openssl-1.1.1-1

git-svn-id: http://trac.vinelinux.org/repos/projects/specs@11830 ec354946-7b23-47d6-9f5a-488ba84defc7

o/openssl/openssl-vl.spec

@@ -1,23 +1,51 @@
 %define build_compat32 %{?_with_compat32:1}%{!?_with_compat32:0}
-%define soversion 10
-%define version 1.0.2o
-%define release 1%{_dist_release}
+%{!?_pkgdocdir:%define _pkgdocdir %{_docdir}}
+%define version 1.1.1
+%define release 2%{_dist_release}
+# 1.0.0 soversion = 10
+# 1.1.0 soversion = 1.1 (same as upstream although presence of some symbols
+#                        depends on build configuration options)
+%define soversion 1.1
 
 Summary: Secure Sockets Layer Toolkit
 Name: openssl
 Version: %{version}
 Release: %{release}
-Source: ftp://ftp.openssl.org/source/openssl-%{version}.tar.gz
+# We have to remove certain patented algorithms from the openssl source
+# tarball with the hobble-openssl script which is included below.
+# The original openssl upstream tarball cannot be shipped in the .src.rpm.
+Source: openssl-%{version}-hobbled.tar.xz
+Source1: hobble-openssl
 Source2: Makefile.certificate
 Source6: make-dummy-cert
 Source7: renew-dummy-cert
-
-# Patch0: openssl-1.0.2-soversion.patch
-# Patch2: openssl-1.0.1-rpm_opt.patch
-Patch0: openssl-1.0.2g-rpmbuild.patch
-Patch4: openssl-1.0.2g-enginesdir.patch
-Patch5: openssl-1.0.2a-version-add-engines.patch
-Patch8: openssl-1.0.1c-perlfind.patch
+Source9: opensslconf-new.h
+Source10: opensslconf-new-warning.h
+#Source11: README.FIPS
+Source12: ec_curve.c
+Source13: ectest.c
+
+# Build changes
+Patch1: openssl-1.1.1-build.patch
+Patch2: openssl-1.1.0-defaults.patch
+Patch3: openssl-1.1.0-no-html.patch
+Patch4: openssl-1.1.1-man-rename.patch
+# Bug fixes
+Patch21: openssl-1.1.0-issuer-hash.patch
+# Functionality changes
+Patch31: openssl-1.1.1-conf-paths.patch
+Patch32: openssl-1.1.1-version-add-engines.patch
+Patch33: openssl-1.1.0-apps-dgst.patch
+Patch36: openssl-1.1.1-secure-getenv.patch
+Patch37: openssl-1.1.1-ec-curves.patch
+Patch38: openssl-1.1.0-no-weak-verify.patch
+Patch40: openssl-1.1.1-disable-ssl3.patch
+Patch41: openssl-1.1.1-system-cipherlist.patch
+#Patch42: openssl-1.1.1-fips.patch
+Patch43: openssl-1.1.1-ignore-bound.patch
+#Patch44: openssl-1.1.1-version-override.patch
+Patch45: openssl-1.1.1-weak-ciphers.patch
+Patch46: openssl-1.1.1-seclevel.patch
 
 # security fix
 # nothing ;-)
@@ -29,6 +57,7 @@ URL: http://www.openssl.org/
 BuildRoot: %{_tmppath}/%{name}-%{version}-root
 BuildRequires: perl, sed
 BuildRequires: zlib-devel, krb5-devel
+BuildRequires: lksctp-tools-devel
 
 Requires: mktemp
 Requires: ca-certificates
@@ -71,8 +100,9 @@ protocols.
 %package perl
 Summary: OpenSSL scripts which require Perl.
 Group: Applications/Internet
-Requires: perl
 Requires: %{name} = %{version}-%{release}
+Requires: perl
+Requires: perl-WWW-Curl
 
 %description perl
 Perl scripts provided with OpenSSL for converting certificates and keys
@@ -98,33 +128,40 @@ with support for various the cryptographic algorithms and protocols
 supported by OpenSSL.
 
 %prep
-%setup -q -n openssl-%{version}
-
-%patch0 -p1 -b .soversion
-%patch4 -p1 -b .enginesdir
-%patch5 -p1 -b .version-add-engines
-%patch8 -p1 -b .perlfind
+%setup -q -n %{name}-%{version}
+
+# The hobble_openssl is called here redundantly, just to be sure.
+# The tarball has already the sources removed.
+%{SOURCE1} > /dev/null
+
+cp %{SOURCE12} crypto/ec/
+cp %{SOURCE13} test/
+
+%patch1 -p1 -b .build   %{?_rawbuild}
+%patch2 -p1 -b .defaults
+%patch3 -p1 -b .no-html  %{?_rawbuild}
+%patch4 -p1 -b .man-rename
+
+%patch21 -p1 -b .issuer-hash
+
+%patch31 -p1 -b .conf-paths
+%patch32 -p1 -b .version-add-engines
+%patch33 -p1 -b .dgst
+%patch36 -p1 -b .secure-getenv
+%patch37 -p1 -b .curves
+%patch38 -p1 -b .no-weak-verify
+%patch40 -p1 -b .disable-ssl3
+%patch41 -p1 -b .system-cipherlist
+#patch42 -p1 -b .fips
+%patch43 -p1 -b .ignore-bound
+#patch44 -p1 -b .version-override
+%patch45 -p1 -b .weak-ciphers
+%patch46 -p1 -b .seclevel
 
 # security fix
 # nothing ;-)
 
-chmod 644 FAQ LICENSE CHANGES NEWS INSTALL README
-chmod 644 doc/README doc/c-indentation.el doc/openssl.txt
-# chmod 644 doc/openssl_button.html doc/openssl_button.gif
-chmod 644 doc/ssleay.txt
-
 %build 
-PATH=${PATH}:${PWD}/bin
-TOPDIR=${PWD}
-LD_LIBRARY_PATH=${TOPDIR}:${TOPDIR}/bin:${PATH} ; export LD_LIBRARY_PATH
-
-# Modify the various perl scripts to reference perl in the right location.
-perl util/perlpath.pl `dirname %{__perl}`
-
-# Generate a table with the compile settings for my perusal.
-touch Makefile
-make TABLE PERL=%{__perl}
-
 # Figure out which flags we want to use.
 # default
 sslarch=%{_os}-%{_target_cpu}
@@ -135,106 +172,117 @@ if ! echo %{_target} | grep -q i686 ; then
    sslflags="no-asm 386"
 fi
 %endif
-%ifarch sparcv9
-sslarch=linux-sparcv9
-sslflags=no-asm
-%endif
-%ifarch sparc64
-sslarch=linux64-sparcv9
-sslflags=no-asm
-%endif
-%ifarch alpha alphaev56 alphaev6 alphaev67
-sslarch=linux-alpha-gcc
-%endif
-%ifarch s390 sh3eb sh4eb
-sslarch="linux-generic32 -DB_ENDIAN"
-%endif
-%ifarch s390x
-sslarch="linux64-s390x"
+%ifarch x86_64
+sslflags=enable-ec_nistp_64_gcc_128
 %endif
-%ifarch %{arm} sh3 sh4
-sslarch=linux-generic32
-%endif
-# ia64/x86_64/ppc\ppc64 are OK by default.
 
+# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
+# marked as not requiring an executable stack.
+# Also add -DPURIFY to make using valgrind with openssl easier as we do not
+# want to depend on the uninitialized memory as a source of entropy anyway.
+RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DPURIFY $RPM_LD_FLAGS"
+
+export HASHBANGPERL=/usr/bin/perl
+
+perl -pi -e 's|/engines-|/%{name}/engines-|' ./Configurations/unix-Makefile.tmpl
+
+# ia64, x86_64, ppc are OK by default
 # Configure the build tree.  Override OpenSSL defaults with known-good defaults
 # usable on all platforms.  The Configure script already knows to use -fPIC and
 # RPM_OPT_FLAGS, so we can skip specifiying them here.
-./Configure  \
-	 --prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
-	 zlib-dynamic enable-camellia enable-seed enable-tlsext \
-	 enable-rfc3779 enable-cms enable-md2 \
-	 --enginesdir=%{_libdir}/openssl/engines \
-	 --with-krb5-flavor=MIT	--with-krb5-dir=/usr \
-	 shared ${sslarch}
+./Configure \
+	--prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
+	--system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \
+	zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
+	enable-cms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method \
+	enable-weak-ssl-ciphers \
+	no-mdc2 no-ec2m no-sm2 no-sm4 \
+	shared  ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\""'
+
+# Do not run this in a production package the FIPS symbols must be patched-in
+#util/mkdef.pl crypto update
+
+make all
+
+# Clean up the .pc files
+for i in libcrypto.pc libssl.pc openssl.pc ; do
+  sed -i '/^Libs.private:/{s/-L[^ ]* //;s/-Wl[^ ]* //}' $i
+done
 
-# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
-# marked as not requiring an executable stack.
-RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack"
-make depend
-make all build-shared
+%check
+# Verify that what was compiled actually works.
+
+# Hack - either enable SCTP AUTH chunks in kernel or disable sctp for check
+(sysctl net.sctp.addip_enable=1 && sysctl net.sctp.auth_enable=1) || \
+(echo 'Failed to enable SCTP AUTH chunks, disabling SCTP for tests...' &&
+ sed '/"zlib-dynamic" => "default",/a\ \ "sctp" => "default",' configdata.pm > configdata.pm.new && \
+ touch -r configdata.pm configdata.pm.new && \
+ mv -f configdata.pm.new configdata.pm)
+
+# We must revert patch31 before tests otherwise they will fail
+patch -p1 -R < %{PATCH31}
 
-# Generate hashes for the included certs.
 LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
 export LD_LIBRARY_PATH
-make rehash build-shared
+OPENSSL_ENABLE_MD5_VERIFY=
+export OPENSSL_ENABLE_MD5_VERIFY
+OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file
+export OPENSSL_SYSTEM_CIPHERS_OVERRIDE
+make test
 
-# Verify that what was compiled actually works.
-make -C test apps tests
+# Add generation of HMAC checksum of the final stripped library
+%define __spec_install_post \
+    %{?__debug_package:%{__debug_install_post}} \
+    %{__arch_install_post} \
+    %{__os_install_post} \
+%{nil}
 
-# Relink the main binary to get it dynamically linked.
-rm apps/openssl
-make all build-shared
+%define __provides_exclude_from %{_libdir}/openssl
 
 %install
 [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
 # Install OpenSSL.
-install -d $RPM_BUILD_ROOT/{%{_lib},%{_bindir},%{_includedir},%{_libdir},%{_mandir},%{_libdir}/openssl}
-make INSTALL_PREFIX=$RPM_BUILD_ROOT install build-shared
-install -m 755 *.so.* $RPM_BUILD_ROOT%{_libdir}
-# added for lib64
-# mv $RPM_BUILD_ROOT/usr/lib/engines $RPM_BUILD_ROOT%{_libdir}/openssl || :
-mv $RPM_BUILD_ROOT%{_libdir}/engines $RPM_BUILD_ROOT%{_libdir}/openssl
-# mv $RPM_BUILD_ROOT/usr/lib/* $RPM_BUILD_ROOT%{_libdir}/ || :
+install -d $RPM_BUILD_ROOT{/%{_lib},%{_bindir},%{_includedir},%{_libdir},%{_mandir},%{_libdir}/openssl,%{_pkgdocdir}}
+make DESTDIR=$RPM_BUILD_ROOT install
 mv $RPM_BUILD_ROOT%{_libdir}/lib*.so.%{soversion} $RPM_BUILD_ROOT/%{_lib}/
-mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man/* $RPM_BUILD_ROOT%{_mandir}
-rmdir $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man
 rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT/%{_lib}/*.so.%{soversion}
 for lib in $RPM_BUILD_ROOT/%{_lib}/*.so.%{version} ; do
 	chmod 755 ${lib}
-	ln -s -f ../../%{_lib}/`basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`
-        ln -s -f `basename ${lib}` $RPM_BUILD_ROOT/%{_lib}/`basename ${lib} .%{version}`.%{soversion}
+	ln -s -f ../../%{_lib}/`basename ${lib}` $RPM_BUILD_ROOT/%{_libdir}/`basename ${lib} .%{version}`
+	ln -s -f `basename ${lib}` $RPM_BUILD_ROOT/%{_lib}/`basename ${lib} .%{version}`.%{soversion}
 done
-# install -m644 -D %{SOURCE6} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/openssl.pc
 
 # Install a makefile for generating keys and self-signed certs, and a script
 # for generating them on the fly.
 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs
-install -m644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs/Makefile
-install -m755 %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs/make-dummy-cert
-install -m755 %{SOURCE7} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs/renew-dummy-cert
-
-# Make sure we actually include the headers we built against.
-for header in $RPM_BUILD_ROOT%{_includedir}/openssl/* ; do
-	if [ -f ${header} -a -f include/openssl/$(basename ${header}) ] ; then
-		install -m644 include/openssl/`basename ${header}` ${header}
+install -m644 %{SOURCE2} $RPM_BUILD_ROOT%{_pkgdocdir}/Makefile.certificate
+install -m755 %{SOURCE6} $RPM_BUILD_ROOT%{_bindir}/make-dummy-cert
+install -m755 %{SOURCE7} $RPM_BUILD_ROOT%{_bindir}/renew-dummy-cert
+
+# Move runable perl scripts to bindir
+mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc/*.pl $RPM_BUILD_ROOT%{_bindir}
+mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc/tsget $RPM_BUILD_ROOT%{_bindir}
+
+# Rename man pages so that they don't conflict with other system man pages.
+pushd $RPM_BUILD_ROOT%{_mandir}
+ln -s -f config.5 man5/openssl.cnf.5
+for manpage in man*/* ; do
+	if [ -L ${manpage} ]; then
+		TARGET=`ls -l ${manpage} | awk '{ print $NF }'`
+		ln -snf ${TARGET}ssl ${manpage}ssl
+		rm -f ${manpage}
+	else
+		mv ${manpage} ${manpage}ssl
 	fi
 done
-
-# Rename man pages so that they don't conflict with system man pages.  We used
-# to change the file extensions, but that only prevents file conflicts.  The
-# man viewer still can't select either of the two unless we physically change
-# the directory.
-for section in 1 2 3 4 5 6 7 8 ; do
-	if test -d $RPM_BUILD_ROOT%{_mandir}/man${section} ; then
-		mv $RPM_BUILD_ROOT%{_mandir}/man${section} \
-		   $RPM_BUILD_ROOT%{_mandir}/man${section}ssl
+for conflict in passwd rand ; do
+	rename ${conflict} ssl${conflict} man*/${conflict}*
+# Fix dangling symlinks
+	manpage=man1/openssl-${conflict}.*
+	if [ -L ${manpage} ] ; then
+		ln -snf ssl${conflict}.1ssl ${manpage}
 	fi
 done
-
-# Pick a CA script.
-pushd  $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc
-mv CA.sh CA
 popd
 
 mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA
@@ -243,54 +291,79 @@ mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/certs
 mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/crl
 mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/newcerts
 
-# Ensure the openssl.cnf timestamp is identical across builds to avoid
+# Ensure the config file timestamps are identical across builds to avoid
 # mulitlib conflicts and unnecessary renames on upgrade
 touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf
+touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf
+
+rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf.dist
+rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/ct_log_list.cnf.dist
+
+# Determine which arch opensslconf.h is going to try to #include.
+basearch=%{_arch}
+%ifarch %{ix86}
+basearch=i386
+%endif
+
+# Next step of gradual disablement of SSL3.
+# Make SSL3 disappear to newly built dependencies.
+sed -i '/^\#ifndef OPENSSL_NO_SSL_TRACE/i\
+#ifndef OPENSSL_NO_SSL3\
+# define OPENSSL_NO_SSL3\
+#endif' $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h
+
+%ifarch %{multilib_arches}
+# Do an opensslconf.h switcheroo to avoid file conflicts on systems where you
+# can have both a 32- and 64-bit version of the library, and they each need
+# their own correct-but-different versions of opensslconf.h to be usable.
+install -m644 %{SOURCE10} \
+	$RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf-${basearch}.h
+cat $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h >> \
+	$RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf-${basearch}.h
+install -m644 %{SOURCE9} \
+	$RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h
+%endif
+LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
+export LD_LIBRARY_PATH
+
 
 %clean
 [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
 
 %files 
 %defattr(-,root,root)
-%doc FAQ LICENSE CHANGES NEWS INSTALL README
-%doc doc/README doc/c-indentation.el doc/openssl.txt
-%doc doc/openssl_button.html doc/openssl_button.gif
-%doc doc/ssleay.txt
-
-%{_sysconfdir}/pki/tls/certs/make-dummy-cert
-%{_sysconfdir}/pki/tls/certs/renew-dummy-cert
-%{_sysconfdir}/pki/tls/certs/Makefile
-%{_sysconfdir}/pki/tls/misc/CA
-%dir %{_sysconfdir}/pki/CA
-%dir %{_sysconfdir}/pki/CA/private
-%dir %{_sysconfdir}/pki/CA/certs
-%dir %{_sysconfdir}/pki/CA/crl
-%dir %{_sysconfdir}/pki/CA/newcerts
-%{_sysconfdir}/pki/tls/misc/c_*
+%{!?_licensedir:%global license %%doc}
+%license LICENSE
+%doc FAQ NEWS README
+%{_pkgdocdir}/Makefile.certificate
 %dir %{_sysconfdir}/pki/tls
 %dir %{_sysconfdir}/pki/tls/certs
 %dir %{_sysconfdir}/pki/tls/misc
 %dir %{_sysconfdir}/pki/tls/private
 %config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
+%config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf
 
-%attr(0755,root,root) %{_bindir}/openssl
+%{_bindir}/make-dummy-cert
+%{_bindir}/renew-dummy-cert
+%{_bindir}/openssl
 %attr(0755,root,root) /%{_lib}/*.so.*
-%attr(0755,root,root) %{_libdir}/openssl/engines/*.so
-%attr(0755,root,root) %dir %{_mandir}/man1*
-%attr(0644,root,root) %{_mandir}/man1*/*
-%attr(0755,root,root) %dir %{_mandir}/man5*
-%attr(0644,root,root) %{_mandir}/man5*/*
-%attr(0755,root,root) %dir %{_mandir}/man7*
-%attr(0644,root,root) %{_mandir}/man7*/*
+/%{_lib}/*.so.%{soversion}
+%attr(0755,root,root) %{_libdir}/%{name}/engines-%{soversion}
+%dir %{_mandir}/man1*
+%{_mandir}/man1*/*
+%dir %{_mandir}/man5*
+%{_mandir}/man5*/*
+%dir %{_mandir}/man7*
+%{_mandir}/man7*/*
 
 %files devel
 %defattr(-,root,root)
 %{_prefix}/include/openssl
 %exclude %{_libdir}/lib*.a
 %attr(0755,root,root) %{_libdir}/*.so
-%attr(0755,root,root) %dir %{_mandir}/man3*
-%attr(0644,root,root) %{_mandir}/man3*/*
 %attr(0644,root,root) %{_libdir}/pkgconfig/*.pc
+%dir %{_mandir}/man3*
+%{_mandir}/man3*/*
 
 %files static
 %defattr(-,root,root)
@@ -298,12 +371,18 @@ touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf
 
 %files perl
 %defattr(-,root,root)
-%attr(0755,root,root) %{_bindir}/c_rehash
-%attr(0755,root,root) %dir %{_mandir}/man1*
-%attr(0644,root,root) %{_mandir}/man1*/*.pl*
-%{_sysconfdir}/pki/tls/misc/*.pl
-#%{_sysconfdir}/pki/tls/misc/tsget
-%doc apps/tsget
+%{_bindir}/c_rehash
+%{_bindir}/*.pl
+%{_bindir}/tsget
+%{_mandir}/man1*/*.pl*
+%{_mandir}/man1*/c_rehash*
+%{_mandir}/man1*/tsget*
+%{_mandir}/man1*/openssl-tsget*
+%dir %{_sysconfdir}/pki/CA
+%dir %{_sysconfdir}/pki/CA/private
+%dir %{_sysconfdir}/pki/CA/certs
+%dir %{_sysconfdir}/pki/CA/crl
+%dir %{_sysconfdir}/pki/CA/newcerts
 
 ## to build compat32 for x86_64 architecture support
 %if %{build_compat32}
@@ -327,6 +406,13 @@ touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf
 %postun -n compat32-%{name} -p /sbin/ldconfig
 
 %changelog
+* Thu Nov 01 2018 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.1.1-2
+- fixed symlinks.
+
+* Thu Nov 01 2018 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.1.1-1
+- new upstream release (newest LTS version).
+- imported fedora stuff (except FIPS).
+
 * Sun Apr  1 2018 IWAI, Masaharu <iwaim.sub@gmail.com> 1.0.2o-1
 - new upstream release with security fixes
 

o/openssl102/openssl102-vl.spec

@@ -0,0 +1,797 @@
+%bcond_with devel
+%define build_compat32 %{?_with_compat32:1}%{!?_with_compat32:0}
+%define soversion 10
+%define version 1.0.2p
+%define release 1%{_dist_release}
+
+Summary: Secure Sockets Layer Toolkit
+Name: openssl102
+Version: %{version}
+Release: %{release}
+Source: ftp://ftp.openssl.org/source/openssl-%{version}.tar.gz
+Source2: Makefile.certificate
+Source6: make-dummy-cert
+Source7: renew-dummy-cert
+
+# Patch0: openssl-1.0.2-soversion.patch
+# Patch2: openssl-1.0.1-rpm_opt.patch
+Patch0: openssl-1.0.2g-rpmbuild.patch
+Patch4: openssl-1.0.2g-enginesdir.patch
+Patch5: openssl-1.0.2a-version-add-engines.patch
+Patch8: openssl-1.0.1c-perlfind.patch
+
+# security fix
+# nothing ;-)
+
+License: BSDish
+Group: System Environment/Libraries
+URL: http://www.openssl.org/
+
+BuildRoot: %{_tmppath}/%{name}-%{version}-root
+BuildRequires: perl, sed
+BuildRequires: zlib-devel, krb5-devel
+
+Requires: mktemp
+Requires: ca-certificates
+%if %{with devel}
+Requires: openssl >= 1.1.1
+%endif
+
+Vendor: Project Vine
+Distribution: Vine Linux
+Packager: daisuke, iwamoto
+
+%define solibbase %(echo %version | sed 's/[[:alpha:]]//g')
+
+%description
+The OpenSSL certificate management tool and the shared libraries that
+provide various cryptographic algorithms and protocols.
+
+%if %{with devel}
+%package devel
+Summary: OpenSSL libraries and development headers.
+Group: Development/Libraries
+Requires: %{name} = %{version}-%{release}
+Requires: krb5-devel
+
+%description devel
+The static libraries and include files needed to compile apps
+with support for various the cryptographic algorithms and protocols
+supported by OpenSSL.
+
+Patches for many networking apps can be found at:
+ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps/
+
+%package static
+Summary:  Libraries for static linking of applications which will use OpenSSL
+Group: Development/Libraries
+Requires: %{name}-devel = %{version}-%{release}
+
+%description static
+OpenSSL is a toolkit for supporting cryptography. The openssl-static
+package contains static libraries needed for static linking of
+applications which support various cryptographic algorithms and
+protocols.
+
+%package perl
+Summary: OpenSSL scripts which require Perl.
+Group: Applications/Internet
+Requires: perl
+Requires: %{name} = %{version}-%{release}
+
+%description perl
+Perl scripts provided with OpenSSL for converting certificates and keys
+from other formats to those used by OpenSSL.
+%endif
+
+## to build compat32 for x86_64 architecture support
+%package -n compat32-%{name}
+Summary: Secure Sockets Layer Toolkit
+Group: System Environment/Libraries
+Requires: %{name} = %{version}-%{release}
+%description -n compat32-%{name}
+The OpenSSL certificate management tool and the shared libraries that
+provide various cryptographic algorithms and protocols.
+
+%if %{with devel}
+%package -n compat32-%{name}-devel
+Summary: OpenSSL libraries and development headers.
+Group: Development/Libraries
+Requires: compat32-%{name} = %{version}-%{release}
+Requires: compat32-krb5-devel
+%description -n compat32-%{name}-devel
+The static libraries and include files needed to compile apps
+with support for various the cryptographic algorithms and protocols
+supported by OpenSSL.
+
+%endif
+
+%prep
+%setup -q -n openssl-%{version}
+
+%patch0 -p1 -b .soversion
+%patch4 -p1 -b .enginesdir
+%patch5 -p1 -b .version-add-engines
+%patch8 -p1 -b .perlfind
+
+# security fix
+# nothing ;-)
+
+chmod 644 FAQ LICENSE CHANGES NEWS INSTALL README
+chmod 644 doc/README doc/c-indentation.el doc/openssl.txt
+# chmod 644 doc/openssl_button.html doc/openssl_button.gif
+chmod 644 doc/ssleay.txt
+
+%build 
+PATH=${PATH}:${PWD}/bin
+TOPDIR=${PWD}
+LD_LIBRARY_PATH=${TOPDIR}:${TOPDIR}/bin:${PATH} ; export LD_LIBRARY_PATH
+
+# Modify the various perl scripts to reference perl in the right location.
+perl util/perlpath.pl `dirname %{__perl}`
+
+# Generate a table with the compile settings for my perusal.
+touch Makefile
+make TABLE PERL=%{__perl}
+
+# Figure out which flags we want to use.
+# default
+sslarch=%{_os}-%{_target_cpu}
+#
+%ifarch %ix86
+sslarch=linux-elf
+if ! echo %{_target} | grep -q i686 ; then
+   sslflags="no-asm 386"
+fi
+%endif
+%ifarch sparcv9
+sslarch=linux-sparcv9
+sslflags=no-asm
+%endif
+%ifarch sparc64
+sslarch=linux64-sparcv9
+sslflags=no-asm
+%endif
+%ifarch alpha alphaev56 alphaev6 alphaev67
+sslarch=linux-alpha-gcc
+%endif
+%ifarch s390 sh3eb sh4eb
+sslarch="linux-generic32 -DB_ENDIAN"
+%endif
+%ifarch s390x
+sslarch="linux64-s390x"
+%endif
+%ifarch %{arm} sh3 sh4
+sslarch=linux-generic32
+%endif
+# ia64/x86_64/ppc\ppc64 are OK by default.
+
+# Configure the build tree.  Override OpenSSL defaults with known-good defaults
+# usable on all platforms.  The Configure script already knows to use -fPIC and
+# RPM_OPT_FLAGS, so we can skip specifiying them here.
+./Configure  \
+	 --prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
+	 zlib-dynamic enable-camellia enable-seed enable-tlsext \
+	 enable-rfc3779 enable-cms enable-md2 \
+	 --enginesdir=%{_libdir}/%{name}/engines \
+	 --with-krb5-flavor=MIT	--with-krb5-dir=/usr \
+	 shared ${sslarch}
+
+# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
+# marked as not requiring an executable stack.
+RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack"
+make depend
+make all build-shared
+
+# Generate hashes for the included certs.
+LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
+export LD_LIBRARY_PATH
+make rehash build-shared
+
+# Verify that what was compiled actually works.
+make -C test apps tests
+
+# Relink the main binary to get it dynamically linked.
+rm apps/openssl
+make all build-shared
+
+%install
+[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
+# Install OpenSSL.
+install -d $RPM_BUILD_ROOT/{%{_lib},%{_bindir},%{_includedir},%{_libdir},%{_mandir},%{_libdir}/%{name}}
+make INSTALL_PREFIX=$RPM_BUILD_ROOT install build-shared
+install -m 755 *.so.* $RPM_BUILD_ROOT%{_libdir}
+# added for lib64
+# mv $RPM_BUILD_ROOT/usr/lib/engines $RPM_BUILD_ROOT%{_libdir}/openssl || :
+mv $RPM_BUILD_ROOT%{_libdir}/engines $RPM_BUILD_ROOT%{_libdir}/%{name}
+# mv $RPM_BUILD_ROOT/usr/lib/* $RPM_BUILD_ROOT%{_libdir}/ || :
+mv $RPM_BUILD_ROOT%{_libdir}/lib*.so.%{soversion} $RPM_BUILD_ROOT/%{_lib}/
+mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man/* $RPM_BUILD_ROOT%{_mandir}
+rmdir $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/man
+rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT/%{_lib}/*.so.%{soversion}
+for lib in $RPM_BUILD_ROOT/%{_lib}/*.so.%{version} ; do
+	chmod 755 ${lib}
+	ln -s -f ../../%{_lib}/`basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`
+        ln -s -f `basename ${lib}` $RPM_BUILD_ROOT/%{_lib}/`basename ${lib} .%{version}`.%{soversion}
+done
+# install -m644 -D %{SOURCE6} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/openssl.pc
+
+# Install a makefile for generating keys and self-signed certs, and a script
+# for generating them on the fly.
+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs
+install -m644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs/Makefile
+install -m755 %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs/make-dummy-cert
+install -m755 %{SOURCE7} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs/renew-dummy-cert
+
+# Make sure we actually include the headers we built against.
+for header in $RPM_BUILD_ROOT%{_includedir}/openssl/* ; do
+	if [ -f ${header} -a -f include/openssl/$(basename ${header}) ] ; then
+		install -m644 include/openssl/`basename ${header}` ${header}
+	fi
+done
+
+# Rename man pages so that they don't conflict with system man pages.  We used
+# to change the file extensions, but that only prevents file conflicts.  The
+# man viewer still can't select either of the two unless we physically change
+# the directory.
+for section in 1 2 3 4 5 6 7 8 ; do
+	if test -d $RPM_BUILD_ROOT%{_mandir}/man${section} ; then
+		mv $RPM_BUILD_ROOT%{_mandir}/man${section} \
+		   $RPM_BUILD_ROOT%{_mandir}/man${section}ssl
+	fi
+done
+
+# Pick a CA script.
+pushd  $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc
+mv CA.sh CA
+popd
+
+mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA
+mkdir -m700 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/private
+mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/certs
+mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/crl
+mkdir -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/newcerts
+
+# Ensure the openssl.cnf timestamp is identical across builds to avoid
+# mulitlib conflicts and unnecessary renames on upgrade
+touch -r %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf
+
+%clean
+[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
+
+%files 
+%defattr(-,root,root)
+%doc FAQ LICENSE CHANGES NEWS INSTALL README
+%doc doc/README doc/c-indentation.el doc/openssl.txt
+%doc doc/openssl_button.html doc/openssl_button.gif
+%doc doc/ssleay.txt
+
+%if %{with devel}
+%{_sysconfdir}/pki/tls/certs/make-dummy-cert
+%{_sysconfdir}/pki/tls/certs/renew-dummy-cert
+%{_sysconfdir}/pki/tls/certs/Makefile
+%{_sysconfdir}/pki/tls/misc/CA
+%dir %{_sysconfdir}/pki/CA
+%dir %{_sysconfdir}/pki/CA/private
+%dir %{_sysconfdir}/pki/CA/certs
+%dir %{_sysconfdir}/pki/CA/crl
+%dir %{_sysconfdir}/pki/CA/newcerts
+%{_sysconfdir}/pki/tls/misc/c_*
+%dir %{_sysconfdir}/pki/tls
+%dir %{_sysconfdir}/pki/tls/certs
+%dir %{_sysconfdir}/pki/tls/misc
+%dir %{_sysconfdir}/pki/tls/private
+%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
+
+%attr(0755,root,root) %{_bindir}/openssl
+%endif
+%attr(0755,root,root) /%{_lib}/*.so.*
+%attr(0755,root,root) %{_libdir}/%{name}/engines/*.so
+%if %{with devel}
+%attr(0755,root,root) %dir %{_mandir}/man1*
+%attr(0644,root,root) %{_mandir}/man1*/*
+%attr(0755,root,root) %dir %{_mandir}/man5*
+%attr(0644,root,root) %{_mandir}/man5*/*
+%attr(0755,root,root) %dir %{_mandir}/man7*
+%attr(0644,root,root) %{_mandir}/man7*/*
+%endif
+
+%if %{with devel}
+%files devel
+%defattr(-,root,root)
+%{_prefix}/include/openssl
+%exclude %{_libdir}/lib*.a
+%attr(0755,root,root) %{_libdir}/*.so
+%attr(0755,root,root) %dir %{_mandir}/man3*
+%attr(0644,root,root) %{_mandir}/man3*/*
+%attr(0644,root,root) %{_libdir}/pkgconfig/*.pc
+
+%files static
+%defattr(-,root,root)
+%attr(0644,root,root) %{_libdir}/*.a
+
+%files perl
+%defattr(-,root,root)
+%attr(0755,root,root) %{_bindir}/c_rehash
+%attr(0755,root,root) %dir %{_mandir}/man1*
+%attr(0644,root,root) %{_mandir}/man1*/*.pl*
+%{_sysconfdir}/pki/tls/misc/*.pl
+#%{_sysconfdir}/pki/tls/misc/tsget
+%doc apps/tsget
+%endif
+
+## to build compat32 for x86_64 architecture support
+%if %{build_compat32}
+%files -n compat32-%{name}
+%defattr(-,root,root)
+%attr(0755,root,root) /%{_lib}/*.so.*
+
+%if %{with devel}
+%files -n compat32-%{name}-devel
+%defattr(-,root,root)
+%exclude %{_libdir}/lib*.a
+%attr(0755,root,root) %{_libdir}/*.so
+%attr(0644,root,root) %{_libdir}/pkgconfig/*.pc
+%endif
+%endif
+
+%post -p /sbin/ldconfig
+
+%postun -p /sbin/ldconfig
+
+%post -n compat32-%{name} -p /sbin/ldconfig
+
+%postun -n compat32-%{name} -p /sbin/ldconfig
+
+%changelog
+* Wed Oct 31 2018 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.0.2p-1
+- new upstream release.
+- renamed for compatibility.
+
+* Sun Apr  1 2018 IWAI, Masaharu <iwaim.sub@gmail.com> 1.0.2o-1
+- new upstream release with security fixes
+
+* Sun Jan 21 2018 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.2n-1
+- new upstream release with security fixes 
+
+* Wed Nov 15 2017 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.2m-1
+- new upstream release with security fixes 
+
+* Sun Jan 29 2017 IWAI, Masaharu <iwaim.sub@gmail.com> 1.0.2k-1
+- new upstream release with security fixes
+
+* Thu May  5 2016 IWAI, Masaharu <iwaim.sub@gmail.com> 1.0.2h-1
+- new upstream release with security fixes
+
+* Wed Mar  9 2016 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.2g-1
+- new upstream release 1.0.2 with security fixes
+- Patch2 is merged into Patch0
+
+* Mon Dec 28 2015 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.1q-1
+- new upstream release with security fixes 
+
+* Fri Jul 10 2015 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.1p-1
+- new upstream release with security fixes
+
+* Wed Jul  1 2015 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.1o-1
+- new upstream release
+
+* Sun Apr 12 2015 Yoji TOYODA <bsyamato@sea.plala.or.jp> 1.0.1m-1
+- merged into Vine6
+  * Fri Mar 20 2015 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.1m-1
+  - new upstream release with security fixes  
+  - update Patch2,5
+
+* Mon Jan 12 2015 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.1k-1
+- new upstream release with security fixes  
+
+* Mon Oct 20 2014 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.1j-1
+- new upstream release with security fixes 
+- add patch8 from fc21 (fix perl find.pl)
+
+* Fri Jun 6 2014 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.0.1h-1
+- new upstream release with security fixes.
+
+* Tue Apr  8 2014 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.1g-1
+- new upstream release with security fixes 
+
+* Thu Jan  9 2014 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.1f-1
+- new upstream release with security fixes
+
+* Tue Sep 24 2013 Daisuke SUZUKI <daisuke@linux.or.jp> 1.0.1e-2
+- move root CA bundle to ca-certificates package
+
+* Tue Feb 12 2013 Daisuke SUZUKI <daisuke@linux.or.jp> 1.0.1e-1
+- update to 1.0.1e
+  - 1.0.1d has major regressions from 1.0.1c
+
+* Sat Feb  9 2013 IWAI, Masaharu <iwai@alib.jp> 1.0.1d-2
+- remove tsget script to delete dependency perl(WWW::Curl::Easy)
+ - openssl-perl package contains it in docdir
+
+* Fri Feb 08 2013 Toshiharu Kudoh <toshi.kd2@gmail.com> 1.0.1d-1
+- new upstream release with security fix (CVE-2012-2686, CVE-2013-0166, 0169)
+- fixed %%files
+
+* Tue May 29 2012 Daisuke SUZUKI <daisuke@linux.or.jp> 1.0.1c-1
+- update to 1.0.1c
+- enable configure options:
+  enable-camellia enable-seed enable-tlsext enable-rfc3779
+  enable-cms enable-md2
+- remove no-asm option from ai64/x86_64/ppc/ppc64/i686
+- generate a table with the compile settings before configure
+
+* Fri Jan 20 2012 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.0g-1
+- new upstream release with security fix (CVE-2012-0050)
+
+* Fri Jan  6 2012 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.0f-1
+- new upstream release with security fix 
+  (CVE-2011-4108,09, CVE-2011-4576,77, CVE-2011-4619, CVE-2012-0027) 
+
+* Wed Sep  7 2011 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.0e-1
+- new upstream release with security fix (CVE-2011-3207, 3210)
+
+* Sun Mar 20 2011 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.0d-2
+- rebuild with krb5-libs 1.8
+
+* Fri Feb 11 2011 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.0d-1
+- new upstream release with security fix
+
+* Sat Jan 15 2011 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.0c-4
+- use upstream openssl.pc instead of vine original one (SOURCE6)
+
+* Sun Jan  9 2011 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.0c-3
+- move tsget to docs to delete dependency perl(WWW::Curl::Easy)
+
+* Sat Jan  1 2011 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.0c-2
+- add R: krb5-devel into devel pkg
+- add R: compat32-krb5-devel into compat32-devel pkg
+
+* Fri Dec 31 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.0.0c-1
+- new upstream release 1.0.0x
+- separate static libs into static package
+- change configure options
+- change so version 10
+- add tsget into perl package
+- update all patches
+
+* Thu Dec 30 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.9.8q-2
+- fix changelog typo...
+
+* Tue Dec  7 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.9.8q-1
+- new upstream release with security fix (CVE-2010-4180) 
+
+* Wed Nov 17 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.9.8p-1
+- new upstream release with security fix (CVE-2010-3864)
+- drop patches included in new release
+- update patch4
+
+* Sun Jan 17 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.9.8k-5
+- add patch12 for fix CVE-2009-3555 (renegotiation)
+
+* Fri Jan 15 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.9.8k-4
+- add patch11 for fix CVE-2009-4355 (memory leak)
+
+* Tue Jun 23 2009 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.9.8k-3
+- add patch10 to fix CVE-2009-1377, 78, 79 (from fc11)
+
+* Mon Jun 22 2009 NAKAMURA Kenta <kenta@vinelinux.org> 0.9.8k-2
+- removed unnecessary %%if %{build_compat32} statements
+- removed lib*.a from devel package
+
+* Mon Mar 30 2009 Satosh IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.9.8k-1
+- new upstream release with security fix (CVE-2000-0590,0591,0789)
+
+* Sun Jan 11 2009 Satosh IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.9.8j-1
+- new upstream release with security fix (CVE-2008-5077)
+
+* Sat Sep 20 2008 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.8i-1
+- new upstream release
+
+* Sat Jul 12 2008 Satosh IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.9.8h-1
+- new upstream release
+- new versioning policy
+
+* Sat Oct 27 2007 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.8g-0vl1
+- new upstream release
+- drop patch10,20 which is merged in upstream
+
+* Fri Sep 28 2007 MATSUBAYASHI Kohji <shaolin@vinelinux.org> 0.9.8e-0vl3
+- add security patch in advance for CVE-2007-5135
+  http://www.securityfocus.com/archive/1/archive/1/480855/100/0/threaded
+  http://marc.info/?l=openssl-cvs&m=119020417919619&w=2
+
+* Fri Aug 10 2007 MATSUBAYASHI Kohji <shaolin@vinelinux.org> 0.9.8e-0vl2
+- add security patch for CVE-2007-3108
+  (http://openssl.org/news/patch-CVE-2007-3108.txt)
+
+* Tue May 15 2007 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.8e-0vl1
+- new upstream release
+
+* Sun Dec 24 2006 Satosh IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.9.7l-0vl2
+- update (fix) openssl.pc <BTS:437>
+
+* Fri Sep 29 2006 Satosh IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.9.7l-0vl1
+- new upstream release (with security fix)
+
+* Mon Sep 11 2006 Satosh IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 0.9.7k-0vl1
+- new upstream release
+- add patch2 to use RPM_OPT macro
+
+* Mon Feb 06 2006 Shu KONNO <owa@bg.wakwak.com> 0.9.7i-0vl3
+- moved macros _lib to /usr/lib/rpm/rpmrc or macros files
+
+* Fri Feb 03 2006 Shu KONNO <owa@bg.wakwak.com> 0.9.7i-0vl2
+- added compat32-* packages for x86_64 architecture support
+- added openssl-0.9.7i.Configure-compat32.patch
+- changed '/lib' to '/%{_lib}'
+
+* Mon Oct 17 2005 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.7i-0vl1
+- new upstream release
+
+* Mon Jan 31 2005 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.7d-0vl4
+- rebuild on VineSeed
+
+* Sun Jan 09 2005 IKEDA Katsumi <ikeda@webmasters.gr.jp> 0.9.7d-0vl3.1
+- added a security patch from Gentoo.
+  - Patch1: openssl-0.9.7c-tempfile.patch
+
+* Sun Mar 28 2004 MATSUBAYASHI Kohji <shaolin@vinelinux.org> 0.9.7d-0vl3
+- sslarch for ppc was missing... added.
+
+* Fri Mar 26 2004 Tomoya TAKA <taka@vinelinux.org> 0.9.7d-0vl2
+- use sslarch=linux-alpha-gcc instead of alpha-gcc
+
+* Mon Mar 22 2004 Satoshi MACHINO <machino@vinelinux.org> 0.9.7d-0vl1
+- new upstream version
+- clean up of spec file
+	-- removed old patches
+
+* Sat Mar 20 2004 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6m-0vl1
+- new upstream release
+- SECURITY fix.
+  - http://www.openssl.org/news/secadv_20040317.txt
+
+* Wed Oct  1 2003 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6k-0vl1
+- new upstream release
+- [Security fix]
+  - Vulnerabilities in ASN.1 parsing
+    http://www.openssl.org/news/secadv_20030930.txt
+- see %{_docdir}/%{name}-%{version}/CHANGES for other changes
+
+* Wed Jun 04 2003 HOTTA Michihide <hotta@net-newbie.com> 0.9.6j-0vl2
+- add openssl.pc for pkgconfig
+
+* Tue Mar 11 2003 Satoshi MACHINO <machino@vinelinux.org> 0.9.6j-0vl1
+- New upstream version
+- dropped patch10, 11
+	-- merged upstream version
+
+* Sun Feb 23 2003 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6i-0vl1
+- rebuild for VineSeed
+
+* Sun Feb 23 2003 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6i-0vl0.26.1
+- [Security Fix]
+  - Timing-based attacks on RSA keys
+    http://www.openssl.org/news/secadv_20030317.txt
+  - Klima-Pokorny0Rosa attack on RSA in SSL/TLS
+    http://www.openssl.org/news/secadv_20030317.txt
+
+* Sun Feb 23 2003 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6i-0vl0.26
+- new upstream release 0.9.6i
+- [Security Fix]
+- build for Vine Linux 2.6 errata
+
+* Mon Nov 18 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6h-0vl1
+- new upstream release 0.9.6h
+
+* Mon Nov 18 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6g-0vl1
+- new upstream release 0.9.6g
+
+* Mon Oct 28 2002 IWAI Masaharu <iwai@alib.jp> 0.9.6b-1vl6
+- SECURITY: CAN-2002-0659 fixed
+  - added Patch101 from RedHat 7.2 updates 0.9.6b-28
+    * Fri Aug 02 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-28
+    - update asn patch to fix accidental reversal of a logic check
+    * Thu Aug 01 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-27
+    - update asn patch to reduce chance that compiler optimization will remove
+      one of the added tests
+    * Thu Aug 01 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-26
+    - rebuild
+    * Tue Jul 30 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-25
+    - add patch to fix ASN.1 vulnerabilities
+
+* Wed Jul 31 2002 IWAI Masaharu <iwai@alib.jp> 0.9.6b-1vl5
+- rename spec file name
+- SECURITY: CA-2002-23 fixed
+  - added Patch100 from RedHat 7.2 updates 0.9.6b-24
+    * Thu Jul 25 2002 Nalin Dahyabhai <nalin@redhat.com> 0.9.6b-24
+    - add backport of Ben Laurie's patches for OpenSSL 0.9.6d
+
+* Mon Sep 10 2001 Satoshi MACHINO <machino@vinelinux.org> 0.9.6b-1vl4
+- added ${PATH} in LD_LIBRARY_PATH
+- added install -m 755 *.so.* $RPM_BUILD_ROOT%{_libdir} in %install
+ 
+* Sun Jul 15 2001 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6b-1vl3
+- remove --no-<cipher>
+
+* Sun Jul 15 2001 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6b-1vl2
+- add Patch10 for mipsel shared ( Configure )
+
+* Sat Jul 14 2001 Daisuke SUZUKI <daisuke@linux.or.jp> 0.9.6b-1vl1
+- build for Vine Linux
+- use openssl-engine-0.9.6b.tar.gz
+
+* Wed Jul 11 2001 Nalin Dahyabhai <nalin@redhat.com>
+- update to 0.9.6b
+
+* Thu Jul  5 2001 Nalin Dahyabhai <nalin@redhat.com>
+- move .so symlinks back to %%{_libdir}
+
+* Tue Jul  3 2001 Nalin Dahyabhai <nalin@redhat.com>
+- move shared libraries to /lib (#38410)
+
+* Mon Jun 25 2001 Nalin Dahyabhai <nalin@redhat.com>
+- switch to engine code base
+
+* Mon Jun 18 2001 Nalin Dahyabhai <nalin@redhat.com>
+- add a script for creating dummy certificates
+- move man pages from %%{_mandir}/man?/foo.?ssl to %%{_mandir}/man?ssl/foo.?
+
+* Thu Jun 07 2001 Florian La Roche <Florian.LaRoche@redhat.de>
+- add s390x support
+
+* Fri Jun  1 2001 Nalin Dahyabhai <nalin@redhat.com>
+- change two memcpy() calls to memmove()
+- don't define L_ENDIAN on alpha
+
+* Tue May 15 2001 Nalin Dahyabhai <nalin@redhat.com>
+- make subpackages depend on the main package
+
+* Tue May  1 2001 Nalin Dahyabhai <nalin@redhat.com>
+- adjust the hobble script to not disturb symlinks in include/ (fix from
+  Joe Orton)
+
+* Thu Apr 26 2001 Nalin Dahyabhai <nalin@redhat.com>
+- drop the m2crypo patch we weren't using
+
+* Tue Apr 24 2001 Nalin Dahyabhai <nalin@redhat.com>
+- configure using "shared" as well
+
+* Sun Apr  8 2001 Nalin Dahyabhai <nalin@redhat.com>
+- update to 0.9.6a
+- use the build-shared target to build shared libraries
+- bump the soversion to 2 because we're no longer compatible with
+  our 0.9.5a packages or our 0.9.6 packages
+- drop the patch for making rsatest a no-op when rsa null support is used
+- put all man pages into <section>ssl instead of <section>
+- break the m2crypto modules into a separate package
+
+* Tue Mar 13 2001 Nalin Dahyabhai <nalin@redhat.com>
+- use BN_LLONG on s390
+
+* Mon Mar 12 2001 Nalin Dahyabhai <nalin@redhat.com>
+- fix the s390 changes for 0.9.6 (isn't supposed to be marked as 64-bit)
+
+* Sat Mar  3 2001 Nalin Dahyabhai <nalin@redhat.com>
+- move c_rehash to the perl subpackage, because it's a perl script now
+
+* Fri Mar  2 2001 Nalin Dahyabhai <nalin@redhat.com>
+- update to 0.9.6
+- enable MD2
+- use the libcrypto.so and libssl.so targets to build shared libs with
+- bump the soversion to 1 because we're no longer compatible with any of
+  the various 0.9.5a packages circulating around, which provide lib*.so.0
+
+* Wed Feb 28 2001 Florian La Roche <Florian.LaRoche@redhat.de>
+- change hobble-openssl for disabling MD2 again
+
+* Tue Feb 27 2001 Nalin Dahyabhai <nalin@redhat.com>
+- re-disable MD2 -- the EVP_MD_CTX structure would grow from 100 to 152
+  bytes or so, causing EVP_DigestInit() to zero out stack variables in
+  apps built against a version of the library without it
+
+* Mon Feb 26 2001 Nalin Dahyabhai <nalin@redhat.com>
+- disable some inline assembly, which on x86 is Pentium-specific
+- re-enable MD2 (see http://www.ietf.org/ietf/IPR/RSA-MD-all)
+
+* Thu Feb 08 2001 Florian La Roche <Florian.LaRoche@redhat.de>
+- fix s390 patch
+
+* Fri Dec 8 2000 Than Ngo <than@redhat.com>
+- added support s390
+
+* Mon Nov 20 2000 Nalin Dahyabhai <nalin@redhat.com>
+- remove -Wa,* and -m* compiler flags from the default Configure file (#20656)
+- add the CA.pl man page to the perl subpackage
+
+* Thu Nov  2 2000 Nalin Dahyabhai <nalin@redhat.com>
+- always build with -mcpu=ev5 on alpha
+
+* Tue Oct 31 2000 Nalin Dahyabhai <nalin@redhat.com>
+- add a symlink from cert.pem to ca-bundle.crt
+
+* Wed Oct 25 2000 Nalin Dahyabhai <nalin@redhat.com>
+- add a ca-bundle file for packages like Samba to reference for CA certificates
+
+* Tue Oct 24 2000 Nalin Dahyabhai <nalin@redhat.com>
+- remove libcrypto's crypt(), which doesn't handle md5crypt (#19295)
+
+* Mon Oct  2 2000 Nalin Dahyabhai <nalin@redhat.com>
+- add unzip as a buildprereq (#17662)
+- update m2crypto to 0.05-snap4
+
+* Tue Sep 26 2000 Bill Nottingham <notting@redhat.com>
+- fix some issues in building when it's not installed
+
+* Wed Sep  6 2000 Nalin Dahyabhai <nalin@redhat.com>
+- make sure the headers we include are the ones we built with (aaaaarrgh!)
+
+* Fri Sep  1 2000 Nalin Dahyabhai <nalin@redhat.com>
+- add Richard Henderson's patch for BN on ia64
+- clean up the changelog
+
+* Tue Aug 29 2000 Nalin Dahyabhai <nalin@redhat.com>
+- fix the building of python modules without openssl-devel already installed
+
+* Wed Aug 23 2000 Nalin Dahyabhai <nalin@redhat.com>
+- byte-compile python extensions without the build-root
+- adjust the makefile to not remove temporary files (like .key files when
+  building .csr files) by marking them as .PRECIOUS
+
+* Sat Aug 19 2000 Nalin Dahyabhai <nalin@redhat.com>
+- break out python extensions into a subpackage
+
+* Mon Jul 17 2000 Nalin Dahyabhai <nalin@redhat.com>
+- tweak the makefile some more
+
+* Tue Jul 11 2000 Nalin Dahyabhai <nalin@redhat.com>
+- disable MD2 support
+
+* Thu Jul  6 2000 Nalin Dahyabhai <nalin@redhat.com>
+- disable MDC2 support
+
+* Sun Jul  2 2000 Nalin Dahyabhai <nalin@redhat.com>
+- tweak the disabling of RC5, IDEA support
+- tweak the makefile
+
+* Thu Jun 29 2000 Nalin Dahyabhai <nalin@redhat.com>
+- strip binaries and libraries
+- rework certificate makefile to have the right parts for Apache
+
+* Wed Jun 28 2000 Nalin Dahyabhai <nalin@redhat.com>
+- use %%{_perl} instead of /usr/bin/perl
+- disable alpha until it passes its own test suite
+
+* Fri Jun  9 2000 Nalin Dahyabhai <nalin@redhat.com>
+- move the passwd.1 man page out of the passwd package's way
+
+* Fri Jun  2 2000 Nalin Dahyabhai <nalin@redhat.com>
+- update to 0.9.5a, modified for U.S.
+- add perl as a build-time requirement
+- move certificate makefile to another package
+- disable RC5, IDEA, RSA support
+- remove optimizations for now
+
+* Wed Mar  1 2000 Florian La Roche <Florian.LaRoche@redhat.de>
+- Bero told me to move the Makefile into this package
+
+* Wed Mar  1 2000 Florian La Roche <Florian.LaRoche@redhat.de>
+- add lib*.so symlinks to link dynamically against shared libs
+
+* Tue Feb 29 2000 Florian La Roche <Florian.LaRoche@redhat.de>
+- update to 0.9.5
+- run ldconfig directly in post/postun
+- add FAQ
+
+* Sat Dec 18 1999 Bernhard Rosenkrdnzer <bero@redhat.de>
+- Fix build on non-x86 platforms
+
+* Fri Nov 12 1999 Bernhard Rosenkrdnzer <bero@redhat.de>
+- move /usr/share/ssl/* from -devel to main package
+
+* Tue Oct 26 1999 Bernhard Rosenkrdnzer <bero@redhat.de>
+- inital packaging
+- changes from base:
+  - Move /usr/local/ssl to /usr/share/ssl for FHS compliance
+  - handle RPM_OPT_FLAGS