diff options
Diffstat (limited to 'packaging')
-rw-r--r-- | packaging/baselibs.conf | 5 | ||||
-rw-r--r-- | packaging/openssl.changes | 17 | ||||
-rw-r--r-- | packaging/openssl.manifest | 5 | ||||
-rw-r--r-- | packaging/openssl.spec | 310 |
4 files changed, 337 insertions, 0 deletions
diff --git a/packaging/baselibs.conf b/packaging/baselibs.conf new file mode 100644 index 0000000..8686b26 --- /dev/null +++ b/packaging/baselibs.conf @@ -0,0 +1,5 @@ +libopenssl + obsoletes "openssl-<targettype> <= <version>" +libopenssl-devel + requires -libopenssl-<targettype> + requires "libopenssl-<targettype> = <version>" diff --git a/packaging/openssl.changes b/packaging/openssl.changes new file mode 100644 index 0000000..4f943cf --- /dev/null +++ b/packaging/openssl.changes @@ -0,0 +1,17 @@ +* Fri Jun 20 2014 John L. Whiteman <john.l.whiteman@intel.com> upstream/1.0.1h-13-g4429de1 +- Move openssl version from 1.0.1g to 1.0.1h for CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 fixes + +* Thu Apr 10 2014 Michael Demeter <michael.demeter@intel.com> upstream/1.0.1g@357db8b +- Move openssl version to 1.0.1g for CVE-2014-160 (Heartbleed) + +* Fri Mar 22 2013 Anas Nashif <anas.nashif@intel.com> submit/trunk/20130318.194800@d92acdb +- Fixed package groups + +* Mon Mar 18 2013 Anas Nashif <anas.nashif@intel.com> submit/trunk/20121228.194701@641e3b2 +- Fixed package group + +* Wed Nov 28 2012 Anas Nashif <anas.nashif@intel.com> upstream/1.0.1c@bc70029 +- remove patches +- enable md2 +- Imported Upstream version 1.0.1c + diff --git a/packaging/openssl.manifest b/packaging/openssl.manifest new file mode 100644 index 0000000..017d22d --- /dev/null +++ b/packaging/openssl.manifest @@ -0,0 +1,5 @@ +<manifest> + <request> + <domain name="_"/> + </request> +</manifest> diff --git a/packaging/openssl.spec b/packaging/openssl.spec new file mode 100644 index 0000000..5325423 --- /dev/null +++ b/packaging/openssl.spec @@ -0,0 +1,310 @@ +Name: openssl +BuildRequires: bc +BuildRequires: ed +BuildRequires: pkg-config +BuildRequires: zlib-devel +%define ssletcdir %{_sysconfdir}/ssl +%define num_version 1.0.0 +Provides: ssl +Version: 1.0.2h +Release: 0 +Summary: Secure Sockets and Transport Layer Security +License: OpenSSL and BSD-2.0 and Apache-2.0 +Group: Security/Crypto Libraries +Url: http://www.openssl.org/ +Source: http://www.%{name}.org/source/%{name}-%{version}.tar.gz +# to get mtime of file: +Source1: openssl.changes +Source2: baselibs.conf +Source1001: openssl.manifest + +%description +The OpenSSL Project is a collaborative effort to develop a robust, +commercial-grade, full-featured, and open source toolkit implementing +the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS +v1) protocols with full-strength cryptography. The project is managed +by a worldwide community of volunteers that use the Internet to +communicate, plan, and develop the OpenSSL toolkit and its related +documentation. + +Derivation and License + +OpenSSL is based on the excellent SSLeay library developed by Eric A. +Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an +Apache-style license, which basically means that you are free to get it +and to use it for commercial and noncommercial purposes. + +%package -n libopenssl +Summary: Secure Sockets and Transport Layer Security +Group: Security/Crypto Libraries + +%description -n libopenssl +The OpenSSL Project is a collaborative effort to develop a robust, +commercial-grade, full-featured, and open source toolkit implementing +the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS +v1) protocols with full-strength cryptography. The project is managed +by a worldwide community of volunteers that use the Internet to +communicate, plan, and develop the OpenSSL toolkit and its related +documentation. + +Derivation and License + +OpenSSL is based on the excellent SSLeay library developed by Eric A. +Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an +Apache-style license, which basically means that you are free to get it +and to use it for commercial and noncommercial purposes. + + +%package -n libopenssl-devel +Summary: Include Files and Libraries mandatory for Development +Group: Development/Libraries +Obsoletes: openssl-devel < %{version} +Requires: %name = %version +Requires: libopenssl = %{version} +Requires: zlib-devel +Provides: openssl-devel = %{version} + +%description -n libopenssl-devel +This package contains all necessary include files and libraries needed +to develop applications that require these. + +%package misc +Summary: Additional data files and scripts for %{name} +Group: Security/Crypto Libraries + +%description misc +Additional data files and scripts for %{name}. + +%package doc +Summary: Additional Package Documentation +Group: Security/Crypto Libraries +BuildArch: noarch + +%description doc +This package contains optional documentation provided in addition to +this package's base documentation. + +%prep +%setup -q +cp %{SOURCE1001} . + +echo "adding/overwriting some entries in the 'table' hash in Configure" +# $dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags +export DSO_SCHEME='dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::' +cat <<EOF_ED | ed -s Configure +/^); +- +i +# +# local configuration added from specfile +# ... MOST of those are now correct in openssl's Configure already, +# so only add them for new ports! +# +#config-string, $cc:$cflags:$unistd:$thread_cflag:$sys_id:$lflags:$bn_ops:$cpuid_obj:$bn_obj:$des_obj:$aes_obj:$bf_obj:$md5_obj:$sha1_obj:$cast_obj:$rc4_obj:$rmd160_obj:$rc5_obj:$wp_obj:$cmll_obj:$dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags:$multilib +#"linux-elf", "gcc:-DL_ENDIAN ::-D_REENTRANT::-ldl:BN_LLONG \${x86_gcc_des} \${x86_gcc_opts}:\${x86_elf_asm}:$DSO_SCHEME:", +#"linux-ia64", "gcc:-DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:\${ia64_asm}: $DSO_SCHEME:", +#"linux-ppc", "gcc:-DB_ENDIAN ::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:\${no_asm}: $DSO_SCHEME:", +#"linux-ppc64", "gcc:-DB_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL SIXTY_FOUR_BIT_LONG:\${no_asm}: $DSO_SCHEME:64", +"linux-elf-arm","gcc:-DL_ENDIAN ::-D_REENTRANT::-ldl:BN_LLONG:\${no_asm}: $DSO_SCHEME:", +"linux-mips", "gcc:-DB_ENDIAN ::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:\${no_asm}: $DSO_SCHEME:", +"linux-sparcv7","gcc:-DB_ENDIAN ::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:\${no_asm}: $DSO_SCHEME:", +#"linux-sparcv8","gcc:-DB_ENDIAN -DBN_DIV2W -mv8 ::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::asm/sparcv8.o::::::::::::: $DSO_SCHEME:", +#"linux-x86_64", "gcc:-DL_ENDIAN -DNO_ASM -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG:\${no_asm}: $DSO_SCHEME:64", +#"linux-s390", "gcc:-DB_ENDIAN ::(unknown): :-ldl:BN_LLONG:\${no_asm}: $DSO_SCHEME:", +#"linux-s390x", "gcc:-DB_ENDIAN -DNO_ASM -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG:\${no_asm}: $DSO_SCHEME:64", +"linux-parisc", "gcc:-DB_ENDIAN ::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR DES_PTR DES_UNROLL DES_RISC1:\${no_asm}: $DSO_SCHEME:", +. +wq +EOF_ED +# fix ENGINESDIR path +sed -i 's,/lib/engines,/%_lib/engines,' Configure +# Record mtime of changes file instead of build time +CHANGES=`stat --format="%y" %SOURCE1` +sed -i -e "s|#define DATE \(.*\).LC_ALL.*date.|#define DATE \1$CHANGES|" crypto/Makefile + +%build +MODIFIED_RPM_OPT_FLAGS=$(echo $RPM_OPT_FLAGS | sed -s "s/--param=ssp-buffer-size=32//g") +MODIFIED_RPM_OPT_FLAGS=$(echo $MODIFIED_RPM_OPT_FLAGS | sed -s "s/-mcpu=cortex-a15.cortex-a7//g") +MODIFIED_RPM_OPT_FLAGS=$(echo $MODIFIED_RPM_OPT_FLAGS | sed -s "s/-march=armv7ve/-march=armv7-a/g") + +./config --test-sanity +# +config_flags="threads shared no-rc5 no-idea no-asm no-ssl2-method \ +enable-camellia enable-md2 \ +zlib \ +--prefix=%{_prefix} \ +--libdir=%{_lib} \ +--openssldir=%{ssletcdir} \ +$MODIFIED_RPM_OPT_FLAGS -std=gnu99 \ +-Wa,--noexecstack \ +-fomit-frame-pointer \ +-DTERMIO \ +-DPURIFY \ +-DSSL_FORBID_ENULL \ +-D_GNU_SOURCE \ +$(getconf LFS_CFLAGS) \ +-Wall \ +-fstack-protector " +# +#%{!?do_profiling:%define do_profiling 0} +#%if %do_profiling +# # generate feedback +# ./config $config_flags +# make depend CC="gcc %cflags_profile_generate" +# make CC="gcc %cflags_profile_generate" +# LD_LIBRARY_PATH=`pwd` make rehash CC="gcc %cflags_profile_generate" +# LD_LIBRARY_PATH=`pwd` make test CC="gcc %cflags_profile_generate" +# LD_LIBRARY_PATH=`pwd` apps/openssl speed +# make clean +# # compile with feedback +# # but not if it makes a cipher slower: +# #find crypto/aes -name '*.da' | xargs -r rm +# ./config $config_flags %cflags_profile_feedback +# make depend +# make +# LD_LIBRARY_PATH=`pwd` make rehash +# LD_LIBRARY_PATH=`pwd` make test +#%else +# OpenSSL relies on uname -m (not good). Thus that little sparc line. + ./config \ + $config_flags + make depend + make + LD_LIBRARY_PATH=`pwd` make rehash + #LD_LIBRARY_PATH=`pwd` make test +#%endif +# show settings +make TABLE +echo $RPM_OPT_FLAGS +eval $(egrep PLATFORM='[[:alnum:]]' Makefile) +grep -B1 -A22 "^\*\*\* $PLATFORM$" TABLE + +%install +rm -rf $RPM_BUILD_ROOT +make MANDIR=%{_mandir} INSTALL_PREFIX=$RPM_BUILD_ROOT install +ln -sf ./%{name} $RPM_BUILD_ROOT/%{_includedir}/ssl +mkdir $RPM_BUILD_ROOT/%{_datadir}/ssl +mv $RPM_BUILD_ROOT/%{ssletcdir}/misc $RPM_BUILD_ROOT/%{_datadir}/ssl/ +# ln -s %{ssletcdir}/certs $RPM_BUILD_ROOT/%{_datadir}/ssl/certs +# ln -s %{ssletcdir}/private $RPM_BUILD_ROOT/%{_datadir}/ssl/private +# ln -s %{ssletcdir}/openssl.cnf $RPM_BUILD_ROOT/%{_datadir}/ssl/openssl.cnf +# + +# avoid file conflicts with man pages from other packages +# +pushd $RPM_BUILD_ROOT/%{_mandir} +# some man pages now contain spaces. This makes several scripts go havoc, among them /usr/sbin/Check. +# replace spaces by underscores +#for i in man?/*\ *; do mv -v "$i" "${i// /_}"; done +which readlink &>/dev/null || function readlink { ( set +x; target=$(file $1 2>/dev/null); target=${target//* }; test -f $target && echo $target; ) } +for i in man?/*; do + if test -L $i ; then + LDEST=`readlink $i` + rm -f $i ${i}ssl + ln -sf ${LDEST}ssl ${i}ssl + else + mv $i ${i}ssl + fi + case `basename ${i%.*}` in + asn1parse|ca|config|crl|crl2pkcs7|crypto|dgst|dhparam|dsa|dsaparam|enc|gendsa|genrsa|nseq|openssl|passwd|pkcs12|pkcs7|pkcs8|rand|req|rsa|rsautl|s_client|s_server|smime|spkac|ssl|verify|version|x509) + # these are the pages mentioned in openssl(1). They go into the main package. + echo %doc %{_mandir}/${i}ssl.gz >> $OLDPWD/filelist.doc;; + *) + # the rest goes into the openssl-doc package. + echo %doc %{_mandir}/${i}ssl.gz >> $OLDPWD/filelist.doc;; + esac +done +popd +# +# check wether some shared library has been installed +# +ls -l $RPM_BUILD_ROOT%{_libdir} +test -f $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{num_version} +test -f $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{num_version} +test -L $RPM_BUILD_ROOT%{_libdir}/libssl.so +test -L $RPM_BUILD_ROOT%{_libdir}/libcrypto.so +# +# see what we've got +# +cat > showciphers.c <<EOF +#include <openssl/err.h> +#include <openssl/ssl.h> +int main(){ +unsigned int i; +SSL_CTX *ctx; +SSL *ssl; +SSL_METHOD *meth; + meth = SSLv23_client_method(); + SSLeay_add_ssl_algorithms(); + ctx = SSL_CTX_new(meth); + if (ctx == NULL) return 0; + ssl = SSL_new(ctx); + if (!ssl) return 0; + for (i=0; ; i++) { + int j, k; + SSL_CIPHER *sc; + sc = (meth->get_cipher)(i); + if (!sc) break; + k = SSL_CIPHER_get_bits(sc, &j); + printf("%s\n", sc->name); + } + return 0; +}; +EOF +gcc $RPM_OPT_FLAGS -I${RPM_BUILD_ROOT}%{_includedir} -c showciphers.c +gcc -o showciphers showciphers.o -L${RPM_BUILD_ROOT}%{_libdir} -lssl -lcrypto +LD_LIBRARY_PATH=${RPM_BUILD_ROOT}%{_libdir} ./showciphers > AVAILABLE_CIPHERS || true +cat AVAILABLE_CIPHERS +# Do not install demo scripts executable under /usr/share/doc +find demos -type f -perm /111 -exec chmod 644 {} \; + +%post -n libopenssl -p /sbin/ldconfig + +%postun -n libopenssl -p /sbin/ldconfig + +%files -n libopenssl +%manifest %{name}.manifest +%defattr(-, root, root) +%license LICENSE +%license LICENSE.Apache-2.0 +%license LICENSE.BSD-2.0 +%{_libdir}/libssl.so.%{num_version} +%{_libdir}/libcrypto.so.%{num_version} +%{_libdir}/engines + +%files -n libopenssl-devel +%manifest %{name}.manifest +%defattr(-, root, root) +%{_includedir}/%{name}/ +%{_includedir}/ssl +%exclude %{_libdir}/libcrypto.a +%exclude %{_libdir}/libssl.a +%{_libdir}/libssl.so +%{_libdir}/libcrypto.so +%_libdir/pkgconfig/libcrypto.pc +%_libdir/pkgconfig/libssl.pc +%_libdir/pkgconfig/openssl.pc + +%files doc -f filelist.doc +%manifest %{name}.manifest +%defattr(-, root, root) +%doc doc/* demos +%doc showciphers.c + +%files +%manifest %{name}.manifest +%defattr(-, root, root) +%license LICENSE +%dir %{ssletcdir} +%config (noreplace) %{ssletcdir}/openssl.cnf +%attr(700,root,root) %{ssletcdir}/private +%dir %{_datadir}/ssl +%{_bindir}/%{name} + +%files misc +%manifest %{name}.manifest +%{_datadir}/ssl/misc +%{_bindir}/c_rehash + + +%changelog |