123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948 |
- %bcond_with fips
- %define build_compat32 %{?_with_compat32:1}%{!?_with_compat32:0}
- %{!?_pkgdocdir:%global _pkgdocdir %{_docdir}}
- # 1.0.0 soversion = 10
- # 1.1.0 soversion = 1.1 (same as upstream although presence of some symbols
- # depends on build configuration options)
- %define soversion 3
- Summary: Secure Sockets Layer Toolkit
- Name: openssl
- Version: 3.0.5
- Release: 1%{_dist_release}
- Group: system,security
- Vendor: Project Vine
- Distribution: Vine Linux
- Packager: daisuke, iwamoto
- License: BSDish
- URL: https://www.openssl.org/
- # We have to remove certain patented algorithms from the openssl source
- # tarball with the hobble-openssl script which is included below.
- # The original openssl upstream tarball cannot be shipped in the .src.rpm.
- Source: openssl-%{version}-hobbled.tar.xz
- Source1: hobble-openssl
- Source2: Makefile.certificate
- Source6: make-dummy-cert
- Source7: renew-dummy-cert
- Source9: configuration-switch.h
- Source10: configuration-prefix.h
- Source12: ec_curve.c
- Source13: ectest.c
- # Patches exported from source git
- # Aarch64 and ppc64le use lib64
- #Patch1: 0001-Aarch64-and-ppc64le-use-lib64.patch
- # Use more general default values in openssl.cnf
- Patch2: 0002-Use-more-general-default-values-in-openssl.cnf.patch
- # Do not install html docs
- Patch3: 0003-Do-not-install-html-docs.patch
- # Override default paths for the CA directory tree
- Patch4: 0004-Override-default-paths-for-the-CA-directory-tree.patch
- # apps/ca: fix md option help text
- Patch5: 0005-apps-ca-fix-md-option-help-text.patch
- # Disable signature verification with totally unsafe hash algorithms
- Patch6: 0006-Disable-signature-verification-with-totally-unsafe-h.patch
- # Add support for PROFILE=SYSTEM system default cipherlist
- Patch7: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
- # Add FIPS_mode() compatibility macro
- Patch8: 0008-Add-FIPS_mode-compatibility-macro.patch
- # Add check to see if fips flag is enabled in kernel
- #Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch
- # remove unsupported EC curves
- Patch11: 0011-Remove-EC-curves.patch
- # Disable explicit EC curves
- Patch12: 0012-Disable-explicit-ec.patch
- # Instructions to load legacy provider in openssl.cnf
- #Patch24: 0024-load-legacy-prov.patch
- # Selectively disallow SHA1 signatures rhbz#2070977
- Patch49: 0049-Allow-disabling-of-SHA1-signatures.patch
- # Backport of patch for RHEL for Edge rhbz #2027261
- Patch51: 0051-Support-different-R_BITS-lengths-for-KBKDF.patch
- # Support SHA1 in TLS in LEGACY crypto-policy (which is SECLEVEL=1)
- Patch52: 0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch
- # Instrument with USDT probes related to SHA-1 deprecation
- #Patch53: 0053-Add-SHA1-probes.patch
- # https://github.com/openssl/openssl/pull/18103
- # The patch is incorporated in 3.0.3 but we provide this function since 3.0.1
- # so the patch should persist
- Patch56: 0056-strcasecmp.patch
- # https://github.com/openssl/openssl/pull/18444
- #Patch58: 0058-replace-expired-certs.patch
- # security fix
- # none
- BuildRoot: %{_tmppath}/%{name}-%{version}-root
- BuildRequires: perl, sed
- BuildRequires: zlib-devel, krb5-devel
- BuildRequires: lksctp-tools-devel
- Requires: mktemp
- Requires: ca-certificates
- Requires: %{name}-libs = %{version}-%{release}
- Obsoletes: openssl111 < 3.0.0
- %define solibbase %(echo %version | sed 's/[[:alpha:]]//g')
- %description
- The OpenSSL certificate management tool and the shared libraries that
- provide various cryptographic algorithms and protocols.
- %package libs
- Summary: A general purpose cryptography library with TLS implementation
- Group: system
- %description libs
- OpenSSL is a toolkit for supporting cryptography. The openssl-libs
- package contains the libraries that are used by various applications which
- support cryptographic algorithms and protocols.
- %package devel
- Summary: OpenSSL libraries and development headers.
- Group: programming
- Requires: %{name}-libs = %{version}-%{release}
- Requires: krb5-devel
- Conflicts: openssl111-devel < 3.0.0
- %description devel
- The static libraries and include files needed to compile apps
- with support for various the cryptographic algorithms and protocols
- supported by OpenSSL.
- Patches for many networking apps can be found at:
- ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps/
- %package static
- Summary: Libraries for static linking of applications which will use OpenSSL
- Group: programming
- Requires: %{name}-devel = %{version}-%{release}
- Conflicts: openssl111-static < 3.0.0
- %description static
- OpenSSL is a toolkit for supporting cryptography. The openssl-static
- package contains static libraries needed for static linking of
- applications which support various cryptographic algorithms and
- protocols.
- %package perl
- Summary: OpenSSL scripts which require Perl.
- Group: security
- Requires: %{name}-libs = %{version}-%{release}
- Obsoletes: openssl111-perl < 3.0.0
- Requires: perl
- %description perl
- Perl scripts provided with OpenSSL for converting certificates and keys
- from other formats to those used by OpenSSL.
- ## to build compat32 for x86_64 architecture support
- %package -n compat32-%{name}
- Summary: Secure Sockets Layer Toolkit
- Group: system
- Requires: %{name} = %{version}-%{release}
- %description -n compat32-%{name}
- The OpenSSL certificate management tool and the shared libraries that
- provide various cryptographic algorithms and protocols.
- %package -n compat32-%{name}-devel
- Summary: OpenSSL libraries and development headers.
- Group: programming
- Requires: compat32-%{name} = %{version}-%{release}
- Requires: compat32-krb5-devel
- Conflicts: compat32-openssl111-devel < 3.0.0
- %description -n compat32-%{name}-devel
- The static libraries and include files needed to compile apps
- with support for various the cryptographic algorithms and protocols
- supported by OpenSSL.
- %debug_package
- %prep
- %setup -q -n %{name}-%{version}
- %autopatch -p1
- # The hobble_openssl is called here redundantly, just to be sure.
- # The tarball has already the sources removed.
- %{SOURCE1} > /dev/null
- cp %{SOURCE12} crypto/ec/
- cp %{SOURCE13} test/
- %build
- # Figure out which flags we want to use.
- # default
- sslarch=%{_os}-%{_target_cpu}
- #
- %ifarch %ix86
- sslarch=linux-elf
- if ! echo %{_target} | grep -q i686 ; then
- sslflags="no-asm 386"
- fi
- %endif
- %ifarch x86_64
- sslflags=enable-ec_nistp_64_gcc_128
- %endif
- # Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
- # marked as not requiring an executable stack.
- # Also add -DPURIFY to make using valgrind with openssl easier as we do not
- # want to depend on the uninitialized memory as a source of entropy anyway.
- RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DPURIFY $RPM_LD_FLAGS"
- export HASHBANGPERL=/usr/bin/perl
- perl -pi -e 's|/engines-|/%{name}/engines-|' ./Configurations/unix-Makefile.tmpl
- # ia64, x86_64, ppc are OK by default
- # Configure the build tree. Override OpenSSL defaults with known-good defaults
- # usable on all platforms. The Configure script already knows to use -fPIC and
- # RPM_OPT_FLAGS, so we can skip specifiying them here.
- ./Configure \
- --prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
- --system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \
- zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
- enable-cms enable-md2 enable-rc5 enable-ktls enable-fips \
- no-mdc2 no-ec2m no-sm2 no-sm4 \
- shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\""'
- # Do not run this in a production package the FIPS symbols must be patched-in
- #util/mkdef.pl crypto update
- make -s %{?_smp_mflags} all
- # Clean up the .pc files
- for i in libcrypto.pc libssl.pc openssl.pc ; do
- sed -i '/^Libs.private:/{s/-L[^ ]* //;s/-Wl[^ ]* //}' $i
- done
- %check
- # Verify that what was compiled actually works.
- # Hack - either enable SCTP AUTH chunks in kernel or disable sctp for check
- (sysctl net.sctp.addip_enable=1 && sysctl net.sctp.auth_enable=1) || \
- (echo 'Failed to enable SCTP AUTH chunks, disabling SCTP for tests...' &&
- sed '/"msan" => "default",/a\ \ "sctp" => "default",' configdata.pm > configdata.pm.new && \
- touch -r configdata.pm configdata.pm.new && \
- mv -f configdata.pm.new configdata.pm)
- # We must revert patch4 before tests otherwise they will fail
- patch -p1 -R < %{PATCH4}
- LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
- export LD_LIBRARY_PATH
- OPENSSL_ENABLE_MD5_VERIFY=
- export OPENSSL_ENABLE_MD5_VERIFY
- OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file
- export OPENSSL_SYSTEM_CIPHERS_OVERRIDE
- make test HARNESS_JOBS=8
- %if 0
- # Add generation of HMAC checksum of the final stripped library
- %define __spec_install_post \
- %{?__debug_package:%{__debug_install_post}} \
- %{__arch_install_post} \
- %{__os_install_post} \
- %{nil}
- %endif
- %define __provides_exclude_from %{_libdir}/openssl
- %install
- [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
- # Install OpenSSL.
- install -d $RPM_BUILD_ROOT{/%{_lib},%{_bindir},%{_includedir},%{_libdir},%{_mandir},%{_libdir}/openssl,%{_pkgdocdir}}
- make DESTDIR=$RPM_BUILD_ROOT install
- mv $RPM_BUILD_ROOT%{_libdir}/lib*.so.%{soversion} $RPM_BUILD_ROOT/%{_lib}/
- rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT/%{_lib}/*.so.%{soversion}
- for lib in $RPM_BUILD_ROOT/%{_lib}/*.so.%{version} ; do
- chmod 755 ${lib}
- ln -s -f ../../%{_lib}/`basename ${lib}` $RPM_BUILD_ROOT/%{_libdir}/`basename ${lib} .%{version}`
- ln -s -f `basename ${lib}` $RPM_BUILD_ROOT/%{_lib}/`basename ${lib} .%{version}`.%{soversion}
- done
- # Install a makefile for generating keys and self-signed certs, and a script
- # for generating them on the fly.
- mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs
- install -m644 %{SOURCE2} $RPM_BUILD_ROOT%{_pkgdocdir}/Makefile.certificate
- install -m755 %{SOURCE6} $RPM_BUILD_ROOT%{_bindir}/make-dummy-cert
- install -m755 %{SOURCE7} $RPM_BUILD_ROOT%{_bindir}/renew-dummy-cert
- # Move runable perl scripts to bindir
- mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc/*.pl $RPM_BUILD_ROOT%{_bindir}
- mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc/tsget $RPM_BUILD_ROOT%{_bindir}
- # Rename man pages so that they don't conflict with other system man pages.
- pushd $RPM_BUILD_ROOT%{_mandir}
- mv man5/config.5ossl man5/openssl.cnf.5
- popd
- mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA
- mkdir -m700 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/private
- mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/certs
- mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/crl
- mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/newcerts
- # Ensure the config file timestamps are identical across builds to avoid
- # mulitlib conflicts and unnecessary renames on upgrade
- touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf
- touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf
- rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf.dist
- rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf.dist
- %ifarch i686
- rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/fipsmodule.cnf
- %endif
- # Determine which arch opensslconf.h is going to try to #include.
- basearch=%{_arch}
- %ifarch %{ix86}
- basearch=i386
- %endif
- # Next step of gradual disablement of SSL3.
- # Make SSL3 disappear to newly built dependencies.
- sed -i '/^\#ifndef OPENSSL_NO_SSL_TRACE/i\
- #ifndef OPENSSL_NO_SSL3\
- # define OPENSSL_NO_SSL3\
- #endif' $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h
- %ifarch %{multilib_arches}
- # Do an opensslconf.h switcheroo to avoid file conflicts on systems where you
- # can have both a 32- and 64-bit version of the library, and they each need
- # their own correct-but-different versions of opensslconf.h to be usable.
- install -m644 %{SOURCE10} \
- $RPM_BUILD_ROOT/%{_prefix}/include/openssl/configuration-${basearch}.h
- cat $RPM_BUILD_ROOT/%{_prefix}/include/openssl/configuration.h >> \
- $RPM_BUILD_ROOT/%{_prefix}/include/openssl/configuration-${basearch}.h
- install -m644 %{SOURCE9} \
- $RPM_BUILD_ROOT/%{_prefix}/include/openssl/configuration.h
- %endif
- %clean
- [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
- %files
- %defattr(-,root,root)
- %{!?_licensedir:%global license %%doc}
- %license LICENSE.txt
- %doc NEWS.md README.md
- %{_pkgdocdir}/Makefile.certificate
- %{_bindir}/make-dummy-cert
- %{_bindir}/renew-dummy-cert
- %{_bindir}/openssl
- %dir %{_mandir}/man1*
- %{_mandir}/man1*/*
- %dir %{_mandir}/man5*
- %{_mandir}/man5*/*
- %dir %{_mandir}/man7*
- %{_mandir}/man7*/*
- %exclude %{_mandir}/man1/*.pl*
- %exclude %{_mandir}/man1/tsget*
- %files libs
- %{!?_licensedir:%global license %%doc}
- %license LICENSE.txt
- %dir %{_sysconfdir}/pki/tls
- %dir %{_sysconfdir}/pki/tls/certs
- %dir %{_sysconfdir}/pki/tls/misc
- %dir %{_sysconfdir}/pki/tls/private
- %config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
- %config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf
- %attr(0755,root,root) /%{_lib}/libcrypto.so.%{version}
- /%{_lib}/libcrypto.so.%{soversion}
- %attr(0755,root,root) /%{_lib}/libssl.so.%{version}
- /%{_lib}/libssl.so.%{soversion}
- %attr(0755,root,root) %{_libdir}/%{name}/engines-%{soversion}
- %attr(0755,root,root) %{_libdir}/ossl-modules
- %ifnarch i686
- %config(noreplace) %{_sysconfdir}/pki/tls/fipsmodule.cnf
- %endif
- %files devel
- %doc CHANGES.md doc/dir-locals.example.el doc/openssl-c-indent.el
- %{_prefix}/include/openssl
- %exclude %{_libdir}/lib*.a
- %{_libdir}/*.so
- %attr(0644,root,root) %{_libdir}/pkgconfig/*.pc
- %dir %{_mandir}/man3*
- %{_mandir}/man3*/*
- %files static
- %defattr(-,root,root)
- %attr(0644,root,root) %{_libdir}/*.a
- %files perl
- %defattr(-,root,root)
- %{_bindir}/c_rehash
- %{_bindir}/*.pl
- %{_bindir}/tsget
- %{_mandir}/man1*/*.pl*
- %{_mandir}/man1*/tsget*
- %dir %{_sysconfdir}/pki/CA
- %dir %{_sysconfdir}/pki/CA/private
- %dir %{_sysconfdir}/pki/CA/certs
- %dir %{_sysconfdir}/pki/CA/crl
- %dir %{_sysconfdir}/pki/CA/newcerts
- ## to build compat32 for x86_64 architecture support
- %if %{build_compat32}
- %files -n compat32-%{name}
- %defattr(-,root,root)
- %attr(0755,root,root) /%{_lib}/*.so.*
- %files -n compat32-%{name}-devel
- %defattr(-,root,root)
- %exclude %{_libdir}/lib*.a
- %attr(0755,root,root) %{_libdir}/*.so
- %attr(0644,root,root) %{_libdir}/pkgconfig/*.pc
- %endif
- %changelog
- * Wed Jul 06 2022 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 3.0.5-1
- - new upstream release.
- * Wed Jun 22 2022 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 3.0.4-1
- - new upstream release.
- * Wed Mar 16 2022 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 3.0.2-1
- - new upstream release.
- * Wed Dec 15 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 3.0.1-1
- - new upstream release.
- * Thu Sep 30 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 3.0.0-1
- - new upstream release.
- * Wed Aug 25 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.1.1l-1
- - new upstream release.
- * Fri Mar 26 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.1.1k-1
- - new upstream release.
- - dropped ldconfig scriptlets.
- * Wed Feb 17 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.1.1j-1
- - new upstream release.
- * Wed Dec 09 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.1.1i-1
- - new upstream release.
- * Sat Nov 21 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.1.1h-1
- - new upstream release.
- - dropped Patch43: fixed in upstream.
- - imported Patch55-70 from rawhide.
- - updated Source13.
- * Sat Apr 25 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.1.1g-1
- - new upstream release.
- * Wed Apr 08 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.1.1f-1
- - new upstream release.
- - updated Patch1.
- - dropped Patch54: fixed in upstream.
- * Wed Mar 18 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.1.1e-1
- - new upstream release.
- - dropped Patch100 and 1000: fixed in upstream.
- * Fri Dec 20 2019 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.1.1d-2
- - imported Patch1000 from upstream.
- * Fri Sep 13 2019 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.1.1d-1
- - new upstream release.
- - updated Source12 and 13.
- - updated all patches.
- - imported Patch100 from upstream.
- * Sat Aug 24 2019 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.1.1c-1
- - new upstream release.
- - updated Patch37 and 41.
- - imported Patch52-54 from rawhide.
- * Mon May 06 2019 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.1.1b-2
- - fixed openssl.cnf
- * Sun May 05 2019 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.1.1b-1
- - new upstream release.
- - imported Patch36 from rawhide.
- - updated Patch32.
- * Sat Dec 08 2018 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.1.1a-1
- - new upstream release.
- - updated Patch2.
- - dropped Patch36 and 46: fixed in upstream.
- * Thu Nov 01 2018 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.1.1-2
- - fixed symlinks.
- * Thu Nov 01 2018 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.1.1-1
- - new upstream release (newest LTS version).
- - imported fedora stuff (except FIPS).
- * Sun Apr 1 2018 IWAI, Masaharu <iwaim.sub@gmail.com> 1.0.2o-1
- - new upstream release with security fixes
- * Sun Jan 21 2018 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.2n-1
- - new upstream release with security fixes
- * Wed Nov 15 2017 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.2m-1
- - new upstream release with security fixes
- * Sun Jan 29 2017 IWAI, Masaharu <iwaim.sub@gmail.com> 1.0.2k-1
- - new upstream release with security fixes
- * Thu May 5 2016 IWAI, Masaharu <iwaim.sub@gmail.com> 1.0.2h-1
- - new upstream release with security fixes
- * Wed Mar 9 2016 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.2g-1
- - new upstream release 1.0.2 with security fixes
- - Patch2 is merged into Patch0
- * Mon Dec 28 2015 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.1q-1
- - new upstream release with security fixes
- * Fri Jul 10 2015 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.1p-1
- - new upstream release with security fixes
- * Wed Jul 1 2015 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.1o-1
- - new upstream release
- * Sun Apr 12 2015 Yoji TOYODA <bsyamato@sea.plala.or.jp> 1.0.1m-1
- - merged into Vine6
- * Fri Mar 20 2015 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.1m-1
- - new upstream release with security fixes
- - update Patch2,5
- * Mon Jan 12 2015 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.1k-1
- - new upstream release with security fixes
- * Mon Oct 20 2014 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.1j-1
- - new upstream release with security fixes
- - add patch8 from fc21 (fix perl find.pl)
- * Fri Jun 6 2014 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.0.1h-1
- - new upstream release with security fixes.
- * Tue Apr 8 2014 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.1g-1
- - new upstream release with security fixes
- * Thu Jan 9 2014 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.1f-1
- - new upstream release with security fixes
- * Tue Sep 24 2013 Daisuke SUZUKI <daisuke@linux.or.jp> 1.0.1e-2
- - move root CA bundle to ca-certificates package
- * Tue Feb 12 2013 Daisuke SUZUKI <daisuke@linux.or.jp> 1.0.1e-1
- - update to 1.0.1e
- - 1.0.1d has major regressions from 1.0.1c
- * Sat Feb 9 2013 IWAI, Masaharu <iwai@alib.jp> 1.0.1d-2
- - remove tsget script to delete dependency perl(WWW::Curl::Easy)
- - openssl-perl package contains it in docdir
- * Fri Feb 08 2013 Toshiharu Kudoh <toshi.kd2@gmail.com> 1.0.1d-1
- - new upstream release with security fix (CVE-2012-2686, CVE-2013-0166, 0169)
- - fixed %%files
- * Tue May 29 2012 Daisuke SUZUKI <daisuke@linux.or.jp> 1.0.1c-1
- - update to 1.0.1c
- - enable configure options:
- enable-camellia enable-seed enable-tlsext enable-rfc3779
- enable-cms enable-md2
- - remove no-asm option from ai64/x86_64/ppc/ppc64/i686
- - generate a table with the compile settings before configure
- * Fri Jan 20 2012 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.0g-1
- - new upstream release with security fix (CVE-2012-0050)
- * Fri Jan 6 2012 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.0f-1
- - new upstream release with security fix
- (CVE-2011-4108,09, CVE-2011-4576,77, CVE-2011-4619, CVE-2012-0027)
- * Wed Sep 7 2011 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.0e-1
- - new upstream release with security fix (CVE-2011-3207, 3210)
- * Sun Mar 20 2011 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.0d-2
- - rebuild with krb5-libs 1.8
- * Fri Feb 11 2011 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.0d-1
- - new upstream release with security fix
- * Sat Jan 15 2011 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.0c-4
- - use upstream openssl.pc instead of vine original one (SOURCE6)
- * Sun Jan 9 2011 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.0c-3
- - move tsget to docs to delete dependency perl(WWW::Curl::Easy)
- * Sat Jan 1 2011 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.0c-2
- - add R: krb5-devel into devel pkg
- - add R: compat32-krb5-devel into compat32-devel pkg
- * Fri Dec 31 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.0c-1
- - new upstream release 1.0.0x
- - separate static libs into static package
- - change configure options
- - change so version 10
- - add tsget into perl package
- - update all patches
- * Thu Dec 30 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.9.8q-2
- - fix changelog typo...
- * Tue Dec 7 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.9.8q-1
- - new upstream release with security fix (CVE-2010-4180)
- * Wed Nov 17 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.9.8p-1
- - new upstream release with security fix (CVE-2010-3864)
- - drop patches included in new release
- - update patch4
- * Sun Jan 17 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.9.8k-5
- - add patch12 for fix CVE-2009-3555 (renegotiation)
- * Fri Jan 15 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.9.8k-4
- - add patch11 for fix CVE-2009-4355 (memory leak)
- * Tue Jun 23 2009 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.9.8k-3
- - add patch10 to fix CVE-2009-1377, 78, 79 (from fc11)
- * Mon Jun 22 2009 NAKAMURA Kenta <kenta@vinelinux.org> 0.9.8k-2
- - removed unnecessary %%if %{build_compat32} statements
- - removed lib*.a from devel package
- * Mon Mar 30 2009 Satosh IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.9.8k-1
- - new upstream release with security fix (CVE-2000-0590,0591,0789)
- * Sun Jan 11 2009 Satosh IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.9.8j-1
- - new upstream release with security fix (CVE-2008-5077)
- * Sat Sep 20 2008 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.8i-1
- - new upstream release
- * Sat Jul 12 2008 Satosh IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.9.8h-1
- - new upstream release
- - new versioning policy
- * Sat Oct 27 2007 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.8g-0vl1
- - new upstream release
- - drop patch10,20 which is merged in upstream
- * Fri Sep 28 2007 MATSUBAYASHI Kohji <shaolin@vinelinux.org> 0.9.8e-0vl3
- - add security patch in advance for CVE-2007-5135
- http://www.securityfocus.com/archive/1/archive/1/480855/100/0/threaded
- http://marc.info/?l=openssl-cvs&m=119020417919619&w=2
- * Fri Aug 10 2007 MATSUBAYASHI Kohji <shaolin@vinelinux.org> 0.9.8e-0vl2
- - add security patch for CVE-2007-3108
- (http://openssl.org/news/patch-CVE-2007-3108.txt)
- * Tue May 15 2007 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.8e-0vl1
- - new upstream release
- * Sun Dec 24 2006 Satosh IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.9.7l-0vl2
- - update (fix) openssl.pc <BTS:437>
- * Fri Sep 29 2006 Satosh IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.9.7l-0vl1
- - new upstream release (with security fix)
- * Mon Sep 11 2006 Satosh IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.9.7k-0vl1
- - new upstream release
- - add patch2 to use RPM_OPT macro
- * Mon Feb 06 2006 Shu KONNO <owa@bg.wakwak.com> 0.9.7i-0vl3
- - moved macros _lib to /usr/lib/rpm/rpmrc or macros files
- * Fri Feb 03 2006 Shu KONNO <owa@bg.wakwak.com> 0.9.7i-0vl2
- - added compat32-* packages for x86_64 architecture support
- - added openssl-0.9.7i.Configure-compat32.patch
- - changed '/lib' to '/%{_lib}'
- * Mon Oct 17 2005 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.7i-0vl1
- - new upstream release
- * Mon Jan 31 2005 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.7d-0vl4
- - rebuild on VineSeed
- * Sun Jan 09 2005 IKEDA Katsumi <ikeda@webmasters.gr.jp> 0.9.7d-0vl3.1
- - added a security patch from Gentoo.
- - Patch1: openssl-0.9.7c-tempfile.patch
- * Sun Mar 28 2004 MATSUBAYASHI Kohji <shaolin@vinelinux.org> 0.9.7d-0vl3
- - sslarch for ppc was missing... added.
- * Fri Mar 26 2004 Tomoya TAKA <taka@vinelinux.org> 0.9.7d-0vl2
- - use sslarch=linux-alpha-gcc instead of alpha-gcc
- * Mon Mar 22 2004 Satoshi MACHINO <machino@vinelinux.org> 0.9.7d-0vl1
- - new upstream version
- - clean up of spec file
- -- removed old patches
- * Sat Mar 20 2004 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6m-0vl1
- - new upstream release
- - SECURITY fix.
- - http://www.openssl.org/news/secadv_20040317.txt
- * Wed Oct 1 2003 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6k-0vl1
- - new upstream release
- - [Security fix]
- - Vulnerabilities in ASN.1 parsing
- http://www.openssl.org/news/secadv_20030930.txt
- - see %{_docdir}/%{name}-%{version}/CHANGES for other changes
- * Wed Jun 04 2003 HOTTA Michihide <hotta@net-newbie.com> 0.9.6j-0vl2
- - add openssl.pc for pkgconfig
- * Tue Mar 11 2003 Satoshi MACHINO <machino@vinelinux.org> 0.9.6j-0vl1
- - New upstream version
- - dropped patch10, 11
- -- merged upstream version
- * Sun Feb 23 2003 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6i-0vl1
- - rebuild for VineSeed
- * Sun Feb 23 2003 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6i-0vl0.26.1
- - [Security Fix]
- - Timing-based attacks on RSA keys
- http://www.openssl.org/news/secadv_20030317.txt
- - Klima-Pokorny0Rosa attack on RSA in SSL/TLS
- http://www.openssl.org/news/secadv_20030317.txt
- * Sun Feb 23 2003 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6i-0vl0.26
- - new upstream release 0.9.6i
- - [Security Fix]
- - build for Vine Linux 2.6 errata
- * Mon Nov 18 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6h-0vl1
- - new upstream release 0.9.6h
- * Mon Nov 18 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6g-0vl1
- - new upstream release 0.9.6g
- * Mon Oct 28 2002 IWAI Masaharu <iwai@alib.jp> 0.9.6b-1vl6
- - SECURITY: CAN-2002-0659 fixed
- - added Patch101 from RedHat 7.2 updates 0.9.6b-28
- * Fri Aug 02 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-28
- - update asn patch to fix accidental reversal of a logic check
- * Thu Aug 01 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-27
- - update asn patch to reduce chance that compiler optimization will remove
- one of the added tests
- * Thu Aug 01 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-26
- - rebuild
- * Tue Jul 30 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-25
- - add patch to fix ASN.1 vulnerabilities
- * Wed Jul 31 2002 IWAI Masaharu <iwai@alib.jp> 0.9.6b-1vl5
- - rename spec file name
- - SECURITY: CA-2002-23 fixed
- - added Patch100 from RedHat 7.2 updates 0.9.6b-24
- * Thu Jul 25 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-24
- - add backport of Ben Laurie's patches for OpenSSL 0.9.6d
- * Mon Sep 10 2001 Satoshi MACHINO <machino@vinelinux.org> 0.9.6b-1vl4
- - added ${PATH} in LD_LIBRARY_PATH
- - added install -m 755 *.so.* $RPM_BUILD_ROOT%{_libdir} in %install
-
- * Sun Jul 15 2001 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6b-1vl3
- - remove --no-<cipher>
- * Sun Jul 15 2001 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6b-1vl2
- - add Patch10 for mipsel shared ( Configure )
- * Sat Jul 14 2001 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6b-1vl1
- - build for Vine Linux
- - use openssl-engine-0.9.6b.tar.gz
- * Wed Jul 11 2001 Nalin Dahyabhai <nalin@redhat.com>
- - update to 0.9.6b
- * Thu Jul 5 2001 Nalin Dahyabhai <nalin@redhat.com>
- - move .so symlinks back to %%{_libdir}
- * Tue Jul 3 2001 Nalin Dahyabhai <nalin@redhat.com>
- - move shared libraries to /lib (#38410)
- * Mon Jun 25 2001 Nalin Dahyabhai <nalin@redhat.com>
- - switch to engine code base
- * Mon Jun 18 2001 Nalin Dahyabhai <nalin@redhat.com>
- - add a script for creating dummy certificates
- - move man pages from %%{_mandir}/man?/foo.?ssl to %%{_mandir}/man?ssl/foo.?
- * Thu Jun 07 2001 Florian La Roche <Florian.LaRoche@redhat.de>
- - add s390x support
- * Fri Jun 1 2001 Nalin Dahyabhai <nalin@redhat.com>
- - change two memcpy() calls to memmove()
- - don't define L_ENDIAN on alpha
- * Tue May 15 2001 Nalin Dahyabhai <nalin@redhat.com>
- - make subpackages depend on the main package
- * Tue May 1 2001 Nalin Dahyabhai <nalin@redhat.com>
- - adjust the hobble script to not disturb symlinks in include/ (fix from
- Joe Orton)
- * Thu Apr 26 2001 Nalin Dahyabhai <nalin@redhat.com>
- - drop the m2crypo patch we weren't using
- * Tue Apr 24 2001 Nalin Dahyabhai <nalin@redhat.com>
- - configure using "shared" as well
- * Sun Apr 8 2001 Nalin Dahyabhai <nalin@redhat.com>
- - update to 0.9.6a
- - use the build-shared target to build shared libraries
- - bump the soversion to 2 because we're no longer compatible with
- our 0.9.5a packages or our 0.9.6 packages
- - drop the patch for making rsatest a no-op when rsa null support is used
- - put all man pages into <section>ssl instead of <section>
- - break the m2crypto modules into a separate package
- * Tue Mar 13 2001 Nalin Dahyabhai <nalin@redhat.com>
- - use BN_LLONG on s390
- * Mon Mar 12 2001 Nalin Dahyabhai <nalin@redhat.com>
- - fix the s390 changes for 0.9.6 (isn't supposed to be marked as 64-bit)
- * Sat Mar 3 2001 Nalin Dahyabhai <nalin@redhat.com>
- - move c_rehash to the perl subpackage, because it's a perl script now
- * Fri Mar 2 2001 Nalin Dahyabhai <nalin@redhat.com>
- - update to 0.9.6
- - enable MD2
- - use the libcrypto.so and libssl.so targets to build shared libs with
- - bump the soversion to 1 because we're no longer compatible with any of
- the various 0.9.5a packages circulating around, which provide lib*.so.0
- * Wed Feb 28 2001 Florian La Roche <Florian.LaRoche@redhat.de>
- - change hobble-openssl for disabling MD2 again
- * Tue Feb 27 2001 Nalin Dahyabhai <nalin@redhat.com>
- - re-disable MD2 -- the EVP_MD_CTX structure would grow from 100 to 152
- bytes or so, causing EVP_DigestInit() to zero out stack variables in
- apps built against a version of the library without it
- * Mon Feb 26 2001 Nalin Dahyabhai <nalin@redhat.com>
- - disable some inline assembly, which on x86 is Pentium-specific
- - re-enable MD2 (see http://www.ietf.org/ietf/IPR/RSA-MD-all)
- * Thu Feb 08 2001 Florian La Roche <Florian.LaRoche@redhat.de>
- - fix s390 patch
- * Fri Dec 8 2000 Than Ngo <than@redhat.com>
- - added support s390
- * Mon Nov 20 2000 Nalin Dahyabhai <nalin@redhat.com>
- - remove -Wa,* and -m* compiler flags from the default Configure file (#20656)
- - add the CA.pl man page to the perl subpackage
- * Thu Nov 2 2000 Nalin Dahyabhai <nalin@redhat.com>
- - always build with -mcpu=ev5 on alpha
- * Tue Oct 31 2000 Nalin Dahyabhai <nalin@redhat.com>
- - add a symlink from cert.pem to ca-bundle.crt
- * Wed Oct 25 2000 Nalin Dahyabhai <nalin@redhat.com>
- - add a ca-bundle file for packages like Samba to reference for CA certificates
- * Tue Oct 24 2000 Nalin Dahyabhai <nalin@redhat.com>
- - remove libcrypto's crypt(), which doesn't handle md5crypt (#19295)
- * Mon Oct 2 2000 Nalin Dahyabhai <nalin@redhat.com>
- - add unzip as a buildprereq (#17662)
- - update m2crypto to 0.05-snap4
- * Tue Sep 26 2000 Bill Nottingham <notting@redhat.com>
- - fix some issues in building when it's not installed
- * Wed Sep 6 2000 Nalin Dahyabhai <nalin@redhat.com>
- - make sure the headers we include are the ones we built with (aaaaarrgh!)
- * Fri Sep 1 2000 Nalin Dahyabhai <nalin@redhat.com>
- - add Richard Henderson's patch for BN on ia64
- - clean up the changelog
- * Tue Aug 29 2000 Nalin Dahyabhai <nalin@redhat.com>
- - fix the building of python modules without openssl-devel already installed
- * Wed Aug 23 2000 Nalin Dahyabhai <nalin@redhat.com>
- - byte-compile python extensions without the build-root
- - adjust the makefile to not remove temporary files (like .key files when
- building .csr files) by marking them as .PRECIOUS
- * Sat Aug 19 2000 Nalin Dahyabhai <nalin@redhat.com>
- - break out python extensions into a subpackage
- * Mon Jul 17 2000 Nalin Dahyabhai <nalin@redhat.com>
- - tweak the makefile some more
- * Tue Jul 11 2000 Nalin Dahyabhai <nalin@redhat.com>
- - disable MD2 support
- * Thu Jul 6 2000 Nalin Dahyabhai <nalin@redhat.com>
- - disable MDC2 support
- * Sun Jul 2 2000 Nalin Dahyabhai <nalin@redhat.com>
- - tweak the disabling of RC5, IDEA support
- - tweak the makefile
- * Thu Jun 29 2000 Nalin Dahyabhai <nalin@redhat.com>
- - strip binaries and libraries
- - rework certificate makefile to have the right parts for Apache
- * Wed Jun 28 2000 Nalin Dahyabhai <nalin@redhat.com>
- - use %%{_perl} instead of /usr/bin/perl
- - disable alpha until it passes its own test suite
- * Fri Jun 9 2000 Nalin Dahyabhai <nalin@redhat.com>
- - move the passwd.1 man page out of the passwd package's way
- * Fri Jun 2 2000 Nalin Dahyabhai <nalin@redhat.com>
- - update to 0.9.5a, modified for U.S.
- - add perl as a build-time requirement
- - move certificate makefile to another package
- - disable RC5, IDEA, RSA support
- - remove optimizations for now
- * Wed Mar 1 2000 Florian La Roche <Florian.LaRoche@redhat.de>
- - Bero told me to move the Makefile into this package
- * Wed Mar 1 2000 Florian La Roche <Florian.LaRoche@redhat.de>
- - add lib*.so symlinks to link dynamically against shared libs
- * Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de>
- - update to 0.9.5
- - run ldconfig directly in post/postun
- - add FAQ
- * Sat Dec 18 1999 Bernhard Rosenkrdnzer <bero@redhat.de>
- - Fix build on non-x86 platforms
- * Fri Nov 12 1999 Bernhard Rosenkrdnzer <bero@redhat.de>
- - move /usr/share/ssl/* from -devel to main package
- * Tue Oct 26 1999 Bernhard Rosenkrdnzer <bero@redhat.de>
- - inital packaging
- - changes from base:
- - Move /usr/local/ssl to /usr/share/ssl for FHS compliance
- - handle RPM_OPT_FLAGS
|