Projects
openEuler:24.03:SP1:Everything
compat-openssl11
_service:tar_scm:compat-openssl11.spec
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:compat-openssl11.spec of Package compat-openssl11
%define soversion 1.1 Name: compat-openssl11 Version: 1.1.1m Release: 11 Epoch: 1 Summary: Cryptography and SSL/TLS Toolkit License: OpenSSL and SSLeay URL: https://www.openssl.org/ Source0: https://www.openssl.org/source/openssl-%{version}.tar.gz Source1: Makefile.certificate Patch1: openssl-1.1.1-build.patch Patch2: openssl-1.1.1-fips.patch Patch3: CVE-2022-0778-Add-a-negative-testcase-for-BN_mod_sqrt.patch Patch4: CVE-2022-0778-Fix-possible-infinite-loop-in-BN_mod_sqrt.patch Patch5: CVE-2022-1292.patch Patch6: Backport-Support-raw-input-data-in-apps-pkeyutl.patch Patch7: Backport-Fix-no-ec-no-sm2-and-no-sm3.patch Patch8: Backport-Support-SM2-certificate-verification.patch Patch9: Backport-Guard-some-SM2-functions-with-OPENSSL_NO_SM2.patch Patch10: Backport-Add-test-cases-for-SM2-cert-verification.patch Patch11: Backport-Add-documents-for-SM2-cert-verification.patch Patch12: Backport-Fix-a-memleak-in-apps-verify.patch Patch13: Backport-Skip-the-correct-number-of-tests-if-SM2-is-disabled.patch Patch14: Backport-Make-X509_set_sm2_id-consistent-with-other-setters.patch Patch15: Backport-Support-SM2-certificate-signing.patch Patch16: Backport-Support-parsing-of-SM2-ID-in-hexdecimal.patch Patch17: Backport-Fix-a-double-free-issue-when-signing-SM2-cert.patch Patch18: Backport-Fix-a-document-description-in-apps-req.patch Patch19: Backport-Update-expired-SCT-certificates.patch Patch20: Backport-ct_test.c-Update-the-epoch-time.patch Patch21: Feature-Support-TLCP-protocol.patch Patch22: Feature-X509-command-supports-SM2-certificate-signing-with-default-sm2id.patch Patch23: CVE-2022-2068-Fix-file-operations-in-c_rehash.patch Patch24: CVE-2022-2097-Fix-AES-OCB-encrypt-decrypt-for-x86-AES-NI.patch Patch25: Feature-add-ARMv8-implementations-of-SM4-in-ECB-and-XTS.patch Patch26: Fix-reported-performance-degradation-on-aarch64.patch Patch27: Feature-PKCS7-sign-and-verify-support-SM2-algorithm.patch Patch28: Backport-SM3-acceleration-with-SM3-hardware-instruction-on-aa.patch Patch29: Backport-SM4-optimization-for-ARM-by-HW-instruction.patch Patch30: Feature-SM4-XTS-optimization-for-ARM-by-HW-instruction.patch Patch31: backport-Fix-failure-to-check-result-of-bn_rshift_fixed_top.patch Patch32: backport-Test-processing-of-a-duplicated-HRR.patch Patch33: backport-tls_process_server_hello-Disallow-repeated-HRR.patch Patch34: backport-Avoid-potential-memory-leak.patch Patch35: backport-Fix-NULL-pointer-dereference-for-BN_mod_exp2_mont.patch Patch36: backport-crypto-x509-v3_utl.c-Add-missing-check-for-OPENSSL_s.patch Patch37: backport-Fix-password_callback-to-handle-short-passwords.patch Patch38: backport-Fix-usage-of-SSLfatal.patch Patch39: backport-Fix-integer-overflow-in-evp_EncryptDecryptUpdate.patch Patch40: backport-Fix-Coverity-1201763-uninitialised-pointer-read.patch Patch41: backport-Fix-Coverity-1498611-1498608-uninitialised-read.patch Patch42: backport-Fix-coverity-1498607-uninitialised-value.patch Patch43: backport-Check-password-length-only-when-verify-is-enabled.patch Patch44: backport-Fix-issue-where-OBJ_nid2obj-doesn-t-always-raise-an-.patch Patch45: backport-Set-protocol-in-init_client.patch Patch46: backport-Fix-a-crash-in-ssl_security_cert_chain.patch Patch47: backport-Fix-undefined-behaviour-in-EC_GROUP_new_from_ecparam.patch Patch48: backport-Fix-a-memory-leak-in-ec_key_simple_oct2priv.patch Patch49: backport-Fix-a-crash-in-asn1_item_embed_new.patch Patch50: backport-Fix-leakage-when-the-cacheline-is-32-bytes-in-CBC_MA.patch Patch51: backport-Add-test-for-empty-supported-groups-extension.patch Patch52: backport-Do-not-send-an-empty-supported-groups-extension.patch Patch53: backport-x509-use-actual-issuer-name-if-a-CA-is-used.patch Patch54: backport-ticket_lifetime_hint-may-exceed-1-week-in-TLSv1.3.patch Patch55: backport-Fix-a-memory-leak-in-crl_set_issuers.patch Patch56: backport-Fix-a-DTLS-server-hangup-due-to-TLS13_AD_MISSING_EXT.patch Patch57: backport-Fix-an-assertion-in-the-DTLS-server-code.patch Patch58: backport-Fix-a-memory-leak-in-X509_issuer_and_serial_hash.patch Patch59: backport-Fix-strict-client-chain-check-with-TLS-1.3.patch Patch60: backport-Fix-a-crash-in-X509v3_asid_subset.patch Patch61: backport-Fix-a-memory-leak-in-EC_GROUP_new_from_ecparameters.patch Patch62: backport-Fix-range_should_be_prefix-to-actually-return-the-co.patch Patch63: backport-v3_sxnet-add-a-check-for-the-return-of-i2s_ASN1_INTE.patch Patch64: backport-Fix-bn_gcd-code-to-check-return-value-when-calling-B.patch Patch65: backport-Add-missing-header-for-memcmp.patch Patch66: backport-Fix-a-memory-leak-in-tls13_generate_secret.patch Patch67: backport-Make-the-DRBG-seed-propagation-thread-safe.patch Patch68: backport-Fix-memory-leak-in-X509V3_add1_i2d-when-flag-is-X509.patch Patch69: fix-add-loongarch64-target.patch Patch70: backport-APPS-x509-With-CA-but-both-CAserial-and-CAcreateseri.patch Patch71: backport-Fix-verify_callback-in-the-openssl-s_client-s_server.patch Patch72: backport-Fix-re-signing-certificates-with-different-key-sizes.patch Patch73: backport-Fix-ipv4_from_asc-behavior-on-invalid-Ip-addresses.patch Patch74: backport-Test-case-for-a2i_IPADDRESS.patch Patch75: backport-Fix-test-case-for-a2i_IPADDRESS.patch Patch76: backport-Fix-a-crash-in-v2i_IPAddrBlocks.patch Patch77: backport-Fixes-segfault-occurrence-in-PEM_write.patch Patch78: backport-X509_REQ_get_extensions-Return-empty-stack-if-no-ext.patch Patch79: backport-Fix-EC_KEY_set_private_key-priv_key-regression.patch Patch80: backport-Add-test-for-EC_KEY_set_private_key.patch Patch81: backport-Fix-SSL_pending-and-SSL_has_pending-with-DTLS.patch Patch82: backport-Test-that-swapping-the-first-app-data-record-with-Fi.patch Patch83: backport-Always-end-BN_mod_exp_mont_consttime-with-normal-Mon.patch Patch84: backport-Add-an-extra-reduction-step-to-RSAZ-mod_exp-implemen.patch Patch85: backport-Coverity-1508534-1508540-misuses-of-time_t.patch Patch86: backport-Moving-notify-check-after-the-no-time-check.patch Patch87: backport-Convert-serverinfo-in-SSL_CTX_use_serverinfo-to-v2.patch Patch88: backport-X509-x509_req.c-Set-modified-flag-when-X509_req_info.patch Patch89: backport-ssl_cipher_process_rulestr-don-t-read-outside-rule_s.patch Patch90: backport-CVE-2022-4304-Fix-Timing-Oracle-in-RSA-decryption.patch Patch91: backport-CVE-2022-4450-Avoid-dangling-ptrs-in-header-and-data-params-for-PE.patch Patch92: backport-CVE-2023-0215-Check-CMS-failure-during-BIO-setup-with-stream-is-ha.patch Patch93: backport-CVE-2023-0215-Fix-a-UAF-resulting-from-a-bug-in-BIO_new_NDEF.patch Patch94: backport-CVE-2023-0286-Fix-GENERAL_NAME_cmp-for-x400Address-1.patch Patch95: Fix-SM4-XTS-build-failure-using-clang.patch Patch96: backport-test-add-test-cases-for-the-policy-resource-overuse.patch Patch97: backport-x509-excessive-resource-use-verifying-policy-constra.patch Patch98: backport-Ensure-that-EXFLAG_INVALID_POLICY-is-checked-even-in.patch Patch99: backport-Fix-documentation-of-X509_VERIFY_PARAM_add0_policy.patch Patch100: backport-CVE-2023-2650-Restrict-the-size-of-OBJECT-IDENTIFIERs-that-OBJ_obj.patch Patch101: backport-Add-a-test-for-CVE-2023-3446.patch Patch102: backport-CVE-2023-3446-Fix-DH_check-excessive-time-with-over-sized-modulus.patch Patch103: backport-update-expired-certificates-for-sm2.patch Patch104: backport-CVE-2023-3817.patch Patch105: backport-CVE-2023-3817-testcase.patch Patch106: backport-A-null-pointer-dereference-occurs-when-memory-alloca.patch Patch107: backport-Make-DH_check-set-some-error-bits-in-recently-added-.patch Patch108: backport-CVE-2023-5678-Make-DH_check_pub_key-and-DH_generate_key-safer-yet.patch Patch109: backport-Add-negative-integer-check-when-using-ASN1_BIT_STRIN.patch Patch110: backport-Fix-stack-corruption-in-ui_read.patch Patch111: backport-Re-add-BN_F_OSSL_BN_RSA_DO_UNBLIND-which-was-incorre.patch Patch112: backport-x509-Fix-possible-use-after-free-when-OOM.patch Patch113: backport-x509-Handle-ossl_policy_level_add_node-errors.patch Patch114: backport-Fix-a-possbile-memleak-in-rsa_pub_encode.patch Patch115: backport-Fix-a-possible-memleak-in-eckey_priv_encode.patch Patch116: backport-Fix-error-handling-in-CMS_EncryptedData_encrypt.patch Patch117: backport-Fix-EVP_PKEY_asn1_copy.patch Patch118: backport-CVE-2024-0727-fix-pkcs12-decoding-crashes.patch Patch119: backport-apps-passwd.c-free-before-error-exiting.patch Patch120: backport-Fix-mem-leaks-on-PKCS-12-read-error-in-PKCS12_key_ge.patch Patch121: backport-CVE-2024-2511-Fix-unconstrained-session-cache-growth-in-TLSv1.3.patch Patch122: backport-Add-a-test-for-session-cache-handling.patch Patch123: backport-Extend-the-multi_resume-test-for-simultaneous-resump.patch Patch124: backport-Hardening-around-not_resumable-sessions.patch Patch125: backport-Add-a-test-for-session-cache-overflow.patch Patch126: backport-CVE-2024-4741-Only-free-the-read-buffer.patch Patch127: backport-CVE-2024-4741-Set-rlayer.packet-to-NULL-after-we-ve-.patch Patch128: backport-CVE-2024-4741-test-Fix-possible-use-after-free.patch Patch129: skip-some-test-cases.patch Patch130: backport-Update-further-expiring-certificates-that-affect-tes.patch BuildRequires: gcc perl make lksctp-tools-devel coreutils util-linux zlib-devel %description OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. %package libs Summary: A general purpose cryptography library with TLS implementation Group: System Environment/Libraries Requires: ca-certificates >= 2008-5 Requires: crypto-policies >= 20180730 Conflicts: openssl-libs < 1:3.0 %description libs The openssl-libs package contains the libraries that are used by various applications which support cryptographic algorithms and protocols. %package devel Summary: Development files for openssl Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} Requires: krb5-devel zlib-devel pkgconfig Conflicts: openssl-devel %description devel %{summary}. %prep %autosetup -n openssl-%{version} -p1 %build sslarch=%{_os}-%{_target_cpu} %ifarch x86_64 aarch64 sslflags=enable-ec_nistp_64_gcc_128 %endif %ifarch loongarch64 riscv64 sslflags="--libdir=%{_libdir}" %endif %ifarch riscv64 sslarch=%{_os}64-%{_target_cpu} %endif RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DPURIFY $RPM_LD_FLAGS" ./Configure \ --prefix=%{_prefix} \ --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \ zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \ enable-cms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method \ enable-weak-ssl-ciphers \ no-mdc2 no-ec2m enable-sm2 enable-sm3 enable-sm4 enable-tlcp \ shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\""' %make_build all %define __spec_install_post \ %{?__debug_package:%{__debug_install_post}} \ %{__arch_install_post} \ %{__os_install_post} \ %{nil} %install %make_install # rename so name with actual version rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT%{_libdir}/*.so.%{soversion} # create symbolic link for lib in $RPM_BUILD_ROOT%{_libdir}/*.so.%{version} ; do ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}` ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`.%{soversion} done # Next step of gradual disablement of ssl3. # Make SSL3 disappear to newly built dependencies. sed -i '/^\#ifndef OPENSSL_NO_SSL_TRACE/i\ #ifndef OPENSSL_NO_SSL3\ # define OPENSSL_NO_SSL3\ #endif' $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h # Delete configuration files rm -rf $RPM_BUILD_ROOT/%{_sysconfdir}/pki/tls/* # Delete man pages rm -rf $RPM_BUILD_ROOT/%{_mandir}/* rm -rf $RPM_BUILD_ROOT/%{_datadir}/doc # Remove binaries rm -rf $RPM_BUILD_ROOT/%{_bindir} %check LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}} export LD_LIBRARY_PATH OPENSSL_ENABLE_MD5_VERIFY= export OPENSSL_ENABLE_MD5_VERIFY OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file export OPENSSL_SYSTEM_CIPHERS_OVERRIDE make test || : %post libs -p /sbin/ldconfig %postun libs -p /sbin/ldconfig %files libs %defattr(-,root,root) %license LICENSE %{_libdir}/libcrypto.so.%{version} %{_libdir}/libcrypto.so.%{soversion} %{_libdir}/libssl.so.%{version} %{_libdir}/libssl.so.%{soversion} %{_libdir}/engines-%{soversion} %files devel %defattr(-,root,root) %doc doc/dir-locals.example.el doc/openssl-c-indent.el %{_prefix}/include/openssl %{_libdir}/pkgconfig/*.pc %{_libdir}/*.so %{_libdir}/*.a %ldconfig_scriptlets libs %changelog * Fri Jun 7 2024 zhujianwei <zhujianwei7@huawei.com> - 1:1.1.1m-11 - fix CVE-2024-4741 * Mon Apr 22 2023 wangcheng <wangcheng156@huawei.com> - 1:1.1.1m-10 - fix CVE-2023-5678 CVE-2024-0727 CVE-2024-2511 * Thu Oct 12 2023 fangxiuning <fangxiuning@huawei.com> - 1:1.1.1m-9 - fix some CVEs * Mon Jun 05 2023 laokz <zhangkai@iscas.ac.cn> - 1:1.1.1m-8 - fix sslarch and libdir for riscv64 * Thu May 25 2023 fangxiuning <fangxiuning@huawei.com> - 1:1.1.1m-7 - Fix some cves * Fri May 12 2023 Xu Yizhou <xuyizhou1@huawei.com> - 1:1.1.1m-6 - Fix SM4-XTS build failure using clang * Thu Mar 16 2023 wangcheng <wangcheng156@huawei.com> - 1:1.1.1m-5 - Remove the .fips hamc file * Wed Mar 08 2023 fangxiuning <fangxiuning@huawei.com> - 1:1.1.1m-4 - Fix some cves * Tue Mar 07 2023 fangxiuning <fangxiuning@huawei.com> - 1:1.1.1m-3 - Fix some cves * Thu Jan 19 2023 licihua <licihua@huawei.com> - 1:1.1.1m-2 - Add Conflicts for compat-openssl11-devel compat-openssl11-lib * Fri Jan 13 2023 licihua <licihua@huawei.com> - 1:1.1.1m-1 - Repackge openssl-1.1.1m into compat-openssl11
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2