代码拉取完成,页面将自动刷新
同步操作将从 src-openEuler/openssl 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
%define soversion 3
Name: openssl
Epoch: 1
Version: 3.0.12
Release: 8
Summary: Cryptography and SSL/TLS Toolkit
License: OpenSSL and SSLeay
URL: https://www.openssl.org/
Source0: https://www.openssl.org/source/%{name}-%{version}.tar.gz
Source1: Makefile.certificate
Patch1: openssl-3.0-build.patch
Patch2: Backport-aarch64-support-BTI-and-pointer-authentication-in-as.patch
Patch3: Backport-SM3-acceleration-with-SM3-hardware-instruction-on-aa.patch
Patch4: Backport-Fix-sm3ss1-translation-issue-in-sm3-armv8.pl.patch
Patch5: Backport-providers-Add-SM4-GCM-implementation.patch
Patch6: Backport-SM4-optimization-for-ARM-by-HW-instruction.patch
Patch7: Backport-Further-acceleration-for-SM4-GCM-on-ARM.patch
Patch8: Backport-SM4-optimization-for-ARM-by-ASIMD.patch
Patch9: Backport-providers-Add-SM4-XTS-implementation.patch
Patch10: Backport-Fix-SM4-CBC-regression-on-Armv8.patch
Patch11: Backport-Fix-SM4-test-failures-on-big-endian-ARM-processors.patch
Patch12: Backport-Apply-SM4-optimization-patch-to-Kunpeng-920.patch
Patch13: Backport-SM4-AESE-optimization-for-ARMv8.patch
Patch14: Backport-Fix-SM4-XTS-build-failure-on-Mac-mini-M1.patch
Patch15: Backport-support-decode-SM2-parameters.patch
Patch16: Feature-support-SM2-CMS-signature.patch
Patch17: Feature-use-default-id-if-SM2-id-is-not-set.patch
Patch18: Backport-Make-DH_check_pub_key-and-DH_generate_key-safer-yet.patch
Patch19: Backport-poly1305-ppc.pl-Fix-vector-register-clobbering.patch
Patch20: Backport-Limit-the-execution-time-of-RSA-public-key-check.patch
Patch21: Backport-Add-NULL-checks-where-ContentInfo-data-can-be-NULL.patch
Patch22: Backport-Fix-SM4-XTS-aarch64-assembly-implementation-bug.patch
Patch23: fix-add-loongarch64-target.patch
Patch24: backport-CVE-2024-2511-Fix-unconstrained-session-cache-growth-in-TLSv1.3.patch
Patch25: backport-Add-a-test-for-session-cache-handling.patch
Patch26: backport-Extend-the-multi_resume-test-for-simultaneous-resump.patch
Patch27: backport-Hardening-around-not_resumable-sessions.patch
Patch28: backport-Add-a-test-for-session-cache-overflow.patch
Patch29: backport-CVE-2024-4603-Check-DSA-parameters-for-exce.patch
Patch30: Backport-Add-a-test-for-late-loading-of-an-ENGINE-in-TLS.patch
Patch31: Backport-Don-t-attempt-to-set-provider-params-on-an-ENGINE-ba.patch
Patch32: Backport-CVE-2024-4741-Only-free-the-read-buffers-if-we-re-not-using-them.patch
Patch33: Backport-CVE-2024-4741-Set-rlayer.packet-to-NULL-after-we-ve-finished-using.patch
Patch34: Backport-CVE-2024-4741-Extend-the-SSL_free_buffers-testing.patch
Patch35: Backport-CVE-2024-4741-Move-the-ability-to-load-the-dasync-engine-into-sslt.patch
Patch36: Backport-CVE-2024-4741-Further-extend-the-SSL_free_buffers-testing.patch
Patch37: Backport-bn-Properly-error-out-if-aliasing-return-value-with-.patch
Patch38: Backport-CVE-2024-5535-Fix-SSL_select_next_proto.patch
Patch39: Backport-CVE-2024-5535-Add-a-test-for-ALPN-and-NPN.patch
BuildRequires: gcc gcc-c++ perl make lksctp-tools-devel coreutils util-linux zlib-devel
Requires: coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
%description
OpenSSL is a robust, commercial-grade, and full-featured toolkit for the
Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.
%package libs
Summary: A general purpose cryptography library with TLS implementation
Group: System Environment/Libraries
Requires: ca-certificates >= 2008-5
Requires: crypto-policies >= 20180730
Recommends: openssl-pkcs11%{?_isa}
%description libs
The openssl-libs package contains the libraries that are used
by various applications which support cryptographic algorithms
and protocols.
%package perl
Summary: Perl scripts provided with OpenSSL
Requires: perl-interpreter
Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
%description perl
OpenSSL is a toolkit for supporting cryptography. The openssl-perl
package provides Perl scripts for converting certificates and keys
from other formats to the formats used by the OpenSSL toolkit.
%package devel
Summary: Development files for openssl
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
Requires: pkgconfig
%description devel
%{summary}.
%package help
Summary: Documents for %{name}
Buildarch: noarch
Requires: man info
%description help
Man pages and other related documents for %{name}.
%prep
%autosetup -n %{name}-%{version} -p1
%build
sslarch=%{_os}-%{_target_cpu}
%ifarch i686
sslarch=linux-elf
%endif
%ifarch riscv64 loongarch64
sslarch=%{_os}64-%{_target_cpu}
sslflags="--libdir=%{_libdir}"
%endif
%ifarch x86_64 aarch64
sslflags=enable-ec_nistp_64_gcc_128
%endif
RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -Wa,--generate-missing-build-notes=yes -DPURIFY $RPM_LD_FLAGS"
./Configure \
--prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
zlib enable-camellia enable-seed enable-rfc3779 \
enable-cms enable-md2 enable-rc5 ${ktlsopt} enable-fips\
no-mdc2 no-ec2m enable-sm2 enable-sm4 enable-buildtest-c++\
shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\""' \
-Wl,--allow-multiple-definition
%make_build all
%install
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
# Install OpenSSL.
install -d $RPM_BUILD_ROOT{%{_bindir},%{_includedir},%{_libdir},%{_mandir},%{_libdir}/openssl,%{_pkgdocdir}}
%make_install
# rename so name with actual version
rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT%{_libdir}/*.so.%{soversion}
# create symbolic link
for lib in $RPM_BUILD_ROOT%{_libdir}/*.so.%{version} ; do
ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`
ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`.%{soversion}
done
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs
install -m644 %{SOURCE1} $RPM_BUILD_ROOT%{_pkgdocdir}/Makefile.certificate
mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc/*.pl $RPM_BUILD_ROOT%{_bindir}
mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc/tsget $RPM_BUILD_ROOT%{_bindir}
mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/{certs,crl,newcerts,private}
chmod 700 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/private
touch -r %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/{openssl.cnf,ct_log_list.cnf}
# rename man pages avoid conflicting with other man pages in system
%define manpostfix _openssl
pushd $RPM_BUILD_ROOT%{_mandir}
ln -s -f config.5 man5/openssl.cnf.5
for manpage in man*/* ; do
if [ -L ${manpage} ]; then
targetfile=`ls -l ${manpage} | awk '{print $NF}'`
ln -sf ${targetfile}%{manpostfix} ${manpage}%{manpostfix}
rm -f ${manpage}
else
mv ${manpage} ${manpage}%{manpostfix}
fi
done
popd
# Next step of gradual disablement of ssl3.
# Make SSL3 disappear to newly built dependencies.
sed -i '/^\#ifndef OPENSSL_NO_SSL_TRACE/i\
#ifndef OPENSSL_NO_SSL3\
# define OPENSSL_NO_SSL3\
#endif' $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h
basearch=%{_arch}
%ifarch %{ix86}
basearch=i386
%endif
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/*.dist
%check
LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
export LD_LIBRARY_PATH
OPENSSL_ENABLE_MD5_VERIFY=
export OPENSSL_ENABLE_MD5_VERIFY
OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file
export OPENSSL_SYSTEM_CIPHERS_OVERRIDE
make test || :
%post libs -p /sbin/ldconfig
%postun libs -p /sbin/ldconfig
%files
%license LICENSE.txt
%doc NEWS.md README.md
%{_bindir}/openssl
%{_pkgdocdir}/Makefile.certificate
%files libs
%license LICENSE.txt
%dir %{_sysconfdir}/pki/tls
%dir %{_sysconfdir}/pki/tls/certs
%dir %{_sysconfdir}/pki/tls/misc
%dir %{_sysconfdir}/pki/tls/private
%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
%config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf
%config(noreplace) %{_sysconfdir}/pki/tls/fipsmodule.cnf
%attr(0755,root,root) %{_libdir}/libcrypto.so.%{version}
%{_libdir}/libcrypto.so.%{soversion}
%attr(0755,root,root) %{_libdir}/libssl.so.%{version}
%{_libdir}/libssl.so.%{soversion}
%attr(0755,root,root) %{_libdir}/engines-%{soversion}
%attr(0755,root,root) %{_libdir}/ossl-modules
%files devel
%doc CHANGES.md doc/dir-locals.example.el doc/openssl-c-indent.el
%{_prefix}/include/openssl
%{_libdir}/*.so
%{_libdir}/*.a
%{_mandir}/man3/*
%{_libdir}/pkgconfig/*.pc
%files help
%defattr(-,root,root)
%{_mandir}/man1/*
%{_mandir}/man5/*
%{_mandir}/man7/*
%exclude %{_mandir}/man1/*.pl*
%exclude %{_mandir}/man1/tsget*
%files perl
%{_bindir}/c_rehash
%{_bindir}/*.pl
%{_bindir}/tsget
%{_mandir}/man1/*.pl*
%{_mandir}/man1/tsget*
%dir %{_sysconfdir}/pki/CA
%dir %{_sysconfdir}/pki/CA/private
%dir %{_sysconfdir}/pki/CA/certs
%dir %{_sysconfdir}/pki/CA/crl
%dir %{_sysconfdir}/pki/CA/newcerts
%ldconfig_scriptlets libs
%changelog
* Fri Jun 28 2024 yinyongkang <yinyongkang@kylinos.cn> - 1:3.0.12-8
- fix CVE-2024-5535
* Mon Jun 24 2024 steven <steven_ygui@163.com> - 1:3.0.12-7
- backport patch
* Mon Jun 3 2024 wangcheng <wangcheng156@huawei.com> - 1:3.0.12-6
- fix CVE-2024-4741
* Fri May 17 2024 cenhuilin <cenhuilin@kylinos.cn> - 1:3.0.12-5
- fix CVE-2024-4603
* Sun Apr 28 2024 wangcheng <wangcheng156@huawei.com> - 1:3.0.12-4
- fix CVE-2024-2511
* Wed Mar 6 2024 Wenlong Zhang <zhangwenlong@loongson.cn> - 1:3.0.12-3
- Fix build error for loongarch64
* Thu Jan 18 2024 Xu Yizhou <xuyizhou1@huawei.com> - 1:3.0.12-2
- Fix SM4-XTS aarch64 assembly implementation bug
* Thu Jan 04 2024 wangcheng <wangcheng156@huawei.com> - 1:3.0.12-1
- Upgrade to 3.0.12
Resolves: CVE-2023-0464
Resolves: CVE-2023-0465
Resolves: CVE-2023-0466
Resolves: CVE-2023-1255
Resolves: CVE-2023-2650
Resolves: CVE-2023-5363
Resolves: CVE-2023-6237
Resolves: CVE-2023-6129
Resolves: CVE-2023-5678
Resolves: CVE-2024-0727
* Fri Sep 22 2023 dongyuzhen <dongyuzhen@h-partners.com> - 1:3.0.9-5
- Backport some upstream patches
* Wed Sep 13 2023 luhuaxin <luhuaxin1@huawei.com> - 1:3.0.9-4
- Support decode SM2 parameters
* Wed Sep 13 2023 luhuaxin <luhuaxin1@huawei.com> - 1:3.0.9-3
- Support SM2 CMS signature and use SM2 default id
* Tue Aug 08 2023 zhujianwei <zhujianwei7@huawei.com> - 1:3.0.9-2
- fix CVE-2023-2975 CVE-2023-3446 CVE-2023-3816
* Sat Jul 22 2023 wangcheng <wangcheng156@huawei.com> - 1:3.0.9-1
- upgrade to 3.0.9
* Mon Jun 12 2023 steven <steven_ygui@163.com> - 1:3.0.8-7
- fix CVE-2023-2650
* Wed Apr 26 2023 zcwei <u201911736@hust.edu.cn> - 1:3.0.8-6
- fix CVE-2023-1255
* Tue Apr 4 2023 wangcheng <wangcheng156@huawei.com> - 1:3.0.8-5
- fix some CVEs
* Mon Mar 27 2023 xuraoqing <xuraoqing@huawei.com> - 1:3.0.8-4
- fix CVE-2023-0464 and add test cases
* Fri Mar 17 2023 wangjunqiang <wangjunqiang@iscas.ac.cn> - 1:3.0.8-3
- fix sslarch and libdir for riscv64
* Thu Mar 16 2023 Xu Yizhou <xuyizhou1@huawei.com> - 1:3.0.8-2
- backport SM4 GCM/CCM/XTS implementation
- backport SM3/SM4 optimization
* Tue Feb 7 2023 wangcheng <wangcheng156@huawei.com> - 1:3.0.8-1
- upgrade to 3.0.8 for fixing CVEs
* Tue Feb 7 2023 wangcheng <wangcheng156@huawei.com> - 1:3.0.7-2
- disable sctp in openssl building
* Thu Jan 19 2023 wangcheng <wangcheng156@huawei.com> - 1:3.0.7-1
- Package init
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。