%define maj 1.0.0 %define engines_name %mklibname openssl-engines %{maj} %define libname %mklibname openssl %{maj} %define develname %mklibname openssl -d %define staticname %mklibname openssl -s -d %define conflict1 %mklibname openssl 0.9.7 %define conflict2 %mklibname openssl 0.9.8 # Number of threads to spawn when testing some threading fixes. #define thread_test_threads %{?threads:%{threads}}%{!?threads:1} %define with_krb5 0 Summary: Secure Sockets Layer communications libs & utils Name: openssl Version: 1.0.2n Release: %mkrel 1 License: BSD-like Group: System/Libraries URL: http://www.openssl.org/ Source0: http://www.openssl.org/source/%{name}-%{version}.tar.gz Source1: http://www.openssl.org/source/%{name}-%{version}.tar.gz.asc Source2: Makefile.certificate Source3: make-dummy-cert Source4: openssl-thread-test.c # (gb) 0.9.7b-4mdk: Handle RPM_OPT_FLAGS in Configure Patch2: openssl-1.0.2e-optflags.patch # (oe) support Brazilian Government OTHERNAME X509v3 field (#14158) # http://www.iti.gov.br/resolucoes/RESOLU__O_13_DE_26_04_2002.PDF Patch6: openssl-1.0.2l-icpbrasil.diff # http://qa.mandriva.com/show_bug.cgi?id=32621 # patch15 removed: https://bugs.mageia.org/show_bug.cgi?id=15027 #Patch15: openssl-0.9.8e-crt.patch # fedora patches Patch7: openssl-1.0.2-defaults.patch Patch12: openssl-1.0.2-x509.patch Patch13: openssl-1.0.2-version-add-engines.patch Patch16: openssl-1.0.2-enginesdir.patch Patch17: openssl-1.0.2-pkgconfig-krb5.patch Patch18: openssl-1.0.2m-manfix.patch Patch19: openssl-1.0.2g-disable-sslv2v3.patch # MIPS and ARM support Patch300: openssl-1.0.2a-mips.patch Patch301: openssl-1.0.2a-arm.patch Requires: %{libname} = %{version}-%{release} Requires: rootcerts %if %with_krb5 BuildRequires: krb5-devel %endif BuildRequires: multiarch-utils >= 1.0.3 BuildRequires: chrpath BuildRequires: zlib-devel # (tv) for test suite: BuildRequires: bc %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. %package -n %{engines_name} Summary: Engines for openssl Group: System/Libraries Obsoletes: openssl-engines < 1.0.0a-5 Provides: openssl-engines = %{version}-%{release} %description -n %{engines_name} This package provides engines for openssl. %package -n %{libname} Summary: Secure Sockets Layer communications libs Group: System/Libraries Requires: %{engines_name} >= %{version}-%{release} Provides: %{libname} = %{version}-%{release} %description -n %{libname} The libraries files are needed for various cryptographic algorithms and protocols, including DES, RC4, RSA and SSL. %package -n %{develname} Summary: Secure Sockets Layer communications libs & headers & utils Group: Development/Other Requires: %{libname} = %{version}-%{release} Provides: libopenssl-devel Provides: openssl-devel = %{version}-%{release} # temporary opsolete, will be a conflict later. a compat package # with openssl-0.9.7 devel libs will be provided soon Obsoletes: %{conflict1}-devel Obsoletes: %{conflict2}-devel Obsoletes: %{mklibname openssl 1.0.0}-devel Provides: %{name}-devel = %{version}-%{release} %description -n %{develname} The libraries and include files needed to compile apps with support for various cryptographic algorithms and protocols, including DES, RC4, RSA and SSL. %package -n %{staticname} Summary: Secure Sockets Layer communications static libs Group: Development/Other Requires: %{develname} = %{version}-%{release} Provides: libopenssl-static-devel Provides: openssl-static-devel = %{version}-%{release} # temporary opsolete, will be a conflict later. a compat package # with openssl-0.9.7 static-devel libs will be provided soon Obsoletes: %{conflict1}-static-devel Obsoletes: %{conflict2}-static-devel Obsoletes: %{mklibname openssl 1.0.0}-static-devel Provides: %{name}-static-devel = %{version}-%{release} %description -n %{staticname} The static libraries needed to compile apps with support for various cryptographic algorithms and protocols, including DES, RC4, RSA and SSL. %prep %setup -q %patch2 -p1 -b .optflags %patch6 -p1 -b .icpbrasil %patch7 -p1 -b .defaults %patch12 -p1 -b .x509 %patch13 -p1 -b .version-add-engines #patch15 -p1 -b .crt %patch16 -p1 -b .engines %patch17 -p1 -b .krb5 %patch18 -p1 -b .manfix %patch19 -p1 -b .v2v3 %patch300 -p1 -b .mips %patch301 -p1 -b .arm perl -pi -e "s,^(OPENSSL_LIBNAME=).+$,\1%{_lib}," Makefile.org engines/Makefile cp %{SOURCE2} Makefile.certificate cp %{SOURCE3} make-dummy-cert cp %{SOURCE4} openssl-thread-test.c %build %serverbuild # Figure out which flags we want to use. # default sslarch=%{_os}-%{_arch} %ifarch %ix86 sslarch=linux-elf if ! echo %{_target} | grep -q i[56]86 ; then sslflags="no-asm" fi %endif %ifarch sparcv9 sslarch=linux-sparcv9 %endif %ifarch alpha sslarch=linux-alpha-gcc %endif %ifarch s390 sslarch="linux-generic32 -DB_ENDIAN -DNO_ASM" %endif %ifarch s390x sslarch="linux-generic64 -DB_ENDIAN -DNO_ASM" %endif # ia64, x86_64, ppc, ppc64 are OK by default # Configure the build tree. Override OpenSSL defaults with known-good defaults # usable on all platforms. The Configure script already knows to use -fPIC and # RPM_OPT_FLAGS, so we can skip specifiying them here. ./Configure \ --prefix=%{_prefix} \ --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \ --libdir=%{_lib}/ \ %if %with_krb5 --with-krb5-flavor=MIT --with-krb5-dir=%{_prefix} \ %endif --enginesdir=%{_libdir}/openssl/%{version}/engines \ zlib no-idea no-rc5 enable-camellia enable-ssl2 shared enable-tlsext ${sslarch} \ %ifarch x86_64 enable-ec_nistp_64_gcc_128 %endif # Add -Wa,--noexecstack here so that libcrypto's assembler modules will be # marked as not requiring an executable stack. RPM_OPT_FLAGS="%{optflags} -Wa,--noexecstack" make depend make all build-shared # Generate hashes for the included certs. make rehash build-shared %check # Verify that what was compiled actually works. export LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}} make -C test apps tests gcc -o openssl-thread-test \ %{?_with_krb5:`krb5-config --cflags`} \ -I./include \ %{optflags} \ openssl-thread-test.c \ -L. -lssl -lcrypto \ %{?_with_krb5:`krb5-config --libs`} \ -lpthread -lz -ldl ./openssl-thread-test --threads %{thread_test_threads} %install %makeinstall \ INSTALL_PREFIX=%{buildroot} \ MANDIR=%{_mandir} \ build-shared install -d -m 755 %{buildroot}%{_libdir}/openssl/%{version} mv %{buildroot}%{_libdir}/engines %{buildroot}%{_libdir}/openssl/%{version} # make the rootcerts dir install -d %{buildroot}%{_sysconfdir}/pki/tls/rootcerts # Install a makefile for generating keys and self-signed certs, and a script # for generating them on the fly. install -d %{buildroot}%{_sysconfdir}/pki/tls/certs install -m0644 Makefile.certificate %{buildroot}%{_sysconfdir}/pki/tls/certs/Makefile install -m0755 make-dummy-cert %{buildroot}%{_sysconfdir}/pki/tls/certs/make-dummy-cert # Pick a CA script. mv %{buildroot}%{_sysconfdir}/pki/tls/misc/CA.sh %{buildroot}%{_sysconfdir}/pki/tls/misc/CA install -d %{buildroot}%{_sysconfdir}/pki/CA install -d %{buildroot}%{_sysconfdir}/pki/CA/private # openssl was named ssleay in "ancient" times. ln -snf openssl %{buildroot}%{_bindir}/ssleay # The man pages rand.3 and passwd.1 conflict with other packages # Rename them to ssl-* and also make a symlink from openssl-* to ssl-* mv %{buildroot}%{_mandir}/man1/passwd.1 %{buildroot}%{_mandir}/man1/ssl-passwd.1 ln -sf ssl-passwd.1%{_extension} %{buildroot}%{_mandir}/man1/openssl-passwd.1%{_extension} for i in rand err; do mv %{buildroot}%{_mandir}/man3/$i.3 %{buildroot}%{_mandir}/man3/ssl-$i.3 ln -snf ssl-$i.3%{_extension} %{buildroot}%{_mandir}/man3/openssl-$i.3%{_extension} done rm -rf {main,devel}-doc-info mkdir -p {main,devel}-doc-info cat > main-doc-info/README.mga <<EOF Warning: The man page of passwd, passwd.1, has been renamed to ssl-passwd.1 to avoid a conflict with passwd.1 man page from the package passwd. EOF cat > devel-doc-info/README.mga <<EOF Warning: The man page of rand, rand.3, has been renamed to ssl-rand.3 to avoid a conflict with rand.3 from the package man-pages The man page of err, err.3, has been renamed to ssl-err.3 to avoid a conflict with err.3 from the package man-pages EOF chmod 755 %{buildroot}%{_libdir}/pkgconfig %multiarch_includes %{buildroot}%{_includedir}/openssl/opensslconf.h # strip cannot touch these unless 755 chmod 755 %{buildroot}%{_libdir}/openssl/%{version}/engines/*.so* chmod 755 %{buildroot}%{_libdir}/*.so* chmod 755 %{buildroot}%{_bindir}/* # nuke a mistake rm -f %{buildroot}%{_mandir}/man3/.3 # nuke rpath chrpath -d %{buildroot}%{_bindir}/openssl # Fix libdir. pushd %{buildroot}%{_libdir}/pkgconfig for i in *.pc ; do sed 's,^libdir=${exec_prefix}/lib$,libdir=${exec_prefix}/%{_lib},g' \ $i >$i.tmp && \ cat $i.tmp >$i && \ rm -f $i.tmp done popd # adjust ssldir perl -pi -e "s|^CATOP=.*|CATOP=%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfdir}/pki/tls/misc/CA perl -pi -e "s|^\\\$CATOP\=\".*|\\\$CATOP\=\"%{_sysconfdir}/pki/tls\";|g" %{buildroot}%{_sysconfdir}/pki/tls/misc/CA.pl perl -pi -e "s|\./demoCA|%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfdir}/pki/tls/openssl.cnf %files %doc FAQ INSTALL LICENSE NEWS PROBLEMS main-doc-info/README* %doc README README.ASN1 README.ENGINE %dir %{_sysconfdir}/pki %dir %{_sysconfdir}/pki/CA %dir %{_sysconfdir}/pki/CA/private %dir %{_sysconfdir}/pki/tls %dir %{_sysconfdir}/pki/tls/certs %dir %{_sysconfdir}/pki/tls/misc %dir %{_sysconfdir}/pki/tls/private %dir %{_sysconfdir}/pki/tls/rootcerts %config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf %{_sysconfdir}/pki/tls/certs/make-dummy-cert %{_sysconfdir}/pki/tls/certs/Makefile %{_sysconfdir}/pki/tls/misc/* %{_bindir}/* %{_mandir}/man[157]/* %files -n %{libname} %doc FAQ INSTALL LICENSE NEWS PROBLEMS README* %{_libdir}/lib*.so.%{maj} %files -n %{engines_name} %{_libdir}/openssl %files -n %{develname} %doc CHANGES doc/* devel-doc-info/README* %dir %{_includedir}/openssl %multiarch %{multiarch_includedir}/openssl/opensslconf.h %{_includedir}/openssl/* %{_libdir}/lib*.so %{_mandir}/man3/* %{_libdir}/pkgconfig/* %files -n %{staticname} %{_libdir}/lib*.a %changelog * Wed Dec 13 2017 ns80 <ns80> 1.0.2n-1.mga5 + Revision: 1182494 - new version 1.0.2n for CVE-2017-3737 and CVE-2017-3738 (mga#22185) + luigiwalser <luigiwalser> - 1.0.2m - 1.0.2l - 1.0.2k (fixes CVE-2016-7055 and CVE-2017-373[12]) - 1.0.2j - 1.0.2i - 1.0.2h (fixes CVE-2016-210[5679] and CVE-2016-2176) - 1.0.2f (fixes CVE-2016-0701 and CVE-2015-3197) - 1.0.2e (fixes CVE-2015-319[3-5] and CVE-2015-1794) - rediff patch 2 - 1.0.2d (fixes CVE-2015-1793) + tmb <tmb> - reenable SSL2 in the build to avoid ABI break - 1.0.2g (CVE-2016-0702, CVE-2016-0705, CVE-2016-079[7-9], CVE-2016-0800) * Sat Jun 13 2015 luigiwalser <luigiwalser> 1.0.2c-1.mga5 + Revision: 823035 - 1.0.2c (fixes hmac abi breakage in 1.0.2b) * Thu Jun 11 2015 luigiwalser <luigiwalser> 1.0.2b-1.mga5 + Revision: 822986 - 1.0.2b (fixes CVE-2015-4000, CVE-2015-178[89], CVE-2015-179[0-2]) - rediff patch 2 * Thu Mar 19 2015 luigiwalser <luigiwalser> 1.0.2a-1.mga5 + Revision: 818950 - 1.0.2a - rediff patches 2, 300, 301 * Fri Feb 20 2015 luigiwalser <luigiwalser> 1.0.2-1.mga5 + Revision: 816018 - 1.0.2 - rediff patches 2,6,7,12,13,16,17,18,19 - remove bogus patch 15 (mga#15027) * Fri Jan 16 2015 luigiwalser <luigiwalser> 1.0.1l-1.mga5 + Revision: 810940 - 1.0.1l * Thu Jan 08 2015 luigiwalser <luigiwalser> 1.0.1k-1.mga5 + Revision: 809371 - 1.0.1k * Thu Oct 23 2014 luigiwalser <luigiwalser> 1.0.1j-2.mga5 + Revision: 792707 - add patch from fedora to disable SSLv2 and SSLv3 by default * Wed Oct 15 2014 luigiwalser <luigiwalser> 1.0.1j-1.mga5 + Revision: 754936 - 1.0.1j + umeabot <umeabot> - Second Mageia 5 Mass Rebuild * Tue Sep 16 2014 umeabot <umeabot> 1.0.1i-2.mga5 + Revision: 683247 - Mageia 5 Mass Rebuild * Thu Aug 07 2014 luigiwalser <luigiwalser> 1.0.1i-1.mga5 + Revision: 660553 - 1.0.1i - rediff patch 18 (manfix) * Thu Jun 26 2014 guillomovitch <guillomovitch> 1.0.1h-2.mga5 + Revision: 639996 - enable accelerated support for the NIST P-224 and P-256 groups (#13269) * Thu Jun 05 2014 luigiwalser <luigiwalser> 1.0.1h-1.mga5 + Revision: 633458 - 1.0.1h - remove upstreamed patches - update manfix patch from fedora * Fri May 02 2014 luigiwalser <luigiwalser> 1.0.1g-4.mga5 + Revision: 619693 - rediff patch from openbsd to fix CVE-2014-0198 * Mon Apr 21 2014 luigiwalser <luigiwalser> 1.0.1g-3.mga5 + Revision: 617328 - add patch from debian to fix checking critical flag in TSA cert extensions - add patch from openbsd to fix CVE-2010-5298 * Mon Apr 07 2014 luigiwalser <luigiwalser> 1.0.1g-1.mga5 + Revision: 612762 - 1.0.1g (fixes CVE-2014-0160) - remove upstreamed CVE-2014-0076 patch * Fri Apr 04 2014 luigiwalser <luigiwalser> 1.0.1f-2.mga5 + Revision: 611712 - add patch from upstream via opensuse to fix CVE-2014-0076 * Tue Feb 04 2014 guillomovitch <guillomovitch> 1.0.1f-1.mga5 + Revision: 580830 - new version 1.0.1f * Mon Jan 06 2014 luigiwalser <luigiwalser> 1.0.1e-8.mga4 + Revision: 565222 - add upstream patch to fix CVE-2013-6450 * Mon Jan 06 2014 guillomovitch <guillomovitch> 1.0.1e-7.mga4 + Revision: 565179 - use upstream patch to fix CVE 2013-4353 * Mon Dec 23 2013 luigiwalser <luigiwalser> 1.0.1e-6.mga4 + Revision: 560125 - add patch from fedora to fix CVE-2013-6449 * Mon Oct 28 2013 guillomovitch <guillomovitch> 1.0.1e-5.mga4 + Revision: 547610 - add upstream patch to fix null pointer issue (mga #11549) * Mon Oct 21 2013 umeabot <umeabot> 1.0.1e-4.mga4 + Revision: 540748 - Mageia 4 Mass Rebuild * Wed Oct 09 2013 guillomovitch <guillomovitch> 1.0.1e-3.mga4 + Revision: 494272 - disable kerberos support, to fix circular dependency issue (#mga 10339) * Wed May 29 2013 sander85 <sander85> 1.0.1e-2.mga4 + Revision: 432014 - fix build of manpages with current pod2man (patches from fedora and upstream) * Mon Feb 11 2013 luigiwalser <luigiwalser> 1.0.1e-1.mga3 + Revision: 397936 - 1.0.1e - remove upstreamed patch * Fri Feb 08 2013 fwang <fwang> 1.0.1d-1.mga3 + Revision: 395433 - new version 1.0.1d * Sun Jan 13 2013 umeabot <umeabot> 1.0.1c-8.mga3 + Revision: 362158 - Mass Rebuild - https://wiki.mageia.org/en/Feature:Mageia3MassRebuild * Wed Jan 02 2013 guillomovitch <guillomovitch> 1.0.1c-7.mga3 + Revision: 337612 - re-enable kerberos support * Wed Jan 02 2013 guillomovitch <guillomovitch> 1.0.1c-6.mga3 + Revision: 337573 - temporarily disable kerberos support, to be able to build kerberos package without kerberos-devel installed + oden <oden> - small fixes * Wed Dec 05 2012 guillomovitch <guillomovitch> 1.0.1c-5.mga3 + Revision: 327008 - use a versionned subdirectory for engines, so as to avoid a file conflict with multiple versions installed simultaneously (spotted by oden) * Wed Oct 31 2012 guillomovitch <guillomovitch> 1.0.1c-4.mga3 + Revision: 311718 - fix engines location * Tue Oct 30 2012 guillomovitch <guillomovitch> 1.0.1c-3.mga3 + Revision: 311668 - ships engine in a non-versioned directory, as in fedora + fwang <fwang> - lock libmajor * Thu Jun 07 2012 guillomovitch <guillomovitch> 1.0.1c-2.mga3 + Revision: 257018 - downgrade lib major, it didn't change * Thu Jun 07 2012 guillomovitch <guillomovitch> 1.0.1c-1.mga3 + Revision: 256938 - fix krb5 support, and make it mandatory as in fedora - new version - drop outdated pkcs11 engine patch * Fri May 11 2012 luigiwalser <luigiwalser> 1.0.0j-1.mga2 + Revision: 235378 - 1.0.0j (fixes CVE-2012-2333) * Thu Apr 19 2012 guillomovitch <guillomovitch> 1.0.0i-1.mga2 + Revision: 231806 - new version (fix CVE 2012-2110) * Tue Mar 13 2012 guillomovitch <guillomovitch> 1.0.0h-1.mga2 + Revision: 223223 - new version * Thu Jan 19 2012 fwang <fwang> 1.0.0g-1.mga2 + Revision: 198045 - new version 1.0.0g * Thu Jan 05 2012 guillomovitch <guillomovitch> 1.0.0f-1.mga2 + Revision: 191621 - rename distribution-specific README files to README.mga - spec cleanup - drop unapplied conditional patch0, this isn't true anymore - new version * Mon Dec 19 2011 fwang <fwang> 1.0.0e-2.mga2 + Revision: 184360 - enable zlib support * Wed Sep 07 2011 fwang <fwang> 1.0.0e-1.mga2 + Revision: 140881 - new version 1.0.0e * Sun May 15 2011 pterjan <pterjan> 1.0.0d-2.mga1 + Revision: 99024 - Rebuild for fixed find-requires * Sat Apr 16 2011 pterjan <pterjan> 1.0.0d-1.mga1 + Revision: 86203 - Update to 1.0.0d + rtp <rtp> - Fix arm & mips openssl 1.0.0 patches. * Sat Jan 08 2011 blino <blino> 1.0.0c-2.mga1 + Revision: 736 - use generic distribution macro - remove old distro checks - imported package openssl * Fri Dec 03 2010 Oden Eriksson <oeriksson@mandriva.com> 1.0.0c-1mdv2011.0 + Revision: 606171 - 1.0.0b * Wed Nov 17 2010 Oden Eriksson <oeriksson@mandriva.com> 1.0.0b-1mdv2011.0 + Revision: 598376 - 1.0.0b (fixes CVE-2010-3864) - P17: post 1.0.0b fix to make the test suite work after upstream CVE-2010-3864 fixes - fix small borkiness * Sat Oct 02 2010 Anssi Hannula <anssi@mandriva.org> 1.0.0a-7mdv2011.0 + Revision: 582540 - fix versioned obsoletes of openssl-engines (the package was renamed in 1.0.0a-5, not 1.0.0a-1.4) * Mon Sep 20 2010 Oden Eriksson <oeriksson@mandriva.com> 1.0.0a-6mdv2011.0 + Revision: 579973 - bump release - fix a dep problem which prevented openssl-engines to be upgraded if both x86_64 and i586 urpmi repos were configured. * Tue Sep 14 2010 Eugeni Dodonov <eugeni@mandriva.com> 1.0.0a-4mdv2011.0 + Revision: 578251 - Fixed typo in openssl.cnf (#61019) * Sat Sep 04 2010 Oden Eriksson <oeriksson@mandriva.com> 1.0.0a-3mdv2011.0 + Revision: 575832 - sync with MDVSA-2010:168 * Wed Jul 14 2010 Matthew Dawkins <mattydaw@mandriva.org> 1.0.0a-2mdv2011.0 + Revision: 553412 - dropped major for devel & static packages * Wed Jun 02 2010 Eugeni Dodonov <eugeni@mandriva.com> 1.0.0a-1mdv2010.1 + Revision: 546943 - Updated to 1.0.0a. * Tue Apr 06 2010 Eugeni Dodonov <eugeni@mandriva.com> 1.0.0-4mdv2010.1 + Revision: 532146 - Disable md2 again because it really should not have been enabled. * Tue Apr 06 2010 Funda Wang <fwang@mandriva.org> 1.0.0-3mdv2010.1 + Revision: 532115 - enable md2 * Tue Apr 06 2010 Funda Wang <fwang@mandriva.org> 1.0.0-2mdv2010.1 + Revision: 531959 - obsoletes 0.9.8-static-devel * Mon Apr 05 2010 Eugeni Dodonov <eugeni@mandriva.com> 1.0.0-1mdv2010.1 + Revision: 531697 - Updated optflags patches. - Updated to 1.0.0. Rediffed patches. Updated pkcs11 patch. * Fri Mar 26 2010 Eugeni Dodonov <eugeni@mandriva.com> 0.9.8n-1mdv2010.1 + Revision: 527842 - Updated to 0.9.8n. * Thu Feb 25 2010 Eugeni Dodonov <eugeni@mandriva.com> 0.9.8m-1mdv2010.1 + Revision: 511325 - Drop P3 and P9 (no longer needed). - Updated to 0.9.8m. Drop P3, P17-24 (merged upstream). Rediff P2, P9, P16. * Thu Jan 21 2010 Oden Eriksson <oeriksson@mandriva.com> 0.9.8l-2mdv2010.1 + Revision: 494502 - P24: fix build with binutils-2.20.51.0.x - P23: security fix for CVE-2009-4355 (upstream) * Fri Nov 06 2009 Eugeni Dodonov <eugeni@mandriva.com> 0.9.8l-1mdv2010.1 + Revision: 461230 - Updated to 0.9.8l. Fixed static package summary. * Wed Oct 07 2009 Oden Eriksson <oeriksson@mandriva.com> 0.9.8k-5mdv2010.0 + Revision: 455585 - P22: fixes a regression with CVE-2009-2409 (#54349) * Sun Sep 27 2009 Olivier Blin <oblin@mandriva.com> 0.9.8k-4mdv2010.0 + Revision: 450189 - mips and arm support (from Arnaud Patard) * Tue Sep 22 2009 Oden Eriksson <oeriksson@mandriva.com> 0.9.8k-3mdv2010.0 + Revision: 447234 - P19: security fix for CVE-2009-1379 - P20: security fix for CVE-2009-1387 - P21: security fix for CVE-2009-2409 * Thu May 21 2009 Oden Eriksson <oeriksson@mandriva.com> 0.9.8k-2mdv2010.0 + Revision: 378365 - P17: security fix for CVE-2009-1377 - P18: security fix for CVE-2009-1378 * Thu Mar 26 2009 Eugeni Dodonov <eugeni@mandriva.com> 0.9.8k-1mdv2009.1 + Revision: 361433 - Updated to 0.9.8k. Rediffed P9, P13, P16. Dropped P17 (no longer needed) and P18 (merged upstream). * Tue Feb 03 2009 Guillaume Rousse <guillomovitch@mandriva.org> 0.9.8i-5mdv2009.1 + Revision: 337119 - keep bash completion in its own package * Mon Jan 12 2009 Guillaume Rousse <guillomovitch@mandriva.org> 0.9.8i-4mdv2009.1 + Revision: 328609 - no need to rename man page, we don't ship rsbac anymore - uncompress additional sources - bash completion * Thu Jan 08 2009 Eugeni Dodonov <eugeni@mandriva.com> 0.9.8i-3mdv2009.1 + Revision: 327021 - P18: security fix for CVE-2008-5077 * Tue Dec 16 2008 Oden Eriksson <oeriksson@mandriva.com> 0.9.8i-2mdv2009.1 + Revision: 314928 - rediffed fuzzy patches - fix build with P17 (-Werror=format-security) * Fri Oct 10 2008 Oden Eriksson <oeriksson@mandriva.com> 0.9.8i-1mdv2009.1 + Revision: 291331 - 0.9.8i - dropped the mbstring_flag patch (P4), it's implemented upstream - added pkcs11 engine support P16 * Thu Aug 07 2008 Thierry Vignaud <tv@mandriva.org> 0.9.8h-3mdv2009.0 + Revision: 265275 - rebuild early 2009.0 package (before pixel changes) * Wed Jun 11 2008 Oden Eriksson <oeriksson@mandriva.com> 0.9.8h-2mdv2009.0 + Revision: 217952 - fix "#%%define is forbidden" - added P4 to fix borkiness in the apache test suites + Pixel <pixel@mandriva.com> - do not call ldconfig in %%post/%%postun, it is now handled by filetriggers * Fri May 30 2008 Oden Eriksson <oeriksson@mandriva.com> 0.9.8h-1mdv2009.0 + Revision: 213381 - 0.9.8h (fixes CVE-2008-1672, CVE-2008-0891) - rediffed P2 * Thu May 29 2008 Oden Eriksson <oeriksson@mandriva.com> 0.9.8g-9mdv2009.0 + Revision: 212968 - P16: security fix for CVE-2008-0891 - P17: security fix for CVE-2008-1672 * Tue May 27 2008 Thierry Vignaud <tv@mandriva.org> 0.9.8g-8mdv2009.0 + Revision: 211562 - fix duplicated descriptions between devel packages (as showed by latest commits) - descriptions are not license tags - remove URLs & emails from descriptions * Sat May 24 2008 Oden Eriksson <oeriksson@mandriva.com> 0.9.8g-7mdv2009.0 + Revision: 210856 - rebuild * Tue May 20 2008 Oden Eriksson <oeriksson@mandriva.com> 0.9.8g-6mdv2009.0 + Revision: 209328 - rebuilt with gcc43 * Mon Apr 14 2008 Oden Eriksson <oeriksson@mandriva.com> 0.9.8g-5mdv2009.0 + Revision: 192694 - rebuild - fix #39792 (openssl-thread-test does not use proper .so file) * Thu Feb 28 2008 Oden Eriksson <oeriksson@mandriva.com> 0.9.8g-4mdv2008.1 + Revision: 176382 - rebuild (take 2) * Thu Feb 28 2008 Oden Eriksson <oeriksson@mandriva.com> 0.9.8g-3mdv2008.1 + Revision: 176250 - rebuild * Thu Feb 28 2008 Oden Eriksson <oeriksson@mandriva.com> 0.9.8g-2mdv2008.1 + Revision: 176044 - fix #38237 (Please include SNI support patch) + Olivier Blin <oblin@mandriva.com> - restore BuildRoot + Thierry Vignaud <tv@mandriva.org> - kill re-definition of %%buildroot on Pixel's request * Thu Dec 06 2007 Oden Eriksson <oeriksson@mandriva.com> 0.9.8g-1mdv2008.1 + Revision: 115942 - bump release - 0.9.8g * Fri Oct 19 2007 Oden Eriksson <oeriksson@mandriva.com> 0.9.8f-1mdv2008.1 + Revision: 100300 - 0.9.8f - rediffed P2 - drop upstream implemented fixes for CVE-2007-3108, CVE-2007-5135 - drop upstream implemented fixes; P4, P14, P16, P17, P18 * Fri Oct 05 2007 Anne Nicolas <ennael@mandriva.org> 0.9.8e-8mdv2008.0 + Revision: 95537 - bump release * Thu Oct 04 2007 Andreas Hasenack <andreas@mandriva.com> 0.9.8e-7mdv2008.0 + Revision: 95496 - patch to fix security issues CVE-2007-5135 and CVE-2007-3108 (#34405 and #32376 respectively) * Fri Sep 21 2007 Andreas Hasenack <andreas@mandriva.com> 0.9.8e-6mdv2008.0 + Revision: 91695 - fix sigill during make test (#32769) - make c_rehash handle .crt extensions (#32621) + Thierry Vignaud <tv@mandriva.org> - add missing buildrequires for test suite - kill file require on perl-base * Tue Jun 26 2007 Thierry Vignaud <tv@mandriva.org> 0.9.8e-4mdv2008.0 + Revision: 44488 - rebuild with -fstack-protector * Tue Apr 24 2007 Andreas Hasenack <andreas@mandriva.com> 0.9.8e-3mdv2008.0 + Revision: 17927 - fixed 3des cipher bug in openssl (#30431) * Mon Mar 19 2007 Thierry Vignaud <tvignaud@mandriva.com> 0.9.8e-2mdv2007.1 + Revision: 146607 - move big doc in -devel * Mon Feb 26 2007 Andreas Hasenack <andreas@mandriva.com> 0.9.8e-1mdv2007.1 + Revision: 125816 - updated to version 0.9.8e * Wed Dec 20 2006 Per Ãyvind Karlsen <pkarlsen@mandriva.com> 0.9.8d-3mdv2007.1 + Revision: 100705 - bump re?\195?\184lease - fix sparcv9 build do not disable asm on sparc move checks to %%check * Mon Dec 11 2006 Gwenole Beauchesne <gbeauchesne@mandriva.com> 0.9.8d-2mdv2007.1 + Revision: 94733 - 0.9.8d-2mdv - merge from 2007.0-branch: fix build on ppc64 * Mon Nov 06 2006 Andreas Hasenack <andreas@mandriva.com> 0.9.8d-1mdv2007.1 + Revision: 77025 - updated to version 0.9.8d - dropped poll patch, it's already being used upstream - added new cipher: camellia - dropped security patches that were already applied * Tue Oct 31 2006 Oden Eriksson <oeriksson@mandriva.com> 0.9.8b-4mdv2007.1 + Revision: 74810 - add another patch, phew! - commit one more patch (duh!) - commit the patches too... - bunzip patches + Andreas Hasenack <andreas@mandriva.com> - added security patches for CVE-2006-2940 (two patches), CVE-2006-4343, CVE-2006-3738 and CVE-2006-2937 (#26197) - Import openssl * Thu Sep 07 2006 Oden Eriksson <oeriksson@mandriva.com> 0.9.8b-2 - plug CVE-2006-4339 (#25234) * Fri May 05 2006 Oden Eriksson <oeriksson@mandriva.com> 0.9.8b-1mdk - 0.9.8a - rediffed P3 * Mon Jan 30 2006 Oden Eriksson <oeriksson@mandriva.com> 0.9.8a-10mdk - fix one conflicting manpage (buffer.3) with rsbac-admin (#20875) * Fri Jan 27 2006 Oden Eriksson <oeriksson@mandriva.com> 0.9.8a-9mdk - fix deps (rootcerts) * Wed Jan 04 2006 Oden Eriksson <oeriksson@mandriva.com> 0.9.8a-8mdk - fix the /usr/lib6464 error (duh!) * Wed Jan 04 2006 Oden Eriksson <oeriksson@mandriva.com> 0.9.8a-7mdk - fix deps * Mon Dec 05 2005 Oden Eriksson <oeriksson@mandriva.com> 0.9.8a-6mdk - fix file attribs on certain files in /etc/pki/tls/ (thanks ahasenack) - fix one missing ";" in the /etc/pki/tls/misc/CA.pl file (thanks ahasenack) - for the record, 0.9.8a-4mdk fixed #19882 * Wed Nov 23 2005 Christiaan Welvaart <cjw@daneel.dyndns.org> 0.9.8a-5mdk - add BuildRequires: chrpath * Mon Nov 21 2005 Oden Eriksson <oeriksson@mandriva.com> 0.9.8a-4mdk - don't ship a crippled package * Sat Nov 12 2005 Oden Eriksson <oeriksson@mandriva.com> 0.9.8a-3mdk - rebuilt due package loss * Fri Nov 11 2005 Oden Eriksson <oeriksson@mandriva.com> 0.9.8a-2mdk - added patches and changes from fedora - OPENSSLDIR is now %%{_sysconfdir}/pki/tls * Thu Nov 10 2005 Oden Eriksson <oeriksson@mandriva.com> 0.9.8a-1mdk - merge with the openssl0.9.8 package: - 0.9.8a - new major - rediff P2, P3 and P6 * Mon Oct 17 2005 Oden Eriksson <oeriksson@mandriva.com> 0.9.7i-1mdk - 0.9.7i (compatibility fix) * Fri Oct 14 2005 Oden Eriksson <oeriksson@mandriva.com> 0.9.7h-2mdk - security update for CAN-2005-2946 (P7) * Wed Oct 12 2005 Oden Eriksson <oeriksson@mandriva.com> 0.9.7h-1mdk - 0.9.7h (addresses CAN-2005-2969) - rediff P2,P3 * Fri May 06 2005 Oden Eriksson <oeriksson@mandriva.com> 0.9.7g-2mdk - rebuilt with gcc4 * Sat Apr 16 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 0.9.7g-1mdk - 0.9.7g - rediffed P2 * Fri Apr 01 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 0.9.7f-1mdk - 0.9.7f - use the %%mkrel macro - drop the libfips patch (P5), it's implemented upstream - drop the CAN-2004-0975 patch (P4) as the code is gone - rediffed P2 * Wed Mar 02 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 0.9.7e-5mdk - added P6 to support Brazilian Government OTHERNAME X509v3 field (#14158) * Mon Jan 31 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 0.9.7e-4mdk - fix deps and conditional %%multiarch - added P5 as there's no libfips * Mon Jan 10 2005 Frederic Lepied <flepied@mandrakesoft.com> 0.9.7e-3mdk - build in parallel * Tue Dec 07 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 0.9.7e-2mdk - apply the CAN-2004-0975 patch (P4) from 0.9.7d-1.1.101mdk * Mon Nov 08 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 0.9.7e-1mdk - 0.9.7e - rediffed P2 & P3 - misc spec file fixes * Sat Jun 19 2004 Jean-Michel Dault <jmdault@mandrakesoft.com> 0.9.7d-1mdk - new version - rediff P3 - remove P4/P5 since they're included in the release