{_mandir}/man3/openssl-rand.* +# rpmbuild can't correctly handle spaces in symlink names +rm -f %{buildroot}%{_mandir}/man7/Modes\ of\ DES.7 + +mkdir -p %{buildroot}/var/ssl/{certs,newcerts,private,crl} +touch %{buildroot}/var/ssl/index.txt +echo "01" > %{buildroot}/var/ssl/serial + +sed -i "s|./demoCA|/var/ssl|" %{buildroot}/etc/ssl/openssl.cnf + +rm -f %{buildroot}%{_libdir}/fips_premain.c +rm -f %{buildroot}%{_libdir}/fips_premain.c.sha1 + +install -m 0755 -D %{SOURCE1} %{buildroot}%{_sbindir}/openssl-makecerts + +%clean +[ "%{buildroot}" != / ] && rm -rf "%{buildroot}" + +%post -p /sbin/ldconfig +%postun -p /sbin/ldconfig + +%files +%defattr(-,root,root) +%config(noreplace) %{_sysconfdir}/ssl/openssl.cnf +%dir %{_sysconfdir}/ssl/private +%{_sysconfdir}/ssl/misc +%{_bindir}/c_rehash +#%{_bindir}/fipsld +%{_bindir}/openssl +%{_sbindir}/openssl-makecerts +#%{_bindir}/openssl_fips_fingerprint +%{_mandir}/man1/* +%{_mandir}/man5/* +%{_mandir}/man7/* +%dir /var/ssl +%dir /var/ssl/certs +%dir /var/ssl/crl +%dir /var/ssl/newcerts +%dir %attr(0700,root,root) /var/ssl/private +%config(noreplace) /var/ssl/index.txt +%config(noreplace) /var/ssl/serial + +%files -n lib%{name} +%defattr(-,root,root) +%{_libdir}/libcrypto.so.* +%{_libdir}/libssl.so.* +%{_libdir}/openssl-1.0.1/engines/lib*.so +%doc LICENSE + +%files -n lib%{name}-devel +%defattr(-,root,root) +%dir %{_includedir}/openssl +%{_includedir}/openssl/* +%{_libdir}/*.so +%{_libdir}/pkgconfig/libcrypto.pc +%{_libdir}/pkgconfig/libssl.pc +%{_libdir}/pkgconfig/openssl.pc +%{_mandir}/man3/* +#%doc CHANGES* FAQ NEWS PROBLEMS README* + +%files -n lib%{name}-static +%defattr(-,root,root) +%{_libdir}/*.a + +%changelog +* Sat Apr 30 2016 Silvan Calarco 1.0.1s-2mamba +- rebuilt with enable-ssl2 + +* Sat Apr 30 2016 Silvan Calarco 1.0.1s-1mamba +- update to 1.0.1s +- legacy package + +* Sun Aug 16 2015 Silvan Calarco 1.0.1p-1mamba +- update to 1.0.1p + +* Fri Jan 16 2015 Automatic Build System 1.0.1l-1mamba +- automatic version update by autodist + +* Fri Jan 09 2015 Automatic Build System 1.0.1k-1mamba +- automatic version update by autodist + +* Thu Oct 16 2014 Automatic Build System 1.0.1j-1mamba +- automatic version update by autodist + +* Thu Aug 07 2014 Automatic Build System 1.0.1i-1mamba +- automatic version update by autodist + +* Sat Jul 26 2014 Silvan Calarco 1.0.1h-2mamba +- x86_64: rebuild with enable-ec_nistp_64_gcc_128 as suggested by tor + +* Fri Jun 06 2014 Automatic Build System 1.0.1h-1mamba +- automatic version update by autodist + +* Tue Apr 08 2014 Automatic Build System 1.0.1g-1mamba +- automatic version update by autodist + +* Sun Feb 09 2014 Automatic Build System 1.0.1f-1mamba +- automatic version update by autodist + +* Fri Nov 15 2013 Silvan Calarco 1.0.1e-3mamba +- added openssl-static subpackage + +* Thu Jun 27 2013 Silvan Calarco 1.0.1e-2mamba +- man and doc pages moved to appropriate subpackage +- don't provide 1.0.0 lib compatibility links (use now openssl100 legacy package) + +* Tue Feb 12 2013 Automatic Build System 1.0.1e-1mamba +- automatic version update by autodist + +* Fri Feb 08 2013 Automatic Build System 1.0.1d-1mamba +- automatic version update by autodist + +* Mon Jul 02 2012 Silvan Calarco 1.0.1c-2mamba +- addded patch to enable symbol versioning + +* Sat May 12 2012 Automatic Build System 1.0.1c-1mamba +- automatic version update by autodist + +* Fri Apr 20 2012 Automatic Build System 1.0.1a-1mamba +- automatic version update by autodist + +* Thu Mar 15 2012 Automatic Build System 1.0.1-1mamba +- automatic version update by autodist + +* Tue Mar 13 2012 Automatic Build System 1.0.0h-1mamba +- automatic version update by autodist + +* Thu Jan 19 2012 Automatic Build System 1.0.0g-1mamba +- automatic version update by autodist + +* Thu Jan 05 2012 Automatic Build System 1.0.0f-1mamba +- automatic version update by autodist + +* Tue Sep 06 2011 Automatic Build System 1.0.0e-1mamba +- automatic version update by autodist + +* Mon Mar 14 2011 Silvan Calarco 1.0.0d-2mamba +- rebuilt with debug package + +* Wed Feb 09 2011 Automatic Build System 1.0.0d-1mamba +- automatic update by autodist + +* Mon Dec 06 2010 Automatic Build System 1.0.0c-1mamba +- automatic update to 1.0.0c by autodist + +* Fri Jul 02 2010 Davide Madrisan 1.0.0a-2mamba +- enable md2 support + +* Wed Jun 02 2010 Automatic Build System 1.0.0a-1mamba +- automatic update to 1.0.0a by autodist + +* Tue Mar 30 2010 Automatic Build System 1.0.0-1mamba +- automatic update to 1.0.0 by autodist + +* Mon Mar 29 2010 Automatic Build System 0.9.8n-1mamba +- automatic update to 0.9.8n by autodist + +* Tue Mar 23 2010 Silvan Calarco 0.9.8m-2mamba +- move /etc/ssl/misc to openssl package +- removed build requirement for perl +- add support for arm target + +* Fri Feb 26 2010 Automatic Build System 0.9.8m-1mamba +- automatic update to 0.9.8m by autodist + +* Wed Nov 18 2009 Automatic Build System 0.9.8l-1mamba +- automatic update to 0.9.8l by autodist + +* Fri Mar 27 2009 Silvan Calarco 0.9.8k-1mamba +- automatic update to 0.9.8k by autodist + +* Wed Jan 07 2009 Silvan Calarco 0.9.8j-1mamba +- automatic update to 0.9.8j by autodist + +* Sat Oct 04 2008 Silvan Calarco 0.9.8i-2mamba +- libopenssl-devel: obsolete libopenssl097-devel +- set 700 permission to /var/ssl/private directory + +* Tue Sep 16 2008 Silvan Calarco 0.9.8i-1mamba +- automatic update to 0.9.8i by autodist + +* Tue Jun 17 2008 Silvan Calarco 0.9.8h-1mamba +- update to 0.9.8h + +* Fri Mar 14 2008 Silvan Calarco 0.9.8g-3mamba +- added openssl-makecerts script for creating a CA and a self-signed certificate + +* Mon Dec 31 2007 Aleph0 0.9.8g-2mamba +- fix permissions of .pc files + +* Sun Nov 18 2007 Silvan Calarco 0.9.8g-1mamba +- update to 0.9.8g + +* Wed Sep 06 2006 Davide Madrisan 0.9.7k-1qilnx +- update to version 0.9.7k by autospec +- also fixes CAN-2006-4339 (bugzilla#230) + +* Fri Oct 14 2005 Davide Madrisan 0.9.7h-1qilnx +- update to version 0.9.7h by autospec +- also fixes the security issue QSA-2005-119 (CAN-2005-2969) +- patches removed (merget upstream) + +* Wed Jul 27 2005 Davide Madrisan 0.9.7e-2qilnx +- fix security issue QSA-2005-083 (CAN-2005-0109) +- do not create a broken link to the libfips library (p0) + see http://www.mail-archive.com/openssl-dev%40openssl.org/msg18268.html + +* Tue Dec 14 2004 Davide Madrisan 0.9.7e-1qilnx +- update to version 0.9.7e by autospec +- fix security issue QSA-2004-062 (CAN-2004-0975) +- added documentation + +* Thu Mar 18 2004 Davide Madrisan 0.9.7d-1qilnx +- security fix release (CAN-2004-0079, CAN-2004-0112) + +* Mon Jan 19 2004 Davide Madrisan 0.9.7c-2qilnx +- specfile fixes + +* Wed Oct 01 2003 Davide Madrisan 0.9.7c-1qilnx +- rebuilt with new version (important security bugfixes) + +* Fri Jul 25 2003 Silvan Calarco 0.9.7b-4qilnx +- configured so that certificates are by default under /var/ssl + +* Wed Jun 18 2003 Silvan Calarco 0.9.7b-3qilnx +- rebuilt against gcc 3.2.3 +- files correctly redistributed beetwen main and devel package + +* Wed Apr 30 2003 Silvan Calarco +- err, rand and passwd manpages renamed to openssl-* to avoid conflicts with other versions + +* Tue Apr 16 2003 Luca Tinelli +- first build