From acc23d168ba4c554f1fca96aa20ba3ba818bbc99 Mon Sep 17 00:00:00 2001
From: B Stack <bgstack15@gmail.com>
Date: Wed, 18 Sep 2019 16:09:02 -0400
Subject: bump to openssl 1.1.1c-6.fc30

   * document the changes better
   * revert manual changes to patch files and do it in the spec
---
 openssl-freefilesync/openssl.spec | 38 ++++++++++++++++++++++++++++++--------
 1 file changed, 30 insertions(+), 8 deletions(-)

(limited to 'openssl-freefilesync/openssl.spec')

diff --git a/openssl-freefilesync/openssl.spec b/openssl-freefilesync/openssl.spec
index f4d8c1f..2e23c2c 100644
--- a/openssl-freefilesync/openssl.spec
+++ b/openssl-freefilesync/openssl.spec
@@ -11,12 +11,9 @@
 # 1.0.0 soversion = 10
 # 1.1.0 soversion = 1.1 (same as upstream although presence of some symbols
 #                        depends on build configuration options)
-
-# Additions for openssl-freefilesync
-# https://github.com/aria2/aria2/issues/1249
-# change fips-post-rand.patch where it calls random.h to:
-# +# include </usr/include/linux/random.h>
 %define soversion 1.1
+
+# for openssl-freefilesync
 %define fullname openssl-freefilesync
 %define shortname openssl
 
@@ -27,9 +24,11 @@
 %global _performance_build 1
 
 Summary: Utilities from the general purpose cryptography library with TLS implementation
+# for openssl-freefilesync
 Name: %{fullname}
 Version: 1.1.1c
-Release: 2.stack%{?dist}
+# for openssl-freefilesync
+Release: 6.stack%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -98,6 +97,7 @@ protocols.
 %package libs
 Summary: A general purpose cryptography library with TLS implementation
 Requires: ca-certificates >= 2008-5
+# for openssl-freefilesync
 #Requires: crypto-policies >= 20180730
 #Recommends: openssl-pkcs11%{?_isa}
 Provides: openssl-fips = %{epoch}:%{version}-%{release}
@@ -138,6 +138,7 @@ package provides Perl scripts for converting certificates and keys
 from other formats to the formats used by the OpenSSL toolkit.
 
 %prep
+# for openssl-freefilesync
 %setup -q -n %{shortname}-%{version}
 
 # The hobble_openssl is called here redundantly, just to be sure.
@@ -169,6 +170,8 @@ cp %{SOURCE13} test/
 %patch46 -p1 -b .seclevel
 %patch47 -p1 -b .ts-sha256-default
 %patch48 -p1 -b .fips-post-rand
+# for openssl-freefilesync
+sed -i -r -e '/sys\/random\.h/s@sys/random\.h@/usr/include/linux/random.h@;' crypto/rand/rand_unix.c
 %patch49 -p1 -b .evp-kdf
 %patch50 -p1 -b .ssh-kdf
 %patch51 -p1 -b .upstream-sync
@@ -241,6 +244,7 @@ sslarch=linux-generic64
 # marked as not requiring an executable stack.
 # Also add -DPURIFY to make using valgrind with openssl easier as we do not
 # want to depend on the uninitialized memory as a source of entropy anyway.
+# for openssl-freefilesync
 RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DPURIFY $RPM_LD_FLAGS"
 
 export HASHBANGPERL=/usr/bin/perl
@@ -362,6 +366,7 @@ mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/newcerts
 
 # Ensure the config file timestamps are identical across builds to avoid
 # mulitlib conflicts and unnecessary renames on upgrade
+# for openssl-freefilesync
 touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf%{version}
 touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf%{version}
 
@@ -424,6 +429,7 @@ export LD_LIBRARY_PATH
 %dir %{_sysconfdir}/pki/tls/certs
 %dir %{_sysconfdir}/pki/tls/misc
 %dir %{_sysconfdir}/pki/tls/private
+# for openssl-freefilesync
 %config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf%{version}
 %config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf%{version}
 %attr(0755,root,root) %{_libdir}/libcrypto.so.%{version}
@@ -458,13 +464,29 @@ export LD_LIBRARY_PATH
 %dir %{_sysconfdir}/pki/CA/crl
 %dir %{_sysconfdir}/pki/CA/newcerts
 
+# for openssl-freefilesync
 %post libs -p /sbin/ldconfig
 
 %postun libs -p /sbin/ldconfig
 
 %changelog
-* Tue Jul 16 2019 B Stack <bgstack15@gmail.com> 1.1.1c-3.stack
-- rebuild for el7
+* Wed Sep 18 2019 B Stack <bgstack15@gmail.com> 1.1.1c-6.stack
+- rebuild for el7 for freefilesync
+
+* Fri Sep  6 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1c-6
+- upstream fix for status request extension non-compliance (#1737471)
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.1.1c-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Mon Jun 24 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1c-4
+- do not try to use EC groups disallowed in FIPS mode
+  in TLS
+- fix Valgrind regression with constant-time code
+
+* Mon Jun  3 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1c-3
+- add upstream patch to defer sending KeyUpdate after
+  pending writes are complete
 
 * Thu May 30 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1c-2
 - fix use of uninitialized memory
-- 
cgit 


From 6759ff9a7d01d3b41e2cd3e38009269e54f98d5d Mon Sep 17 00:00:00 2001
From: B Stack <bgstack15@gmail.com>
Date: Wed, 18 Sep 2019 16:57:41 -0400
Subject: adding experimental man page renaming

   struggling with the %suffix macro
---
 openssl-freefilesync/openssl.spec | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'openssl-freefilesync/openssl.spec')

diff --git a/openssl-freefilesync/openssl.spec b/openssl-freefilesync/openssl.spec
index 2e23c2c..6815465 100644
--- a/openssl-freefilesync/openssl.spec
+++ b/openssl-freefilesync/openssl.spec
@@ -16,6 +16,7 @@
 # for openssl-freefilesync
 %define fullname openssl-freefilesync
 %define shortname openssl
+%define suffix 111c
 
 # Arches on which we need to prevent arch conflicts on opensslconf.h, must
 # also be handled in opensslconf-new.h.
@@ -406,13 +407,22 @@ install -m644 %{SOURCE9} \
 LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
 export LD_LIBRARY_PATH
 
+# for openssl-freefilesync
+pushd ${RPM_BUILD_ROOT}%{_mandir}
+for word in $( find . ! -type d -print ) ;
+do
+   mv "${word}" "${word}%{suffix}"
+done
+popd
+mv %{RPM_BUILD_ROOT}%{_bindir}/openssl{,%{suffix}}
+
 %files
 %{!?_licensedir:%global license %%doc}
 %license LICENSE
 %doc FAQ NEWS README README.FIPS
 %{_bindir}/make-dummy-cert
 %{_bindir}/renew-dummy-cert
-%{_bindir}/openssl
+%{_bindir}/openssl%{suffix}
 %{_mandir}/man1*/*
 %{_mandir}/man5*/*
 %{_mandir}/man7*/*
-- 
cgit 


From 0bf7b02166e6ba107b9888dffab02a8c4d0e22b9 Mon Sep 17 00:00:00 2001
From: B Stack <bgstack15@gmail.com>
Date: Thu, 19 Sep 2019 09:26:17 -0400
Subject: ready for copr build

---
 openssl-freefilesync/openssl.spec | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'openssl-freefilesync/openssl.spec')

diff --git a/openssl-freefilesync/openssl.spec b/openssl-freefilesync/openssl.spec
index 6815465..29cef89 100644
--- a/openssl-freefilesync/openssl.spec
+++ b/openssl-freefilesync/openssl.spec
@@ -16,7 +16,6 @@
 # for openssl-freefilesync
 %define fullname openssl-freefilesync
 %define shortname openssl
-%define suffix 111c
 
 # Arches on which we need to prevent arch conflicts on opensslconf.h, must
 # also be handled in opensslconf-new.h.
@@ -411,10 +410,10 @@ export LD_LIBRARY_PATH
 pushd ${RPM_BUILD_ROOT}%{_mandir}
 for word in $( find . ! -type d -print ) ;
 do
-   mv "${word}" "${word}%{suffix}"
+   mv "${word}" "${word}-111c"
 done
 popd
-mv %{RPM_BUILD_ROOT}%{_bindir}/openssl{,%{suffix}}
+mv ${RPM_BUILD_ROOT}%{_bindir}/openssl{,-111c}
 
 %files
 %{!?_licensedir:%global license %%doc}
@@ -422,7 +421,8 @@ mv %{RPM_BUILD_ROOT}%{_bindir}/openssl{,%{suffix}}
 %doc FAQ NEWS README README.FIPS
 %{_bindir}/make-dummy-cert
 %{_bindir}/renew-dummy-cert
-%{_bindir}/openssl%{suffix}
+# for openssl-freefilesync
+%{_bindir}/openssl-111c
 %{_mandir}/man1*/*
 %{_mandir}/man5*/*
 %{_mandir}/man7*/*
-- 
cgit