summaryrefslogtreecommitdiff
path: root/openssl-freefilesync/openssl.spec
diff options
context:
space:
mode:
Diffstat (limited to 'openssl-freefilesync/openssl.spec')
-rw-r--r--openssl-freefilesync/openssl.spec38
1 files changed, 30 insertions, 8 deletions
diff --git a/openssl-freefilesync/openssl.spec b/openssl-freefilesync/openssl.spec
index f4d8c1f..2e23c2c 100644
--- a/openssl-freefilesync/openssl.spec
+++ b/openssl-freefilesync/openssl.spec
@@ -11,12 +11,9 @@
# 1.0.0 soversion = 10
# 1.1.0 soversion = 1.1 (same as upstream although presence of some symbols
# depends on build configuration options)
-
-# Additions for openssl-freefilesync
-# https://github.com/aria2/aria2/issues/1249
-# change fips-post-rand.patch where it calls random.h to:
-# +# include </usr/include/linux/random.h>
%define soversion 1.1
+
+# for openssl-freefilesync
%define fullname openssl-freefilesync
%define shortname openssl
@@ -27,9 +24,11 @@
%global _performance_build 1
Summary: Utilities from the general purpose cryptography library with TLS implementation
+# for openssl-freefilesync
Name: %{fullname}
Version: 1.1.1c
-Release: 2.stack%{?dist}
+# for openssl-freefilesync
+Release: 6.stack%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@@ -98,6 +97,7 @@ protocols.
%package libs
Summary: A general purpose cryptography library with TLS implementation
Requires: ca-certificates >= 2008-5
+# for openssl-freefilesync
#Requires: crypto-policies >= 20180730
#Recommends: openssl-pkcs11%{?_isa}
Provides: openssl-fips = %{epoch}:%{version}-%{release}
@@ -138,6 +138,7 @@ package provides Perl scripts for converting certificates and keys
from other formats to the formats used by the OpenSSL toolkit.
%prep
+# for openssl-freefilesync
%setup -q -n %{shortname}-%{version}
# The hobble_openssl is called here redundantly, just to be sure.
@@ -169,6 +170,8 @@ cp %{SOURCE13} test/
%patch46 -p1 -b .seclevel
%patch47 -p1 -b .ts-sha256-default
%patch48 -p1 -b .fips-post-rand
+# for openssl-freefilesync
+sed -i -r -e '/sys\/random\.h/s@sys/random\.h@/usr/include/linux/random.h@;' crypto/rand/rand_unix.c
%patch49 -p1 -b .evp-kdf
%patch50 -p1 -b .ssh-kdf
%patch51 -p1 -b .upstream-sync
@@ -241,6 +244,7 @@ sslarch=linux-generic64
# marked as not requiring an executable stack.
# Also add -DPURIFY to make using valgrind with openssl easier as we do not
# want to depend on the uninitialized memory as a source of entropy anyway.
+# for openssl-freefilesync
RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DPURIFY $RPM_LD_FLAGS"
export HASHBANGPERL=/usr/bin/perl
@@ -362,6 +366,7 @@ mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/newcerts
# Ensure the config file timestamps are identical across builds to avoid
# mulitlib conflicts and unnecessary renames on upgrade
+# for openssl-freefilesync
touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf%{version}
touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf%{version}
@@ -424,6 +429,7 @@ export LD_LIBRARY_PATH
%dir %{_sysconfdir}/pki/tls/certs
%dir %{_sysconfdir}/pki/tls/misc
%dir %{_sysconfdir}/pki/tls/private
+# for openssl-freefilesync
%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf%{version}
%config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf%{version}
%attr(0755,root,root) %{_libdir}/libcrypto.so.%{version}
@@ -458,13 +464,29 @@ export LD_LIBRARY_PATH
%dir %{_sysconfdir}/pki/CA/crl
%dir %{_sysconfdir}/pki/CA/newcerts
+# for openssl-freefilesync
%post libs -p /sbin/ldconfig
%postun libs -p /sbin/ldconfig
%changelog
-* Tue Jul 16 2019 B Stack <bgstack15@gmail.com> 1.1.1c-3.stack
-- rebuild for el7
+* Wed Sep 18 2019 B Stack <bgstack15@gmail.com> 1.1.1c-6.stack
+- rebuild for el7 for freefilesync
+
+* Fri Sep 6 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1c-6
+- upstream fix for status request extension non-compliance (#1737471)
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.1.1c-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Mon Jun 24 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1c-4
+- do not try to use EC groups disallowed in FIPS mode
+ in TLS
+- fix Valgrind regression with constant-time code
+
+* Mon Jun 3 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1c-3
+- add upstream patch to defer sending KeyUpdate after
+ pending writes are complete
* Thu May 30 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1c-2
- fix use of uninitialized memory
bgstack15