# Use --define 'no64 1' on the command line to disable 64bit build %{!?no64:%define BUILD64 1} %{?no64:%define BUILD64 0} %define libmaj 0 %define libmin 9 %define librel 7l Release: 2 %define openssldir /var/ssl %define openssldir64 /var/ssl/64 Summary: Secure Sockets Layer and cryptography libraries and tools Name: openssl Version: %{libmaj}.%{libmin}.%{librel} Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz #shared libs built from 0.9.6m sources; will keep for compatability (for now) Source1: libcrypto.so.0 Source2: libssl.so.0 Patch0: %{name}.aixshlib-%{version}.patch Patch1: %{name}.configure-%{version}.patch Patch2: %{name}.compat-%{version}.patch Patch3: %{name}.thd-%{version}.patch License: OpenSSL License Group: System Environment/Libraries Provides: SSL URL: http://www.openssl.org/ BuildRoot: /var/tmp/%{name}-%{version}-root Prefix: %{_prefix} Obsoletes: openssl64 %define prefix64 %{prefix}/64 %define DEFCC xlc_r %description The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL tookit and its related documentation. OpenSSL is based on the excellent SSLeay library developed from Eric A. Young and Tim J. Hudson. OpenSSL is licensed under the OpenSSL License, included in this package. This package contains the base OpenSSL cryptography and SSL/TLS libraries and tools. You should also install a pseudo-random number generator such as EGD or prngd if you do not have a /dev/urandom and /dev/random. %package devel Summary: Secure Sockets Layer and cryptography static libraries and headers Group: Development/Libraries Requires: openssl Obsoletes: openssl64-devel %description devel The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL tookit and its related documentation. OpenSSL is based on the excellent SSLeay library developed from Eric A. Young and Tim J. Hudson. OpenSSL is licensed under the OpenSSL License, included in this package. This package contains the the OpenSSL cryptography and SSL/TLS static libraries and header files required when developing applications. %package doc Summary: OpenSSL miscellaneous files Group: Documentation Requires: openssl Obsoletes: openssl64-doc %description doc The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL tookit and its related documentation. OpenSSL is based on the excellent SSLeay library developed from Eric A. Young and Tim J. Hudson. OpenSSL is licensed under the OpenSSL License, included in this package. This package contains the the OpenSSL cryptography and SSL/TLS extra documentation and POD files from which the man pages were produced. %prep %setup -q %patch0 -b .aix %patch1 -b .configure %patch2 -b .compat %patch3 -b .thd %if %{BUILD64} == 1 ###################################################### # Prep 64-bit build in 64bit subdirectory ###################################################### # Test whether we can run a 64bit command so we don't waste our time /usr/bin/locale64 >/dev/null 2>&1 mkdir 64bit cd 64bit gzip -dc %{SOURCE0} |tar -xf - cd %{name}-%{version} %patch0 -b .aix %patch1 -b .configure ## Skipping .compat patch for 64bit; no history of older 64bit apps ## If you want it, just uncomment next line and rebuild. ##%patch2 -b .compat %patch3 -b .thd %endif %build # Use the default compiler for this platform - gcc otherwise if [[ -z "$CC" ]] then if test "X`type %{DEFCC} 2>/dev/null`" != 'X'; then export CC=%{DEFCC} else export CC=gcc fi fi if test "X$CC" != "Xgcc" then export RPM_OPT_FLAGS=`echo $RPM_OPT_FLAGS | sed 's:-fsigned-char::'` export CFLAGS="$RPM_OPT_FLAGS" if [[ "X$CC" = "Xxlc_r" ]] then TARGET=aix-xlc_r else TARGET=aix-cc fi else TARGET=aix-gcc fi %define CONFIG_FLAGS -DSSL_ALLOW_ADH no-symlinks --prefix=%{prefix} perl util/perlpath.pl /usr/bin/perl ./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} no-idea no-rc5 $TARGET shared threads rm -f libssl.a libcrypto.a 2>/dev/null || : LIBPATH=`pwd`:/usr/lib make LIBPATH=`pwd`:/usr/lib make SHLIB_TARGET=aix-shared INSTALL_TOP=%{prefix} build-shared # Swap non-shared and shared so that apps link with shared for lib in libcrypto libssl do mv ${lib}.a ${lib}-static.a mv ${lib}-shared.a ${lib}.a done # Add the older 0.9.6m libcrypto member, for compatibility with older apps # (make sure they're set for LOADONLY w/ strip -e) /usr/bin/strip -e %{SOURCE1} %{SOURCE2} /usr/bin/ar -q libcrypto.a %{SOURCE1} /usr/bin/ar -q libssl.a %{SOURCE2} # This openssl was linked static; relink it dynamically rm apps/openssl cd apps LIBPATH=`pwd`/..:/usr/lib make CFLAGS="$CFLAGS -blibpath:%{prefix}/lib:/usr/lib" cd .. LIBPATH=`pwd`:/usr/lib make rehash # Swap non-shared and shared so that rebuilds work as expected for lib in libcrypto libssl do mv ${lib}.a ${lib}-shared.a mv ${lib}-static.a ${lib}.a done %if %{BUILD64} == 1 ####################################################################### # Now build again as 64bit ####################################################################### cd 64bit/%{name}-%{version} if [[ "$TARGET" = "aix-cc" ]]; then TARGET="aix64-cc" elif [[ "$TARGET" = "aix-xlc_r" ]]; then TARGET="aix64-xlc_r" fi export OBJECT_MODE=64 perl util/perlpath.pl /usr/bin/perl ./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir64} no-idea no-rc5 $TARGET shared rm -f libssl.a libcrypto.a 2>/dev/null || : LIBPATH=`pwd`:/usr/lib make AR="/bin/ar r" RANLIB="PATH=/usr/bin /usr/bin/ranlib" LIBPATH=`pwd`:/usr/lib make AR="/bin/ar r" RANLIB="PATH=/usr/bin /usr/bin/ranlib" SHLIB_TARGET=aix-shared INSTALL_TOP=%{prefix64} build-shared # Swap non-shared and shared so that apps link with shared for lib in libcrypto libssl do mv ${lib}.a ${lib}-static.a mv ${lib}-shared.a ${lib}.a done rm apps/openssl cd apps LIBPATH=`pwd`/..:/usr/lib make AR="/bin/ar r" RANLIB="PATH=/usr/bin /usr/bin/ranlib" CFLAGS="$CFLAGS -blibpath:%{prefix64}/lib:/usr/lib" cd .. LIBPATH=`pwd`:/usr/lib make AR="/bin/ar r" RANLIB="PATH=/usr/bin /usr/bin/ranlib" rehash # Swap non-shared and shared so that rebuilds work as expected for lib in libcrypto libssl do mv ${lib}.a ${lib}-shared.a mv ${lib}-static.a ${lib}.a done ################################ # Now that 64bit library members are built, just extract # their members and merge them into the 32bit libraries. ################################ cp libcrypto*.a libssl*.a .. cd .. slibclean for libname in *.a ; do /usr/bin/ar -x $libname /usr/bin/ar -q ../$libname $(/usr/bin/ar -t $libname) rm $libname $(/usr/bin/ar -t $libname) done %endif #BUILD64 %install rm -rf $RPM_BUILD_ROOT make install MANDIR=%{prefix}/man INSTALL_PREFIX="$RPM_BUILD_ROOT" # Make backwards-compatibility symlink to ssleay ln -s %{prefix}/bin/openssl $RPM_BUILD_ROOT%{prefix}/bin/ssleay # Install shared libs install -m644 libcrypto-shared.a $RPM_BUILD_ROOT%{prefix}/lib/libcrypto.a install -m644 libssl-shared.a $RPM_BUILD_ROOT%{prefix}/lib/libssl.a install -m644 libcrypto.a $RPM_BUILD_ROOT%{prefix}/lib/libcrypto-static.a install -m644 libssl.a $RPM_BUILD_ROOT%{prefix}/lib/libssl-static.a strip $RPM_BUILD_ROOT%{prefix}/bin/openssl || : (cd $RPM_BUILD_ROOT for dir in bin lib include do mkdir -p usr/linux/$dir cd usr/linux/$dir ln -sf ../../..%{prefix}/$dir/* . cd - done # Change these two to be full-path links cd usr/linux/lib rm ./libcrypto.a ./libssl.a ln -sf %{prefix}/lib/libcrypto.a . ln -sf %{prefix}/lib/libssl.a . cd - ) %if %{BUILD64} == 1 #Add links for 64-bit library members ( mkdir -p $RPM_BUILD_ROOT/%{prefix64}/lib cd $RPM_BUILD_ROOT/%{prefix64}/lib ln -s ../../lib/*.a . ) %endif %clean rm -rf $RPM_BUILD_ROOT %files %defattr(0644,root,root,0755) %doc CHANGES CHANGES.SSLeay LICENSE NEWS README %attr(0755,root,root) %{prefix}/bin/* %attr(0755,root,root) %{prefix}/lib/libssl.a %attr(0755,root,root) %{prefix}/lib/libcrypto.a %attr(0755,root,root) %{openssldir}/misc/* %attr(0644,root,root) %{prefix}/man/man[157]/* /usr/linux/bin/* /usr/linux/lib/libssl.a /usr/linux/lib/libcrypto.a %if %{BUILD64} == 1 %attr(755,bin,bin) %dir %{prefix64} %attr(755,bin,bin) %dir %{prefix64}/lib %attr(0755,root,root) %{prefix64}/lib/libssl.a %attr(0755,root,root) %{prefix64}/lib/libcrypto.a %endif %config %attr(0644,root,root) %{openssldir}/openssl.cnf %dir %attr(0755,root,root) %{openssldir}/certs %dir %attr(0755,root,root) %{openssldir}/misc %dir %attr(0750,root,root) %{openssldir}/private %files devel %defattr(-,root,root) %doc CHANGES CHANGES.SSLeay LICENSE NEWS README %attr(0644,root,root) %{prefix}/lib/*-static.a %if %{BUILD64} == 1 %dir %{prefix64} %dir %{prefix64}/lib %attr(0644,root,root) %{prefix64}/lib/*-static.a %endif /usr/linux/lib/*-static.a %attr(0644,root,root) %{prefix}/include/openssl/* /usr/linux/include/* %files doc %defattr(-,root,root) %doc CHANGES CHANGES.SSLeay LICENSE NEWS README %doc doc %attr(0644,root,root) %{prefix}/man/man[3]/* %changelog * Tue Sep 4 2007 Reza Arbab 0.9.7l-2 - Stop appending "ssl" to the man page filenames. * Wed Oct 4 2006 Reza Arbab 0.9.7l-1 - Update to 0.9.7l. * Fri Sep 8 2006 Reza Arbab 0.9.7g-2 - Add patch for CVE-2006-4339. * Wed Oct 5 2005 Reza Arbab 0.9.7g-1 - Update to version 0.9.7g - Add patch for CAN-2005-2969. * Thu Nov 11 2004 David Clissold 0.9.7d-2 - Fix a thread bug; fix reported by David E Watson. * Tue Aug 03 2004 David Clissold 0.9.7d-1 - Update to version 0.9.7d - Keep 0.9.6m shared objects for runtime compat only (for 32bit). * Fri Jul 16 2004 David Clissold 0.9.6m-2 - Add patch for RAND_* null checks; switch to xlc_r. * Wed Mar 17 2004 David Clissold 0.9.6m-1 - Update to 0.9.6m. * Wed Feb 4 2004 David Clissold 0.9.6k-2 - Build 64-bit version of library into same package. * Wed Oct 1 2003 David Clissold - Update to 0.9.6k. (Previous security patches listed below are incorporated - in this version and thus no longer needed.) * Fri Mar 21 2003 David Clissold - Add secadv_20030319.txt patch - Add secadv_20030317.txt patch * Wed Mar 05 2003 David Clissold - Add %defattr for devel and doc pkgs. * Thu Feb 27 2003 David Clissold - Add secadv_20030219.txt patch - See: http://www.openssl.org/news/secadv_20030219.txt * Thu Nov 07 2002 David Clissold - Update to 0.9.6g. * Thu Aug 22 2002 David Clissold - 0.9.6e-2. For entropy, check /dev/urandom first, then if - that isn't there, check /dev/egd-pool. * Tue Jul 30 2002 David Clissold - Security exposure announced today. Update to 0.9.6e. * Mon May 20 2002 David Clissold - 8/3/01 changes inadvertently omitted from last build. * Fri Feb 01 2002 David Clissold - For NIM, make library links full-path * Fri Aug 3 2001 Marc Stephenson - Disable patented algorithms - RC5 and IDEA * Thu Jul 12 2001 Marc Stephenson - Version 0.9.6b * Tue Jun 12 2001 Marc Stephenson - Modify for AIX Toolbox distribution * Thu Sep 14 2000 Richard Levitte - Changed to adapt to the new (supported) way of making shared libraries - Installs all static libraries, not just libRSAglue.a - Extra documents now end up in a separate document package * Sun Feb 27 2000 Damien Miller - Merged patches to spec - Updated to 0.9.5beta2 (now with manpages) * Sat Feb 5 2000 Michal Jaegermann - added 'linux-alpha' to configuration - fixed nasty absolute links * Tue Jan 25 2000 Bennett Todd - Added -DSSL_ALLOW_ADH, bumped Release to 4 * Thu Oct 14 1999 Damien Miller - Set default permissions - Removed documentation from devel sub-package * Thu Sep 30 1999 Damien Miller - Added "make test" stage - GPG signed * Tue Sep 10 1999 Damien Miller - Updated to version 0.9.4 * Tue May 25 1999 Damien Miller - Updated to version 0.9.3 - Added attributes for all files - Paramatised openssl directory * Sat Mar 20 1999 Carlo M. Arenas Belon - Added "official" bnrec patch and taking other out - making a link from ssleay to openssl binary - putting all changelog together on SPEC file * Fri Mar 5 1999 Henri Gomez - Added bnrec patch * Tue Dec 29 1998 Jonathan Ruano - minimum spec and patches changes for openssl - modified for openssl sources * Sat Aug 8 1998 Khimenko Victor - shared library creating process honours $RPM_OPT_FLAGS - shared libarry supports threads (as well as static library) * Wed Jul 22 1998 Khimenko Victor - building of shared library completely reworked * Tue Jul 21 1998 Khimenko Victor - RPM is BuildRoot'ed * Tue Feb 10 1998 Khimenko Victor - all stuff is moved out of /usr/local