openssl/openssl.spec

%define soversion 1.1
Name:        openssl
Epoch:       1
Version:     1.1.1f
Release:     9
Summary:     Cryptography and SSL/TLS Toolkit
License:     OpenSSL and SSLeay
URL:         https://www.openssl.org/
Source0:     https://www.openssl.org/source/old/1.1.1/%{name}-%{version}.tar.gz
Source1:     Makefile.certificate
Patch1:      openssl-1.1.1-build.patch
Patch2:      openssl-1.1.1-fips.patch
Patch3:      CVE-2020-1967.patch
Patch4:      CVE-2020-1971-0001-DirectoryString-is-a-CHOICE-type-and-therefore-uses-.patch
Patch5:      CVE-2020-1971-0002-Correctly-compare-EdiPartyName-in-GENERAL_NAME_cmp.patch
Patch6:      CVE-2020-1971-0003-Check-that-multi-strings-CHOICE-types-don-t-use-impl.patch
Patch7:      CVE-2020-1971-0004-Complain-if-we-are-attempting-to-encode-with-an-inva.patch
Patch8:      CVE-2020-1971-0005-Add-a-test-for-GENERAL_NAME_cmp.patch
Patch9:      CVE-2020-1971-0006-Add-a-test-for-encoding-decoding-using-an-invalid-AS.patch
Patch10:     CVE-2021-23840.patch
Patch11:     CVE-2021-23841.patch
Patch12:     CVE-2021-3449.patch
Patch13:     CVE-2021-3711-0001-Check-the-plaintext-buffer-is-large-enough-when-decr.patch
Patch14:     CVE-2021-3711-0002-Correctly-calculate-the-length-of-SM2-plaintext-give.patch
Patch15:     CVE-2021-3711-0003-Extend-tests-for-SM2-decryption.patch
Patch16:     CVE-2021-3712-0001-Fix-a-read-buffer-overrun-in-X509_aux_print.patch
Patch17:     CVE-2021-3712-0002-Fix-EC_GROUP_new_from_ecparameters-to-check-the-base.patch
Patch18:     bugfix-Don-t-Overflow-when-printing-Thawte-Strong-Extranet-.patch
Patch19:     backport-Avoid-using-undefined-value-in-generate_stateless_co.patch
Patch20:     backport-Fix-append_ia5-function-to-not-assume-NUL-terminated.patch
Patch21:     backport-Fix-i2v_GENERAL_NAME-to-not-assume-NUL-terminated-st.patch
Patch22:     backport-Fix-NETSCAPE_SPKI_print-function-to-not-assume-NUL-t.patch
Patch23:     backport-Fix-POLICYINFO-printing-to-not-assume-NUL-terminated.patch
Patch24:     backport-Fix-potential-double-free.patch
Patch25:     backport-Fix-printing-of-PROXY_CERT_INFO_EXTENSION-to-not-ass.patch
Patch26:     backport-Fix-the-name-constraints-code-to-not-assume-NUL-term.patch
Patch27:     backport-pkcs12-check-for-zero-length-digest-to-avoid-divisio.patch

BuildRequires: gcc perl make lksctp-tools-devel coreutils util-linux zlib-devel

Requires:    coreutils perl %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
Obsoletes:   openssl-perl < %{epoch}:%{version}-%{release}
Provides:    openssl-perl = %{epoch}:%{version}-%{release}
Provides:    openssl-perl%{_isa} = %{epoch}:%{version}-%{release}

%description
OpenSSL is a robust, commercial-grade, and full-featured toolkit for the
Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.

%package libs
Summary:      A general purpose cryptography library with TLS implementation
Group:        System Environment/Libraries
Requires:     ca-certificates >= 2008-5
Requires:     crypto-policies >= 20180730
Recommends:   openssl-pkcs11%{?_isa}
Obsoletes:    openssl < 1:1.0.1-0.3.beta3
Obsoletes:    openssl-fips < 1:1.0.1e-28
Provides:     openssl-fips = %{epoch}:%{version}-%{release}

%description libs
The openssl-libs package contains the libraries that are used
by various applications which support cryptographic algorithms
and protocols.

%package devel
Summary:   Development files for openssl
Requires:  %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
Requires: krb5-devel zlib-devel pkgconfig
Obsoletes: openssl-static < %{epoch}:%{version}-%{release}
Provides:  openssl-static = %{epoch}:%{version}-%{release} openssl-static%{?_isa} = %{epoch}:%{version}-%{release}

%description devel
%{summary}.

%package_help

%prep
%autosetup -n %{name}-%{version} -p1

%build

sslarch=%{_os}-%{_target_cpu}
%ifarch x86_64 aarch64
sslflags=enable-ec_nistp_64_gcc_128
%endif

RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DPURIFY $RPM_LD_FLAGS"
./Configure \
    --prefix=%{_prefix} \
    --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
    zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
    enable-cms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method \
    enable-weak-ssl-ciphers \
    no-mdc2 no-ec2m enable-sm2 enable-sm4 \
    shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\""'

%make_build all

%define __spec_install_post \
    %{?__debug_package:%{__debug_install_post}} \
    %{__arch_install_post} \
    %{__os_install_post} \
    crypto/fips/fips_standalone_hmac $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{version}.hmac \
    ln -sf .libcrypto.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{soversion}.hmac \
    crypto/fips/fips_standalone_hmac $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{version}.hmac \
    ln -sf .libssl.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{soversion}.hmac \
%{nil}

%install

%make_install

# rename so name with actual version
rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT%{_libdir}/*.so.%{soversion}
# create symbolic link
for lib in $RPM_BUILD_ROOT%{_libdir}/*.so.%{version} ; do
     ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`
     ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`.%{soversion}
done

mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs
install -m644 %{SOURCE1} $RPM_BUILD_ROOT%{_pkgdocdir}/Makefile.certificate

mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc/*.pl $RPM_BUILD_ROOT%{_bindir}
mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc/tsget $RPM_BUILD_ROOT%{_bindir}


mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/{certs,crl,newcerts,private}
chmod 700 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/private

touch -r %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/{openssl.cnf,ct_log_list.cnf}


# rename man pages avoid conflicting with other man pages in system
%define manpostfix _openssl
pushd $RPM_BUILD_ROOT%{_mandir}
ln -s -f config.5 man5/openssl.cnf.5
for manpage in man*/* ; do
    if [ -L ${manpage} ]; then
        targetfile=`ls -l ${manpage} | awk '{print $NF}'`
        ln -sf ${targetfile}%{manpostfix} ${manpage}%{manpostfix}
        rm -f ${manpage}
    else
        mv ${manpage} ${manpage}%{manpostfix}
    fi
done
popd

rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/*.dist

%check
LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
export LD_LIBRARY_PATH
crypto/fips/fips_standalone_hmac libcrypto.so.%{soversion} >.libcrypto.so.%{soversion}.hmac
ln -s .libcrypto.so.%{soversion}.hmac .libcrypto.so.hmac
crypto/fips/fips_standalone_hmac libssl.so.%{soversion} >.libssl.so.%{soversion}.hmac
ln -s .libssl.so.%{soversion}.hmac .libssl.so.hmac
OPENSSL_ENABLE_MD5_VERIFY=
export OPENSSL_ENABLE_MD5_VERIFY
OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file
export OPENSSL_SYSTEM_CIPHERS_OVERRIDE
make test || :

%post libs -p /sbin/ldconfig

%postun libs -p /sbin/ldconfig

%files
%defattr(-,root,root)
%license LICENSE
%doc AUTHORS CHANGES FAQ NEWS README
%{_pkgdocdir}/Makefile.certificate
%dir %{_sysconfdir}/pki/CA
%dir %{_sysconfdir}/pki/CA/private
%dir %{_sysconfdir}/pki/CA/certs
%dir %{_sysconfdir}/pki/CA/crl
%dir %{_sysconfdir}/pki/CA/newcerts
%{_bindir}/*

%files libs
%defattr(-,root,root)
%license LICENSE
%dir %{_sysconfdir}/pki/tls
%dir %{_sysconfdir}/pki/tls/certs
%dir %{_sysconfdir}/pki/tls/misc
%dir %{_sysconfdir}/pki/tls/private
%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
%config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf
%{_libdir}/libcrypto.so.%{version}
%{_libdir}/libcrypto.so.%{soversion}
%{_libdir}/libssl.so.%{version}
%{_libdir}/libssl.so.%{soversion}
%{_libdir}/engines-%{soversion}
%attr(0644,root,root) %{_libdir}/.libcrypto.so.*.hmac
%attr(0644,root,root) %{_libdir}/.libssl.so.*.hmac

%files devel
%defattr(-,root,root)
%doc doc/dir-locals.example.el doc/openssl-c-indent.el
%{_prefix}/include/openssl
%{_libdir}/pkgconfig/*.pc
%{_libdir}/*.so
%{_libdir}/*.a

%files help
%defattr(-,root,root)
%{_mandir}/man1/*
%{_mandir}/man3/*
%{_mandir}/man5/*
%{_mandir}/man7/*
%{_pkgdocdir}/html/

%changelog
* Sat Dec 25 2021 steven_ygui <steven_ygui@163.com> - 1:1.1.1f-9
- backport upstream patches

* Fri Sep 24 2021 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1f-8
- bugfix Overflow when printing Thawte Strong Extranet

* Mon Aug 30 2021 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1f-7
- fix the CVE-2021-3711 and CVE-2021-3712

* Tue Jun 29 2021 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1f-6
- add perl BuildRequires

* Wed Apr 7 2021 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1f-5
- fix CVE-2021-3449

* Wed Mar 10 2021 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1f-4
- fix CVE-2021-23840 and CVE-2021-23841

* Mon Jan 19 2021 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1f-3
- fix CVE-2020-1971

* Fri Sep 11 2020 Liquor <lirui130@huawei.com> - 1:1.1.1f-2
- provides openssl-perl

* Tue May 12 2020 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1f-1
- update openssl-1.1.1d to openssl-1.1.1f and fix CVE-2020-1967

* Wed Mar 18 2020 steven <steven_ygui@163.com> - 1:1.1.1d-9
- fix division zero issue which found by oss-fuzz

* Tue Mar 3 2020 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1d-8
- add missiong /sbin/ldconfig

* Tue Mar 3 2020 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1d-7
- Fix problem caused by missing hmac files

* Mon Feb 17 2020 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1d-6
- add openssl-libs containing dynamic library for openssl

* Sun Jan 19 2020 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1d-5
- add obsoletes

* Tue Jan 14 2020 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1d-4
- clean code

* Fri Jan 10 2020 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1d-3
- delete unused files

* Fri Dec 27 2019 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1d-2
- modify obsoletes

* Mon Dec 16 2019 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1d-1
- update to 1:1.1.1d

* Thu Nov 21 2019 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1c-5
- enable sm2 and sm4

* Fri Oct 25 2019 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1c-4
- Add missing openssl/fips.h

* Thu Oct 24 2019 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1c-3
- Add buildrequires zlib-devel

* Tue Sep 24 2019 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1c-2
- Adjust requires

* Mon Sep 16 2019 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1c-1
- Package init
Package init 2019-09-30 11:10:53 -04:00			`%define soversion 1.1`
			`Name: openssl`
			`Epoch: 1`
update openssl-1.1.1d to openssl-1.1.1f and fix CVE-2020-1967 2020-05-11 16:07:40 +08:00			`Version: 1.1.1f`
backport upstream patches 2021-12-25 18:00:50 +08:00			`Release: 9`
Package init 2019-09-30 11:10:53 -04:00			`Summary: Cryptography and SSL/TLS Toolkit`
			`License: OpenSSL and SSLeay`
			`URL: https://www.openssl.org/`
			`Source0: https://www.openssl.org/source/old/1.1.1/%{name}-%{version}.tar.gz`
			`Source1: Makefile.certificate`
			`Patch1: openssl-1.1.1-build.patch`
update code 2019-11-06 19:44:55 +08:00			`Patch2: openssl-1.1.1-fips.patch`
update openssl-1.1.1d to openssl-1.1.1f and fix CVE-2020-1967 2020-05-11 16:07:40 +08:00			`Patch3: CVE-2020-1967.patch`
fix CVE-2020-1971 2021-01-19 17:00:13 +08:00			`Patch4: CVE-2020-1971-0001-DirectoryString-is-a-CHOICE-type-and-therefore-uses-.patch`
			`Patch5: CVE-2020-1971-0002-Correctly-compare-EdiPartyName-in-GENERAL_NAME_cmp.patch`
			`Patch6: CVE-2020-1971-0003-Check-that-multi-strings-CHOICE-types-don-t-use-impl.patch`
			`Patch7: CVE-2020-1971-0004-Complain-if-we-are-attempting-to-encode-with-an-inva.patch`
			`Patch8: CVE-2020-1971-0005-Add-a-test-for-GENERAL_NAME_cmp.patch`
			`Patch9: CVE-2020-1971-0006-Add-a-test-for-encoding-decoding-using-an-invalid-AS.patch`
fix CVE-2021-23840 and CVE-2021-23841 (cherry picked from commit 42d8e0f5258e521b754e260ac985990120e85c7b) 2021-03-10 15:20:07 +08:00			`Patch10: CVE-2021-23840.patch`
			`Patch11: CVE-2021-23841.patch`
fix CVE-2021-3449 2021-04-07 16:43:29 +08:00			`Patch12: CVE-2021-3449.patch`
fix the CVE-2021-3711 and CVE-2021-3712 2021-08-30 19:42:00 +08:00			`Patch13: CVE-2021-3711-0001-Check-the-plaintext-buffer-is-large-enough-when-decr.patch`
			`Patch14: CVE-2021-3711-0002-Correctly-calculate-the-length-of-SM2-plaintext-give.patch`
			`Patch15: CVE-2021-3711-0003-Extend-tests-for-SM2-decryption.patch`
			`Patch16: CVE-2021-3712-0001-Fix-a-read-buffer-overrun-in-X509_aux_print.patch`
			`Patch17: CVE-2021-3712-0002-Fix-EC_GROUP_new_from_ecparameters-to-check-the-base.patch`
bugfix Overflow when printing Thawte Strong Extranet 2021-09-26 11:34:45 +08:00			`Patch18: bugfix-Don-t-Overflow-when-printing-Thawte-Strong-Extranet-.patch`
backport upstream patches 2021-12-25 18:00:50 +08:00			`Patch19: backport-Avoid-using-undefined-value-in-generate_stateless_co.patch`
			`Patch20: backport-Fix-append_ia5-function-to-not-assume-NUL-terminated.patch`
			`Patch21: backport-Fix-i2v_GENERAL_NAME-to-not-assume-NUL-terminated-st.patch`
			`Patch22: backport-Fix-NETSCAPE_SPKI_print-function-to-not-assume-NUL-t.patch`
			`Patch23: backport-Fix-POLICYINFO-printing-to-not-assume-NUL-terminated.patch`
			`Patch24: backport-Fix-potential-double-free.patch`
			`Patch25: backport-Fix-printing-of-PROXY_CERT_INFO_EXTENSION-to-not-ass.patch`
			`Patch26: backport-Fix-the-name-constraints-code-to-not-assume-NUL-term.patch`
			`Patch27: backport-pkcs12-check-for-zero-length-digest-to-avoid-divisio.patch`
Package init 2019-09-30 11:10:53 -04:00
openssl:add perl BuildRequires Signed-off-by: w00471585 <wangshouping@huawei.com> 2021-06-29 20:02:08 +08:00			`BuildRequires: gcc perl make lksctp-tools-devel coreutils util-linux zlib-devel`
Package init 2019-09-30 11:10:53 -04:00
add openssl-libs containing dynamic library for openssl 2020-02-17 11:46:45 +08:00			`Requires: coreutils perl %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}`
add obsoletes 2020-01-19 22:47:20 +08:00			`Obsoletes: openssl-perl < %{epoch}:%{version}-%{release}`
provides openssl-perl 2020-09-11 15:07:30 +08:00			`Provides: openssl-perl = %{epoch}:%{version}-%{release}`
add openssl-libs containing dynamic library for openssl 2020-02-17 11:46:45 +08:00			`Provides: openssl-perl%{_isa} = %{epoch}:%{version}-%{release}`
Package init 2019-09-30 11:10:53 -04:00
			`%description`
			`OpenSSL is a robust, commercial-grade, and full-featured toolkit for the`
			`Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.`

add openssl-libs containing dynamic library for openssl 2020-02-17 11:46:45 +08:00			`%package libs`
			`Summary: A general purpose cryptography library with TLS implementation`
			`Group: System Environment/Libraries`
			`Requires: ca-certificates >= 2008-5`
			`Requires: crypto-policies >= 20180730`
			`Recommends: openssl-pkcs11%{?_isa}`
			`Obsoletes: openssl < 1:1.0.1-0.3.beta3`
			`Obsoletes: openssl-fips < 1:1.0.1e-28`
			`Provides: openssl-fips = %{epoch}:%{version}-%{release}`

			`%description libs`
			`The openssl-libs package contains the libraries that are used`
			`by various applications which support cryptographic algorithms`
			`and protocols.`

Package init 2019-09-30 11:10:53 -04:00			`%package devel`
			`Summary: Development files for openssl`
add openssl-libs containing dynamic library for openssl 2020-02-17 11:46:45 +08:00			`Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}`
Package init 2019-09-30 11:10:53 -04:00			`Requires: krb5-devel zlib-devel pkgconfig`
add obsoletes 2020-01-19 22:47:20 +08:00			`Obsoletes: openssl-static < %{epoch}:%{version}-%{release}`
modify obsoletes 2019-12-27 10:19:42 +08:00			`Provides: openssl-static = %{epoch}:%{version}-%{release} openssl-static%{?_isa} = %{epoch}:%{version}-%{release}`
Package init 2019-09-30 11:10:53 -04:00
			`%description devel`
			`%{summary}.`

Package init 2019-12-25 16:00:18 +08:00			`%package_help`
Package init 2019-09-30 11:10:53 -04:00
			`%prep`
			`%autosetup -n %{name}-%{version} -p1`

			`%build`

			`sslarch=%{_os}-%{_target_cpu}`
			`%ifarch x86_64 aarch64`
			`sslflags=enable-ec_nistp_64_gcc_128`
			`%endif`

			`RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DPURIFY $RPM_LD_FLAGS"`
			`./Configure \`
			`--prefix=%{_prefix} \`
			`--openssldir=%{_sysconfdir}/pki/tls ${sslflags} \`
			`zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \`
			`enable-cms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method \`
			`enable-weak-ssl-ciphers \`
Package init 2019-12-13 15:53:46 +08:00			`no-mdc2 no-ec2m enable-sm2 enable-sm4 \`
Package init 2019-09-30 11:10:53 -04:00			`shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\""'`

			`%make_build all`

add missiong /sbin/ldconfig 2020-03-03 17:25:51 +08:00			`%define __spec_install_post \`
			`%{?__debug_package:%{__debug_install_post}} \`
			`%{__arch_install_post} \`
			`%{__os_install_post} \`
			`crypto/fips/fips_standalone_hmac $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{version}.hmac \`
			`ln -sf .libcrypto.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{soversion}.hmac \`
			`crypto/fips/fips_standalone_hmac $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{version}.hmac \`
			`ln -sf .libssl.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{soversion}.hmac \`
			`%{nil}`

Package init 2019-09-30 11:10:53 -04:00			`%install`

			`%make_install`

			`# rename so name with actual version`
			`rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT%{_libdir}/*.so.%{soversion}`
			`# create symbolic link`
			`for lib in $RPM_BUILD_ROOT%{_libdir}/*.so.%{version} ; do`
			ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`
			ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`.%{soversion}
			`done`

			`mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs`
			`install -m644 %{SOURCE1} $RPM_BUILD_ROOT%{_pkgdocdir}/Makefile.certificate`

			`mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc/*.pl $RPM_BUILD_ROOT%{_bindir}`
			`mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc/tsget $RPM_BUILD_ROOT%{_bindir}`


			`mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/{certs,crl,newcerts,private}`
			`chmod 700 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/private`

			`touch -r %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/{openssl.cnf,ct_log_list.cnf}`


			`# rename man pages avoid conflicting with other man pages in system`
			`%define manpostfix _openssl`
			`pushd $RPM_BUILD_ROOT%{_mandir}`
			`ln -s -f config.5 man5/openssl.cnf.5`
			`for manpage in man/ ; do`
			`if [ -L ${manpage} ]; then`
			targetfile=`ls -l ${manpage} \| awk '{print $NF}'`
			`ln -sf ${targetfile}%{manpostfix} ${manpage}%{manpostfix}`
			`rm -f ${manpage}`
			`else`
			`mv ${manpage} ${manpage}%{manpostfix}`
			`fi`
			`done`
			`popd`

			`rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/*.dist`

			`%check`
fix problem caused by missing hmac files 2020-03-03 15:09:24 +08:00			LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
			`export LD_LIBRARY_PATH`
			`crypto/fips/fips_standalone_hmac libcrypto.so.%{soversion} >.libcrypto.so.%{soversion}.hmac`
			`ln -s .libcrypto.so.%{soversion}.hmac .libcrypto.so.hmac`
			`crypto/fips/fips_standalone_hmac libssl.so.%{soversion} >.libssl.so.%{soversion}.hmac`
			`ln -s .libssl.so.%{soversion}.hmac .libssl.so.hmac`
			`OPENSSL_ENABLE_MD5_VERIFY=`
			`export OPENSSL_ENABLE_MD5_VERIFY`
			`OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file`
			`export OPENSSL_SYSTEM_CIPHERS_OVERRIDE`
Package init 2019-09-30 11:10:53 -04:00			`make test \|\| :`

add missiong /sbin/ldconfig 2020-03-03 17:25:51 +08:00			`%post libs -p /sbin/ldconfig`

			`%postun libs -p /sbin/ldconfig`
Package init 2019-09-30 11:10:53 -04:00
			`%files`
			`%defattr(-,root,root)`
			`%license LICENSE`
			`%doc AUTHORS CHANGES FAQ NEWS README`
			`%{_pkgdocdir}/Makefile.certificate`
			`%dir %{_sysconfdir}/pki/CA`
			`%dir %{_sysconfdir}/pki/CA/private`
			`%dir %{_sysconfdir}/pki/CA/certs`
			`%dir %{_sysconfdir}/pki/CA/crl`
			`%dir %{_sysconfdir}/pki/CA/newcerts`
			`%{_bindir}/*`
add openssl-libs containing dynamic library for openssl 2020-02-17 11:46:45 +08:00
			`%files libs`
			`%defattr(-,root,root)`
			`%license LICENSE`
			`%dir %{_sysconfdir}/pki/tls`
			`%dir %{_sysconfdir}/pki/tls/certs`
			`%dir %{_sysconfdir}/pki/tls/misc`
			`%dir %{_sysconfdir}/pki/tls/private`
			`%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf`
			`%config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf`
Package init 2019-09-30 11:10:53 -04:00			`%{_libdir}/libcrypto.so.%{version}`
			`%{_libdir}/libcrypto.so.%{soversion}`
			`%{_libdir}/libssl.so.%{version}`
			`%{_libdir}/libssl.so.%{soversion}`
			`%{_libdir}/engines-%{soversion}`
fix problem caused by missing hmac files 2020-03-03 15:09:24 +08:00			`%attr(0644,root,root) %{_libdir}/.libcrypto.so.*.hmac`
			`%attr(0644,root,root) %{_libdir}/.libssl.so.*.hmac`
Package init 2019-09-30 11:10:53 -04:00
			`%files devel`
			`%defattr(-,root,root)`
			`%doc doc/dir-locals.example.el doc/openssl-c-indent.el`
			`%{_prefix}/include/openssl`
			`%{_libdir}/pkgconfig/*.pc`
			`%{_libdir}/*.so`
			`%{_libdir}/*.a`

			`%files help`
			`%defattr(-,root,root)`
			`%{_mandir}/man1/*`
			`%{_mandir}/man3/*`
			`%{_mandir}/man5/*`
			`%{_mandir}/man7/*`
			`%{_pkgdocdir}/html/`

			`%changelog`
backport upstream patches 2021-12-25 18:00:50 +08:00			`* Sat Dec 25 2021 steven_ygui <steven_ygui@163.com> - 1:1.1.1f-9`
			`- backport upstream patches`

bugfix Overflow when printing Thawte Strong Extranet 2021-09-26 11:34:45 +08:00			`* Fri Sep 24 2021 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1f-8`
			`- bugfix Overflow when printing Thawte Strong Extranet`

fix the CVE-2021-3711 and CVE-2021-3712 2021-08-30 19:42:00 +08:00			`* Mon Aug 30 2021 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1f-7`
			`- fix the CVE-2021-3711 and CVE-2021-3712`

openssl:add perl BuildRequires Signed-off-by: w00471585 <wangshouping@huawei.com> 2021-06-29 20:02:08 +08:00			`* Tue Jun 29 2021 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1f-6`
			`- add perl BuildRequires`

fix CVE-2021-3449 2021-04-07 16:43:29 +08:00			`* Wed Apr 7 2021 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1f-5`
			`- fix CVE-2021-3449`

fix CVE-2021-23840 and CVE-2021-23841 (cherry picked from commit 42d8e0f5258e521b754e260ac985990120e85c7b) 2021-03-10 15:20:07 +08:00			`* Wed Mar 10 2021 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1f-4`
			`- fix CVE-2021-23840 and CVE-2021-23841`

fix CVE-2020-1971 2021-01-19 17:00:13 +08:00			`* Mon Jan 19 2021 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1f-3`
			`- fix CVE-2020-1971`

provides openssl-perl 2020-09-11 15:07:30 +08:00			`* Fri Sep 11 2020 Liquor <lirui130@huawei.com> - 1:1.1.1f-2`
			`- provides openssl-perl`

update openssl-1.1.1d to openssl-1.1.1f and fix CVE-2020-1967 2020-05-11 16:07:40 +08:00			`* Tue May 12 2020 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1f-1`
			`- update openssl-1.1.1d to openssl-1.1.1f and fix CVE-2020-1967`

fix division zero issue which found by oss-fuzz 2020-03-18 21:08:19 +08:00			`* Wed Mar 18 2020 steven <steven_ygui@163.com> - 1:1.1.1d-9`
			`- fix division zero issue which found by oss-fuzz`

add missiong /sbin/ldconfig 2020-03-03 17:25:51 +08:00			`* Tue Mar 3 2020 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1d-8`
			`- add missiong /sbin/ldconfig`

fix problem caused by missing hmac files 2020-03-03 15:09:24 +08:00			`* Tue Mar 3 2020 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1d-7`
			`- Fix problem caused by missing hmac files`

add openssl-libs containing dynamic library for openssl 2020-02-17 11:46:45 +08:00			`* Mon Feb 17 2020 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1d-6`
			`- add openssl-libs containing dynamic library for openssl`

add obsoletes 2020-01-19 22:47:20 +08:00			`* Sun Jan 19 2020 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1d-5`
			`- add obsoletes`

openssl: clean code 2020-01-14 23:02:48 +08:00			`* Tue Jan 14 2020 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1d-4`
			`- clean code`

correct date 2020-01-12 09:27:25 +08:00			`* Fri Jan 10 2020 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1d-3`
delete unused files 2020-01-10 15:44:32 +08:00			`- delete unused files`

modify obsoletes 2019-12-27 10:19:42 +08:00			`* Fri Dec 27 2019 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1d-2`
			`- modify obsoletes`

Package init 2019-12-25 16:00:18 +08:00			`* Mon Dec 16 2019 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1d-1`
			`- update to 1:1.1.1d`

Package init 2019-12-13 15:53:46 +08:00			`* Thu Nov 21 2019 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1c-5`
			`- enable sm2 and sm4`

update code 2019-11-06 19:44:55 +08:00			`* Fri Oct 25 2019 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1c-4`
			`- Add missing openssl/fips.h`

			`* Thu Oct 24 2019 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1c-3`
			`- Add buildrequires zlib-devel`

Package init 2019-09-30 11:10:53 -04:00			`* Tue Sep 24 2019 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1c-2`
			`- Adjust requires`

			`* Mon Sep 16 2019 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1c-1`
			`- Package init`