File compat-openssl096g.spec of Package compat-openssl096g

#
# spec file for package compat-openssl096g (Version 0.9.6g)
#
# Copyright (c) 2005 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
# Please submit bugfixes or comments via http://www.suse.de/feedback/
#
# neededforbuild	ed

Name:         compat-openssl096g
%define ssletcdir %{_sysconfdir}/ssl
%define num_version %(echo "%{version}" | sed -e "s+[a-zA-Z]++g")
License:      Other License(s), see package, BSD
Group:        Productivity/Networking/Security
Provides:     ssl openssl:/usr/lib/libssl.so.0.9.6 openssl:/usr/lib64/libssl.so.0.9.6
Conflicts:    ssleay
Obsoletes:    ssleay compat-sles8
Autoreqprov:  on
PreReq:       /bin/cat /bin/mkdir
Version:      0.9.6g
Release:      4
Summary:      Secure Sockets and Transport Layer Security
URL:          http://www.openssl.org/
Source:       http://www.openssl.org/source/openssl-engine-%{version}.tar.bz2
Source10:     README.SuSE
Source20:     ICP-Brasil.pem
Patch0:       openssl-0.9.6d.dif
Patch1:       openssl-0.9.6d-flags-priority.dif
Patch3:       openssl-nocrypt.diff
Patch6:       openssl-0.9.6c-x86_64.dif
Patch7:       openssl-0.9.6c-ppc64.diff
# http://www-124.ibm.com/developerworks/projects/libica/
Patch10:      ibmca.patch-0.96e-2.bz2
Patch12:      openssl-0.9.6g.CBC-timing-attack.dif
Patch13:      openssl-engine-0.9.6g-rand.c.dif
Patch14:      openssl-timing-attacks.patch
Patch15:      openssl-engine-0.9.6j-asn1.dif
Patch16:      openssl-CAN-2004-0079.dif
BuildRoot:    %{_tmppath}/%{name}-%{version}-build

%description
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and Open Source toolkit implementing
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
v1) protocols with full-strength cryptography world-wide. The project
is managed by a worldwide community of volunteers that use the Internet
to communicate, plan, and develop the OpenSSL toolkit and its related
documentation.

Derivation and License

OpenSSL is based on the excellent SSLeay library developed from Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under a
Apache-style licence which basically means that you are free to get and
use it for commercial and non-commercial purposes.



Authors:
--------
    Mark J. Cox <mark@openssl.org>
    Ralf S. Engelschall <rse@openssl.org>
    Dr. Stephen Henson <steve@openssl.org>
    Ben Laurie <ben@openssl.org>
    Bodo Moeller <bodo@openssl.org>
    Ulf Moeller <ulf@openssl.org>
    Holger Reif <holger@openssl.org>
    Paul C. Sutton <paul@openssl.org>

%debug_package
%prep
%setup -q -n openssl-engine-%{version}
%patch -p1
%patch1 -p1
%patch3
%patch6 -p1
%patch7 -p1
%patch10 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
cp -p %{S:10} .
cp -p %{S:20} certs/
echo "adding/overwriting some entries in the 'table' hash in Configure"
# $dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib
export DSO_SCHEME='dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)'
cat <<EOF_ED | ed -s Configure 
/^);
-
i
# local configuration added from specfile
#config-string,  $cc:$cflags:$unistd:$thread_cflag:$lflags:$bn_ops:$bn_obj:$des_obj:$bf_obj:$md5_obj:$sha1_obj:$cast_obj:$rc4_obj:$rmd160_obj:$rc5_obj:$DSO_SCHEME
#"linux-elf",    "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-elf",    "gcc:-DL_ENDIAN			::-D_REENTRANT:-ldl:BN_LLONG \${x86_gcc_des} \${x86_gcc_opts}:\${x86_elf_asm}:			$DSO_SCHEME",
"linux-ia64",   "gcc:-DL_ENDIAN -DNO_ASM	::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR::::::::::				$DSO_SCHEME",
"linux-ppc",    "gcc:-DB_ENDIAN			::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::			$DSO_SCHEME",
"linux-ppc64",  "gcc:-DB_ENDIAN			::-D_REENTRANT:-ldl:RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL SIXTY_FOUR_BIT_LONG::::::::::	$DSO_SCHEME",
"linux-elf-arm","gcc:-DL_ENDIAN			::-D_REENTRANT:-ldl:BN_LLONG::::::::::								$DSO_SCHEME",
"linux-mips",   "gcc:-DB_ENDIAN			::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::			$DSO_SCHEME",
"linux-sparcv7","gcc:-DB_ENDIAN			::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::			$DSO_SCHEME",
"linux-sparcv8","gcc:-DB_ENDIAN -DBN_DIV2W -mv8	::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::	$DSO_SCHEME",
"linux-x86_64", "gcc:-DL_ENDIAN -DNO_ASM	::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG::::::::::						$DSO_SCHEME",
"linux-s390",   "gcc:-DB_ENDIAN			::(unknown):   -ldl:BN_LLONG::::::::::								$DSO_SCHEME",
"linux-s390x",  "gcc:-DB_ENDIAN -DNO_ASM	::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG::::::::::						$DSO_SCHEME",
.
wq
EOF_ED

%build
# change /usr/lib to /usr/lib64 if necessary
sed "s+\(\$(INSTALL_PREFIX)\$(INSTALLTOP)\)/lib+\1/%_lib+" Makefile.org > Makefile.new \
	&& diff -u Makefile.org Makefile.new \
	|| mv Makefile.new Makefile.org
./config --test-sanity 
./config threads shared no-rc5 no-idea 		\
	--prefix=%{_prefix} 			\
	--openssldir=%{ssletcdir} 		\
	$RPM_OPT_FLAGS -fno-strict-aliasing	\
	-fomit-frame-pointer \
	-DTERMIO \
	-Wall
# show settings
make TABLE
echo $RPM_OPT_FLAGS
eval $(egrep PLATFORM='[[:alnum:]]' Makefile)
grep -B1 -A22 "^\*\*\* $PLATFORM$" TABLE 
#
make
LD_LIBRARY_PATH=`pwd` make rehash

%install
mkdir -p ${RPM_BUILD_ROOT}%{_libdir}
install -s -m 755 libssl.so.0.9.6 ${RPM_BUILD_ROOT}%{_libdir}/
install -s -m 755 libcrypto.so.0.9.6 ${RPM_BUILD_ROOT}%{_libdir}/

%clean
rm -rf $RPM_BUILD_ROOT;

%post -p /sbin/ldconfig

%postun -p /sbin/ldconfig

%files
%defattr(-, root, root)
%doc CHANGE* INSTAL*
%doc LICENSE NEWS README README.SuSE openssl.doxy
%{_libdir}/libssl.so.%{num_version}
%{_libdir}/libcrypto.so.%{num_version}

%changelog -n compat-openssl096g
* Wed Feb 27 2008 - gerrit.beine@gmx.de
- Moved to openSUSE BuildService
* Tue Jul 20 2004 - kukuk@suse.de
- Rename to compat-openssl096g
* Tue Mar 02 2004 - poeml@suse.de
- add security fix for CAN-2004-0079 (possible null-pointer
  assignment during SSL/TLS handshake)
* Wed Jan 14 2004 - choeger@suse.de
- removed a part of the openssl-timing-attacks.patch which addresses
  the timing attack on RSA keys problem
  see http://www.openssl.org/news/secadv_20030317.txt.
  The patch to rsa_lib.c was not thread save.
* Tue Sep 30 2003 - poeml@suse.de
- security fix (CAN-2003-0543, CAN-2003-0544): fix vulnerabilities
  in ASN.1 parsing, and an error in the SSL/TLS protocol handling
* Wed Sep 10 2003 - poeml@suse.de
- add root certificate for the ICP-Brasil CA [#25840]
* Tue Mar 25 2003 - krahmer@suse.de
- security fix for two different kind of attacks against the
  RSA implementation: timing and an extention of the "Bleichenbacher
  attack"
* Fri Feb 28 2003 - poeml@suse.de
- ia64: don't use the bignum assembly optimization [#24389]
- fix command line parsing of the "rand" command [#23639]
* Thu Feb 20 2003 - poeml@suse.de
- security fix: In ssl3_get_record (ssl/s3_pkt.c), minimize
  information leaked via timing by performing a MAC computation
  even if incorrrect block cipher padding has been found.  This
  is a countermeasure against active attacks where the attacker
  has to distinguish between bad padding and a MAC verification
  error.  (CAN-2003-0078)
* Tue Sep 17 2002 - froh@suse.de
- update ibm-hardware-crypto-patch to ibmca.patch-0.96e-2 (#18953)
* Mon Aug 12 2002 - poeml@suse.de
- update to 0.9.6g and drop the now included ASN1 check patch.
  Other change:
- Use proper error handling instead of 'assertions' in buffer
  overflow checks added in 0.9.6e.  This prevents DoS (the
  assertions could call abort()).
* Fri Aug 09 2002 - kukuk@suse.de
- Fix requires of openssl-devel subpackage
* Tue Aug 06 2002 - draht@suse.de
- Correction for changes in the ASN1 code, assembled in
  openssl-0.9.6e-cvs-20020802-asn1_lib.diff
* Thu Aug 01 2002 - poeml@suse.de
- update to 0.9.6e. Major changes:
  o Various security fixes (sanity checks to asn1_get_length(),
  various remote buffer overflows)
  o new option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS, disabling the
  countermeasure against a vulnerability in the CBC ciphersuites
  in SSL 3.0/TLS 1.0 that was added in 0.9.6d which turned out to
  be incompatible with buggy SSL implementations
- update ibmca crypto hardware patch (security issues fixed)
- gcc 3.1 version detection is fixed, we can drop the patch
- move the most used man pages from the -doc to the main package
  [#9913] and resolve man page conflicts by putting them into ssl
  sections [#17239]
- spec file: use PreReq for %%post script
* Fri Jul 12 2002 - poeml@suse.de
- update to 0.9.6d. Major changes:
  o Various SSL/TLS library bugfixes.
  o Fix DH parameter generation for 'non-standard' generators.
  Complete Changelog: http://www.openssl.org/news/changelog.html
- supposed to fix a session caching failure occuring with postfix
- simplify local configuration for the architectures
- there's a new config variable: $shared_ldflag
- use RPM_OPT_FLAGS in favor of predifined cflags by appending them
  at the end
- validate config data (config --check-sanity)
- resolve file conflict of /usr/share/man/man1/openssl.1.gz [#15982]
- move configuration to /etc/ssl [#14387]
- mark openssl.cnf %%config (noreplace)
* Sat Jul 06 2002 - schwab@suse.de
- Include <crypt.h> to get crypt prototype.
* Fri Jul 05 2002 - kukuk@suse.de
- Remove crypt prototype from des.h header file, too.
* Mon Jun 10 2002 - meissner@suse.de
- enhanced ppc64 support (needs seperate config), reenabled make check
* Fri May 31 2002 - olh@suse.de
- add ppc64 support, temporary disable make check
* Thu Apr 18 2002 - meissner@suse.de
- fixed x86_64 build, added bc to needed_for_build (used by tests)
* Wed Apr 17 2002 - ro@suse.de
- fixed gcc version determination
- drop sun4c support/always use sparcv8
- ignore return code from showciphers
* Fri Mar 15 2002 - poeml@suse.de
- add settings for sparc to build shared objects. Note that all
  sparcs (sun4[mdu]) are recognized as linux-sparcv7
* Wed Feb 06 2002 - kukuk@suse.de
- Remove crypt function from libcrypto.so.0 [Bug #13056]
* Sun Feb 03 2002 - poeml@suse.de
- add settings for mips to build shared objects
- print out all settings to the build log
* Tue Jan 29 2002 - poeml@suse.de
- update to 0.9.6c:
  o bug fixes
  o support for hardware crypto devices (Cryptographic Appliances,
  Broadcom, and Accelerated Encryption Processing)
- add IBMCA patch for IBM eServer Cryptographic Accelerator Device
  Driver (#12565) (forward ported from 0.9.6b)
  (http://www-124.ibm.com/developerworks/projects/libica/)
- tell Configure how to build shared libs for s390 and s390x
- tweak Makefile.org to use %%_libdir
- clean up spec file
- add README.SuSE as source file instead of in a patch
* Wed Dec 05 2001 - uli@suse.de
- disabled "make test" for ARM (destest segfaults, the other tests
  seem to succeed)
* Wed Dec 05 2001 - ro@suse.de
- removed subpackage src
* Wed Nov 28 2001 - uli@suse.de
- needs -ldl on ARM, too
* Mon Nov 19 2001 - mls@suse.de
- made mips big endian, fixed shared library creation for mips
* Fri Aug 31 2001 - rolf@suse.de
- added root certificates [BUG#9913]
- move from /usr/ssh to /usr/share/ssl
* Wed Jul 18 2001 - rolf@suse.de
- update to 0.9.6b
- switch to engine version of openssl, which supports hardware
  encryption for a few popular devices
- check wether shared libraries have been generated
* Thu Jul 05 2001 - rolf@suse.de
- appliy PRNG security patch
* Tue Jun 12 2001 - bk@suse.de
- added support for s390x
* Mon May 07 2001 - kukuk@suse.de
- Fix building of shared libraries on SPARC, too.
* Mon May 07 2001 - rolf@suse.de
- Fix ppc and s390 shared library builds
- resolved conflict in manpage naming:
  rand.3 is now sslrand.3 [BUG#7643]
* Tue May 01 2001 - schwab@suse.de
- Fix ia64 configuration.
- Fix link command.
* Thu Apr 26 2001 - bjacke@suse.de
- updated to 0.96a
* Wed Apr 18 2001 - kkaempf@suse.de
- provide .so files in -devel package only
* Tue Apr 17 2001 - bjacke@suse.de
- resolve file name conflict (#6966)
* Wed Mar 21 2001 - rolf@suse.de
- new subpackage openssl-src [BUG#6383]
- added README.SuSE which explains where to find the man pages [BUG#6717]
* Fri Dec 15 2000 - sf@suse.de
- changed CFLAG to -O1 to make the tests run successfully
* Mon Dec 11 2000 - rolf@suse.de
- build openssl with no-idea and no-rc5 to meet US & RSA regulations
- build with -fPIC on all platforms (especially IA64)
* Wed Nov 22 2000 - rolf@suse.de
- rename openssls to openssl-devel and add shared libs and header files
- new subpackge openssl-doc for manpages and documentation
- use BuildRoot
* Fri Oct 27 2000 - schwab@suse.de
- Add link-time links for libcrypto and libssl.
- Make sure that LD_LIBRARY_PATH is passed down to sub-makes.
* Mon Oct 02 2000 - rolf@suse.de
- update to 0.9.6
* Mon Apr 10 2000 - bk@suse.de
- fix support for s390-linux
* Mon Apr 10 2000 - rolf@suse.de
- new version 0.9.5a
* Sun Apr 09 2000 - bk@suse.de
- add support for s390-linux
* Mon Mar 27 2000 - kukuk@suse.de
- Use sparcv7 for SPARC
* Wed Mar 01 2000 - rolf@suse.de
- move manpages back, as too many conflict with system manuals
* Wed Mar 01 2000 - rolf@suse.de
- move manpages to %%{_mandir}
- include static libraries
* Wed Mar 01 2000 - bk@suse.de
- added subpackage source openssls, needed for ppp_ssl
* Tue Feb 29 2000 - rolf@suse.de
- new version 0.9.5
* Thu Feb 24 2000 - schwab@suse.de
- add support for ia64-linux
* Mon Jan 31 2000 - kukuk@suse.de
- Create and add libcrypto.so.0 and libssl.so.0
* Mon Sep 13 1999 - bs@suse.de
- ran old prepare_spec on spec file to switch to new prepare_spec.
* Wed Sep 01 1999 - rolf@suse.de
- new version 0.9.4
* Wed May 26 1999 - rolf@suse.de
- new version 0.9.3 with new layout
- alpha asm disabled by default now, no patch needed
* Thu May 20 1999 - ro@suse.de
- disable asm for alpha: seems incomplete
* Mon May 17 1999 - rolf@suse.de
- don't use -DNO_IDEA
* Wed May 12 1999 - rolf@suse.de
- first version 0.9.2b