1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
|
--- /usr/src/openssl/1.1.1c-6.fc30/openssl.spec 2019-09-06 11:21:33.000000000 -0400
+++ /usr/src/openssl/1.1.1c-6.stack/openssl.spec 2019-09-19 09:13:41.214594699 -0400
@@ -13,6 +13,10 @@
# depends on build configuration options)
%define soversion 1.1
+# for openssl-freefilesync
+%define fullname openssl-freefilesync
+%define shortname openssl
+
# Arches on which we need to prevent arch conflicts on opensslconf.h, must
# also be handled in opensslconf-new.h.
%define multilib_arches %{ix86} ia64 %{mips} ppc ppc64 s390 s390x sparcv9 sparc64 x86_64
@@ -20,9 +24,11 @@
%global _performance_build 1
Summary: Utilities from the general purpose cryptography library with TLS implementation
-Name: openssl
+# for openssl-freefilesync
+Name: %{fullname}
Version: 1.1.1c
-Release: 6%{?dist}
+# for openssl-freefilesync
+Release: 6.stack%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@@ -91,8 +97,9 @@
%package libs
Summary: A general purpose cryptography library with TLS implementation
Requires: ca-certificates >= 2008-5
-Requires: crypto-policies >= 20180730
-Recommends: openssl-pkcs11%{?_isa}
+# for openssl-freefilesync
+#Requires: crypto-policies >= 20180730
+#Recommends: openssl-pkcs11%{?_isa}
Provides: openssl-fips = %{epoch}:%{version}-%{release}
%description libs
@@ -131,7 +138,8 @@
from other formats to the formats used by the OpenSSL toolkit.
%prep
-%setup -q -n %{name}-%{version}
+# for openssl-freefilesync
+%setup -q -n %{shortname}-%{version}
# The hobble_openssl is called here redundantly, just to be sure.
# The tarball has already the sources removed.
@@ -162,6 +170,8 @@
%patch46 -p1 -b .seclevel
%patch47 -p1 -b .ts-sha256-default
%patch48 -p1 -b .fips-post-rand
+# for openssl-freefilesync
+sed -i -r -e '/sys\/random\.h/s@sys/random\.h@/usr/include/linux/random.h@;' crypto/rand/rand_unix.c
%patch49 -p1 -b .evp-kdf
%patch50 -p1 -b .ssh-kdf
%patch51 -p1 -b .upstream-sync
@@ -234,7 +244,8 @@
# marked as not requiring an executable stack.
# Also add -DPURIFY to make using valgrind with openssl easier as we do not
# want to depend on the uninitialized memory as a source of entropy anyway.
-RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -Wa,--generate-missing-build-notes=yes -DPURIFY $RPM_LD_FLAGS"
+# for openssl-freefilesync
+RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DPURIFY $RPM_LD_FLAGS"
export HASHBANGPERL=/usr/bin/perl
@@ -355,11 +366,12 @@
# Ensure the config file timestamps are identical across builds to avoid
# mulitlib conflicts and unnecessary renames on upgrade
-touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf
-touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf
+# for openssl-freefilesync
+touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf%{version}
+touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf%{version}
-rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf.dist
-rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf.dist
+rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf{,.dist}
+rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf{,.dist}
# Determine which arch opensslconf.h is going to try to #include.
basearch=%{_arch}
@@ -394,13 +406,23 @@
LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
export LD_LIBRARY_PATH
+# for openssl-freefilesync
+pushd ${RPM_BUILD_ROOT}%{_mandir}
+for word in $( find . ! -type d -print ) ;
+do
+ mv "${word}" "${word}-111c"
+done
+popd
+mv ${RPM_BUILD_ROOT}%{_bindir}/openssl{,-111c}
+
%files
%{!?_licensedir:%global license %%doc}
%license LICENSE
%doc FAQ NEWS README README.FIPS
%{_bindir}/make-dummy-cert
%{_bindir}/renew-dummy-cert
-%{_bindir}/openssl
+# for openssl-freefilesync
+%{_bindir}/openssl-111c
%{_mandir}/man1*/*
%{_mandir}/man5*/*
%{_mandir}/man7*/*
@@ -417,8 +439,9 @@
%dir %{_sysconfdir}/pki/tls/certs
%dir %{_sysconfdir}/pki/tls/misc
%dir %{_sysconfdir}/pki/tls/private
-%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
-%config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf
+# for openssl-freefilesync
+%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf%{version}
+%config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf%{version}
%attr(0755,root,root) %{_libdir}/libcrypto.so.%{version}
%attr(0755,root,root) %{_libdir}/libcrypto.so.%{soversion}
%attr(0755,root,root) %{_libdir}/libssl.so.%{version}
@@ -451,9 +474,15 @@
%dir %{_sysconfdir}/pki/CA/crl
%dir %{_sysconfdir}/pki/CA/newcerts
-%ldconfig_scriptlets libs
+# for openssl-freefilesync
+%post libs -p /sbin/ldconfig
+
+%postun libs -p /sbin/ldconfig
%changelog
+* Wed Sep 18 2019 B Stack <bgstack15@gmail.com> 1.1.1c-6.stack
+- rebuild for el7 for freefilesync
+
* Fri Sep 6 2019 Tomáš Mráz <tmraz@redhat.com> 1.1.1c-6
- upstream fix for status request extension non-compliance (#1737471)
|