File mingw64-openssl.spec of Package mingw64-openssl
#
# spec file for package mingw64-openssl
#
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
%global __requires_exclude /usr/local/bin/perl
%global _default_patch_fuzz 2
# For the curious:
# 0.9.5a soversion = 0
# 0.9.6 soversion = 1
# 0.9.6a soversion = 2
# 0.9.6c soversion = 3
# 0.9.7a soversion = 4
# 0.9.7ef soversion = 5
# 0.9.8ab soversion = 6
# 0.9.8g soversion = 7
# 0.9.8jk + EAP-FAST soversion = 8
# 1.0.0 soversion = 10
# LibreSSL starts at 27, so don't go too far. Better follow the openSUSE
# scheme of using libcrypto-1.0.0.dll [libcrypto.so.1.0.0]
%global soversion 10
Name: mingw64-openssl
Version: 1.0.2u
Release: 0
Summary: MinGW port of the OpenSSL toolkit
License: OpenSSL
Group: Development/Libraries/C and C++
Url: http://www.openssl.org/
Source: openssl-%{version}.tar.xz
Source2: Makefile.certificate
Source6: make-dummy-cert
Source7: renew-dummy-cert
Source8: openssl-thread-test.c
Source9: opensslconf-new.h
Source10: opensslconf-new-warning.h
Source11: README.FIPS
# probably worth fixing the wrong-script-interpreter issue
Source99: mingw64-openssl-rpmlintrc
# ---- Build / environment fixes ----
Patch1: openssl-1.0.2e-rpmbuild.patch
Patch2: openssl-1.0.2a-defaults.patch
Patch7: openssl-1.0.0-timezone.patch
Patch8: openssl-1.0.1c-perlfind.patch
Patch9: openssl-1.0.1c-aliasing.patch
# ---- openSUSE policy / layout ----
Patch23: openssl-1.0.2c-default-paths.patch
Patch33: openssl-1.0.0-beta4-ca-dir.patch
Patch47: openssl-1.0.2a-readme-warning.patch
Patch66: openssl-1.0.2a-pkgconfig-krb5.patch
#Patch92: erxeexit
# MinGW-specific patches.
# Rename *eay64.dll to lib*.dll
Patch101: mingw32-openssl-1.0.2g-libversion.patch
# Fix engines/ install target after lib rename
Patch102: mingw32-openssl-1.0.2a-sfx.patch
# Some .c file contains in #include <dlfcn.h> while it
# doesn't really use anything from that header
#Patch103: mingw-openssl-drop-unneeded-reference-to-dlfcn-h.patch
# Mingw-w64 compatibility patch
Patch104: openssl_mingw64_install_fix.patch
# Prevent a build failure which occurs because we don't have FIPS enabled
#Patch105: mingw-openssl-fix-fips-build-failure.patch
# The function secure_getenv is a GNU extension which isn't available on Windows
#Patch106: openssl-mingw64-dont-use-secure-getenv.patch
# Don't include the old winsock.h as it will cause warnings/errors in packages
# using the openssl headers like: Please include winsock2.h before windows.h
Patch107: openssl-dont-include-winsock-h.patch
Patch108: 0001-Create-pkg-config-files-for-static-libraries.patch
# security related patches
Patch201: 0001-kek_unwrap_key-Fix-incorrect-check-of-unwrapped-key-.patch
Patch202: 0002-Fix-heap-buffer-overflow-in-BIO_f_linebuffer.patch
Patch203: 0003-PKCS12_item_decrypt_d2i_ex-Check-oct-argument-for-NU.patch
Patch204: 0004-Ensure-ASN1-types-are-checked-before-use.patch
Patch205: 0005-Fix-timing-side-channel-in-ECDSA-signature-computati.patch
Patch206: 0006-Restrict-the-size-of-OBJECT-IDENTIFIERs-that-OBJ_obj.patch
Patch207: 0007-Fix-Timing-Oracle-in-RSA-decryption.patch
Patch208: 0008-Fix-possible-infinite-loop-in-BN_mod_sqrt.patch
Patch209: 0009-Fix-EC_GROUP_new_from_ecparameters-to-check-the-base.patch
Patch210: 0010-Fix-Null-pointer-deref-in-X509_issuer_and_serial_has.patch
Patch211: 0011-Correctly-compare-EdiPartyName-in-GENERAL_NAME_cmp.patch
BuildRequires: diffutils
BuildRequires: mingw64-cross-gcc
BuildRequires: mingw64-zlib-devel
BuildRequires: mktemp
BuildRequires: perl
BuildRequires: util-linux
# XXX Not really sure about this one. The build script uses
# /usr/bin/makedepend which comes from imake.
#BuildRequires: imake
BuildRequires: xorg-x11-util-devel
%_mingw64_package_header_debug
BuildArch: noarch
%description
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and open source toolkit implementing
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
v1) protocols with full-strength cryptography. The project is managed
by a worldwide community of volunteers that use the Internet to
communicate, plan, and develop the OpenSSL toolkit and its related
documentation.
Derivation and License
OpenSSL is based on the excellent SSLeay library developed by Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style license, which basically means that you are free to get it
and to use it for commercial and noncommercial purposes.
%package -n mingw64-libopenssl
Summary: Secure Sockets and Transport Layer Security (library)
Group: System/Libraries
%description -n mingw64-libopenssl
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and open source toolkit implementing
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
v1) protocols with full-strength cryptography. The project is managed
by a worldwide community of volunteers that use the Internet to
communicate, plan, and develop the OpenSSL toolkit and its related
documentation.
Derivation and License
OpenSSL is based on the excellent SSLeay library developed by Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style license, which basically means that you are free to get it
and to use it for commercial and noncommercial purposes.
%package -n mingw64-libopenssl-devel
Summary: Secure Sockets and Transport Layer Security (development files)
Group: Development/Libraries/C and C++
# for static library
Requires: mingw64-zlib-devel
Requires: mingw64-libopenssl = %{version}
%description -n mingw64-libopenssl-devel
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and open source toolkit implementing
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
v1) protocols with full-strength cryptography. The project is managed
by a worldwide community of volunteers that use the Internet to
communicate, plan, and develop the OpenSSL toolkit and its related
documentation.
Derivation and License
OpenSSL is based on the excellent SSLeay library developed by Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style license, which basically means that you are free to get it
and to use it for commercial and noncommercial purposes.
%_mingw64_debug_package
%prep
%autosetup -p1 -n openssl-%{version}
sed -i 's/SHLIB_VERSION_NUMBER "2.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h
# workaround freakish perl:
#/var/tmp/rpm-tmp.dEUR3i: ./Configure: ./perl: bad interpreter: Permission denied
#error: Bad exit status from /var/tmp/rpm-tmp.dEUR3i (%%build)
#rmdir perl
#ln -s /usr/bin/perl perl
# Generate a table with the compile settings for my perusal.
touch Makefile
make TABLE PERL=perl
# Use mingw cflags instead of hardcoded ones
sed -i -e '/^"mingw"/ s/-fomit-frame-pointer -O3 -march=i486 -Wall/%{_mingw64_cflags}/' Configure
%build
ZLIB_LIBRARY=$(%_mingw64_env; pkg-config --libs zlib-static)
PERL=perl \
./Configure \
--prefix=%{_mingw64_prefix} \
--openssldir=%{_mingw64_sysconfdir}/pki/tls \
--with-zlib-lib=$ZLIB_LIBRARY \
zlib enable-camellia enable-ec enable-seed enable-tlsext enable-rfc3779 \
enable-cms enable-md2 no-mdc2 no-rc5 no-gost no-srp \
no-fips no-hw \
--cross-compile-prefix=%{_mingw64_target}- \
shared mingw64
# Regenerate def files as we disabled some algorithms above
perl util/mkdef.pl crypto ssl update
# Regenerate def files as we disabled some algorithms above
perl util/mkdef.pl crypto ssl update
make depend
make all build-shared
make rehash build-shared
if ! iconv -f UTF-8 -t ASCII//TRANSLIT CHANGES >/dev/null 2>&1 ; then
iconv -f ISO-8859-1 -t UTF-8 -o CHANGES.utf8 CHANGES && \
mv -f CHANGES.utf8 CHANGES
fi
%install
mkdir -p %{buildroot}%{_mingw64_libdir}/openssl
mkdir -p %{buildroot}%{_mingw64_bindir}
mkdir -p %{buildroot}%{_mingw64_includedir}
mkdir -p %{buildroot}%{_mingw64_mandir}
make INSTALL_PREFIX=%{buildroot} install build-shared
# Install the file applink.c (#499934)
install -m644 ms/applink.c %{buildroot}%{_mingw64_includedir}/openssl/applink.c
mv %{buildroot}%{_mingw64_sysconfdir}/pki/tls/man/* \
%{buildroot}%{_mingw64_mandir}
# Install a makefile for generating keys and self-signed certs, and a script
# for generating them on the fly.
mkdir -p %{buildroot}%{_mingw64_sysconfdir}/pki/tls/certs
install -m644 %{SOURCE2} %{buildroot}%{_mingw64_sysconfdir}/pki/tls/certs/Makefile
install -m755 %{SOURCE6} %{buildroot}%{_mingw64_sysconfdir}/pki/tls/certs/make-dummy-cert
install -m755 %{SOURCE7} %{buildroot}%{_mingw64_sysconfdir}/pki/tls/certs/renew-dummy-cert
# Pick a CA script.
pushd %{buildroot}%{_mingw64_sysconfdir}/pki/tls/misc
mv CA.sh CA
popd
mkdir -m700 %{buildroot}%{_mingw64_sysconfdir}/pki/CA
mkdir -m700 %{buildroot}%{_mingw64_sysconfdir}/pki/CA/private
%files
%defattr(-,root,root)
%{_mingw64_bindir}/openssl.exe
%{_mingw64_bindir}/c_rehash
%{_mingw64_mandir}/man1/*
%{_mingw64_mandir}/man5/*
%{_mingw64_mandir}/man7/*
%config(noreplace) %{_mingw64_sysconfdir}
%files -n mingw64-libopenssl
%defattr(-,root,root)
%{_mingw64_bindir}/libcrypto-%{soversion}.dll
%{_mingw64_bindir}/libssl-%{soversion}.dll
%dir %{_mingw64_libdir}/engines/
%{_mingw64_libdir}/engines/*.dll
%files -n mingw64-libopenssl-devel
%defattr(-,root,root)
%{_mingw64_libdir}/pkgconfig/*.pc
%{_mingw64_libdir}/libcrypto.dll.a
%{_mingw64_libdir}/libssl.dll.a
%{_mingw64_libdir}/libcrypto.a
%{_mingw64_libdir}/libssl.a
%{_mingw64_includedir}/openssl
%{_mingw64_mandir}/man3/*
%changelog
