|
|
@@ -1,7 +1,7 @@
|
|
|
%define build_compat32 %{?_with_compat32:1}%{!?_with_compat32:0}
|
|
|
%{!?_pkgdocdir:%define _pkgdocdir %{_docdir}}
|
|
|
-%define version 1.1.1
|
|
|
-%define release 2%{_dist_release}
|
|
|
+%define version 1.1.1a
|
|
|
+%define release 1%{_dist_release}
|
|
|
# 1.0.0 soversion = 10
|
|
|
# 1.1.0 soversion = 1.1 (same as upstream although presence of some symbols
|
|
|
# depends on build configuration options)
|
|
|
@@ -36,7 +36,7 @@ Patch21: openssl-1.1.0-issuer-hash.patch
|
|
|
Patch31: openssl-1.1.1-conf-paths.patch
|
|
|
Patch32: openssl-1.1.1-version-add-engines.patch
|
|
|
Patch33: openssl-1.1.0-apps-dgst.patch
|
|
|
-Patch36: openssl-1.1.1-secure-getenv.patch
|
|
|
+#Patch36: openssl-1.1.1-secure-getenv.patch
|
|
|
Patch37: openssl-1.1.1-ec-curves.patch
|
|
|
Patch38: openssl-1.1.0-no-weak-verify.patch
|
|
|
Patch40: openssl-1.1.1-disable-ssl3.patch
|
|
|
@@ -45,7 +45,7 @@ Patch41: openssl-1.1.1-system-cipherlist.patch
|
|
|
Patch43: openssl-1.1.1-ignore-bound.patch
|
|
|
#Patch44: openssl-1.1.1-version-override.patch
|
|
|
Patch45: openssl-1.1.1-weak-ciphers.patch
|
|
|
-Patch46: openssl-1.1.1-seclevel.patch
|
|
|
+#Patch46: openssl-1.1.1-seclevel.patch
|
|
|
|
|
|
# security fix
|
|
|
# nothing ;-)
|
|
|
@@ -147,7 +147,7 @@ cp %{SOURCE13} test/
|
|
|
%patch31 -p1 -b .conf-paths
|
|
|
%patch32 -p1 -b .version-add-engines
|
|
|
%patch33 -p1 -b .dgst
|
|
|
-%patch36 -p1 -b .secure-getenv
|
|
|
+#%patch36 -p1 -b .secure-getenv
|
|
|
%patch37 -p1 -b .curves
|
|
|
%patch38 -p1 -b .no-weak-verify
|
|
|
%patch40 -p1 -b .disable-ssl3
|
|
|
@@ -156,7 +156,7 @@ cp %{SOURCE13} test/
|
|
|
%patch43 -p1 -b .ignore-bound
|
|
|
#patch44 -p1 -b .version-override
|
|
|
%patch45 -p1 -b .weak-ciphers
|
|
|
-%patch46 -p1 -b .seclevel
|
|
|
+#%patch46 -p1 -b .seclevel
|
|
|
|
|
|
# security fix
|
|
|
# nothing ;-)
|
|
|
@@ -222,6 +222,10 @@ done
|
|
|
# We must revert patch31 before tests otherwise they will fail
|
|
|
patch -p1 -R < %{PATCH31}
|
|
|
|
|
|
+# drop a recipe includes tests for brainpool curves (not supported by openssl-hobbled).
|
|
|
+rm -f test/recipes/80-test_ssl_new.t
|
|
|
+
|
|
|
+
|
|
|
LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
|
|
|
export LD_LIBRARY_PATH
|
|
|
OPENSSL_ENABLE_MD5_VERIFY=
|
|
|
@@ -230,6 +234,7 @@ OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file
|
|
|
export OPENSSL_SYSTEM_CIPHERS_OVERRIDE
|
|
|
make test
|
|
|
|
|
|
+
|
|
|
# Add generation of HMAC checksum of the final stripped library
|
|
|
%define __spec_install_post \
|
|
|
%{?__debug_package:%{__debug_install_post}} \
|
|
|
@@ -406,6 +411,11 @@ export LD_LIBRARY_PATH
|
|
|
%postun -n compat32-%{name} -p /sbin/ldconfig
|
|
|
|
|
|
%changelog
|
|
|
+* Sat Dec 08 2018 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.1.1a-1
|
|
|
+- new upstream release.
|
|
|
+- updated Patch2.
|
|
|
+- dropped Patch36 and 46: fixed in upstream.
|
|
|
+
|
|
|
* Thu Nov 01 2018 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.1.1-2
|
|
|
- fixed symlinks.
|
|
|
|
tomop