diff options
Diffstat (limited to 'openssl-freefilesync/openssl.spec')
-rw-r--r-- | openssl-freefilesync/openssl.spec | 38 |
1 files changed, 30 insertions, 8 deletions
diff --git a/openssl-freefilesync/openssl.spec b/openssl-freefilesync/openssl.spec index f4d8c1f..2e23c2c 100644 --- a/openssl-freefilesync/openssl.spec +++ b/openssl-freefilesync/openssl.spec @@ -11,12 +11,9 @@ # 1.0.0 soversion = 10 # 1.1.0 soversion = 1.1 (same as upstream although presence of some symbols # depends on build configuration options) - -# Additions for openssl-freefilesync -# https://github.com/aria2/aria2/issues/1249 -# change fips-post-rand.patch where it calls random.h to: -# +# include </usr/include/linux/random.h> %define soversion 1.1 + +# for openssl-freefilesync %define fullname openssl-freefilesync %define shortname openssl @@ -27,9 +24,11 @@ %global _performance_build 1 Summary: Utilities from the general purpose cryptography library with TLS implementation +# for openssl-freefilesync Name: %{fullname} Version: 1.1.1c -Release: 2.stack%{?dist} +# for openssl-freefilesync +Release: 6.stack%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -98,6 +97,7 @@ protocols. %package libs Summary: A general purpose cryptography library with TLS implementation Requires: ca-certificates >= 2008-5 +# for openssl-freefilesync #Requires: crypto-policies >= 20180730 #Recommends: openssl-pkcs11%{?_isa} Provides: openssl-fips = %{epoch}:%{version}-%{release} @@ -138,6 +138,7 @@ package provides Perl scripts for converting certificates and keys from other formats to the formats used by the OpenSSL toolkit. %prep +# for openssl-freefilesync %setup -q -n %{shortname}-%{version} # The hobble_openssl is called here redundantly, just to be sure. @@ -169,6 +170,8 @@ cp %{SOURCE13} test/ %patch46 -p1 -b .seclevel %patch47 -p1 -b .ts-sha256-default %patch48 -p1 -b .fips-post-rand +# for openssl-freefilesync +sed -i -r -e '/sys\/random\.h/s@sys/random\.h@/usr/include/linux/random.h@;' crypto/rand/rand_unix.c %patch49 -p1 -b .evp-kdf %patch50 -p1 -b .ssh-kdf %patch51 -p1 -b .upstream-sync @@ -241,6 +244,7 @@ sslarch=linux-generic64 # marked as not requiring an executable stack. # Also add -DPURIFY to make using valgrind with openssl easier as we do not # want to depend on the uninitialized memory as a source of entropy anyway. +# for openssl-freefilesync RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DPURIFY $RPM_LD_FLAGS" export HASHBANGPERL=/usr/bin/perl @@ -362,6 +366,7 @@ mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/newcerts # Ensure the config file timestamps are identical across builds to avoid # mulitlib conflicts and unnecessary renames on upgrade +# for openssl-freefilesync touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf%{version} touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf%{version} @@ -424,6 +429,7 @@ export LD_LIBRARY_PATH %dir %{_sysconfdir}/pki/tls/certs %dir %{_sysconfdir}/pki/tls/misc %dir %{_sysconfdir}/pki/tls/private +# for openssl-freefilesync %config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf%{version} %config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf%{version} %attr(0755,root,root) %{_libdir}/libcrypto.so.%{version} @@ -458,13 +464,29 @@ export LD_LIBRARY_PATH %dir %{_sysconfdir}/pki/CA/crl %dir %{_sysconfdir}/pki/CA/newcerts +# for openssl-freefilesync %post libs -p /sbin/ldconfig %postun libs -p /sbin/ldconfig %changelog -* Tue Jul 16 2019 B Stack <bgstack15@gmail.com> 1.1.1c-3.stack -- rebuild for el7 +* Wed Sep 18 2019 B Stack <bgstack15@gmail.com> 1.1.1c-6.stack +- rebuild for el7 for freefilesync + +* Fri Sep 6 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1c-6 +- upstream fix for status request extension non-compliance (#1737471) + +* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.1.1c-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Mon Jun 24 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1c-4 +- do not try to use EC groups disallowed in FIPS mode + in TLS +- fix Valgrind regression with constant-time code + +* Mon Jun 3 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1c-3 +- add upstream patch to defer sending KeyUpdate after + pending writes are complete * Thu May 30 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1c-2 - fix use of uninitialized memory |