Sign in Sign up
Explore Enterprise Education Gitee Premium Gitee AI
Scan WeChat QR to Pay
Cancel
Complete
Watch
Unwatch Watching Releases Only Ignoring
1 Star 0 Fork 96

jinlun/openssl_1

forked from src-openEuler/openssl 
Code Issues 0 Pull Requests 0 Wiki Insights Pipelines
Service
Create your Gitee Account
Explore and code with more than 12 million developers,Free private repositories !:)
Sign up
This repository doesn't specify license. Please pay attention to the specific project description and its upstream code dependency when using it.
The license selected for the repository is subject to the license used by the main branch of the repository.
Clone or Download
openssl.spec 10.56 KB
Copy Edit Raw Blame History
hzero1996 authored 2024-06-03 16:10 . fix CVE-2024-4741
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317
%define soversion 3

Name:        openssl

Epoch:       1

Version:     3.0.12

Release:     6

Summary:     Cryptography and SSL/TLS Toolkit

License:     OpenSSL and SSLeay

URL:         https://www.openssl.org/

Source0:     https://www.openssl.org/source/%{name}-%{version}.tar.gz

Source1:     Makefile.certificate



Patch1:      openssl-3.0-build.patch

Patch2:      Backport-aarch64-support-BTI-and-pointer-authentication-in-as.patch

Patch3:      Backport-SM3-acceleration-with-SM3-hardware-instruction-on-aa.patch

Patch4:      Backport-Fix-sm3ss1-translation-issue-in-sm3-armv8.pl.patch

Patch5:      Backport-providers-Add-SM4-GCM-implementation.patch

Patch6:      Backport-SM4-optimization-for-ARM-by-HW-instruction.patch

Patch7:      Backport-Further-acceleration-for-SM4-GCM-on-ARM.patch

Patch8:      Backport-SM4-optimization-for-ARM-by-ASIMD.patch

Patch9:      Backport-providers-Add-SM4-XTS-implementation.patch

Patch10:     Backport-Fix-SM4-CBC-regression-on-Armv8.patch

Patch11:     Backport-Fix-SM4-test-failures-on-big-endian-ARM-processors.patch

Patch12:     Backport-Apply-SM4-optimization-patch-to-Kunpeng-920.patch

Patch13:     Backport-SM4-AESE-optimization-for-ARMv8.patch

Patch14:     Backport-Fix-SM4-XTS-build-failure-on-Mac-mini-M1.patch

Patch15:     Backport-support-decode-SM2-parameters.patch

Patch16:     Feature-support-SM2-CMS-signature.patch

Patch17:     Feature-use-default-id-if-SM2-id-is-not-set.patch

Patch18:     Backport-Make-DH_check_pub_key-and-DH_generate_key-safer-yet.patch

Patch19:     Backport-poly1305-ppc.pl-Fix-vector-register-clobbering.patch

Patch20:     Backport-Limit-the-execution-time-of-RSA-public-key-check.patch

Patch21:     Backport-Add-NULL-checks-where-ContentInfo-data-can-be-NULL.patch

Patch22:     Backport-Fix-SM4-XTS-aarch64-assembly-implementation-bug.patch

Patch23:     fix-add-loongarch64-target.patch

Patch24:     backport-CVE-2024-2511-Fix-unconstrained-session-cache-growth-in-TLSv1.3.patch

Patch25:     backport-Add-a-test-for-session-cache-handling.patch

Patch26:     backport-Extend-the-multi_resume-test-for-simultaneous-resump.patch

Patch27:     backport-Hardening-around-not_resumable-sessions.patch

Patch28:     backport-Add-a-test-for-session-cache-overflow.patch

Patch29:     backport-CVE-2024-4603-Check-DSA-parameters-for-exce.patch

Patch30:     Backport-CVE-2024-4741-Only-free-the-read-buffers-if-we-re-not-using-them.patch

Patch31:     Backport-CVE-2024-4741-Set-rlayer.packet-to-NULL-after-we-ve-finished-using.patch

Patch32:     Backport-CVE-2024-4741-Extend-the-SSL_free_buffers-testing.patch

Patch33:     Backport-CVE-2024-4741-Move-the-ability-to-load-the-dasync-engine-into-sslt.patch

Patch34:     Backport-CVE-2024-4741-Further-extend-the-SSL_free_buffers-testing.patch



BuildRequires: gcc gcc-c++ perl make lksctp-tools-devel coreutils util-linux zlib-devel

Requires:    coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}



%description

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the

Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.



%package libs

Summary:      A general purpose cryptography library with TLS implementation

Group:        System Environment/Libraries

Requires:     ca-certificates >= 2008-5

Requires:     crypto-policies >= 20180730

Recommends:   openssl-pkcs11%{?_isa}



%description libs

The openssl-libs package contains the libraries that are used

by various applications which support cryptographic algorithms

and protocols.



%package perl

Summary: Perl scripts provided with OpenSSL

Requires: perl-interpreter

Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}



%description perl

OpenSSL is a toolkit for supporting cryptography. The openssl-perl

package provides Perl scripts for converting certificates and keys

from other formats to the formats used by the OpenSSL toolkit.



%package devel

Summary:   Development files for openssl

Requires:  %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}

Requires: pkgconfig



%description devel

%{summary}.



%package        help

Summary:        Documents for %{name}

Buildarch:      noarch

Requires:       man info



%description help

Man pages and other related documents for %{name}.



%prep

%autosetup -n %{name}-%{version} -p1



%build



sslarch=%{_os}-%{_target_cpu}

%ifarch i686

sslarch=linux-elf

%endif

%ifarch riscv64 loongarch64

sslarch=%{_os}64-%{_target_cpu}

sslflags="--libdir=%{_libdir}"

%endif



%ifarch x86_64 aarch64

sslflags=enable-ec_nistp_64_gcc_128

%endif



RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -Wa,--generate-missing-build-notes=yes -DPURIFY $RPM_LD_FLAGS"

./Configure \

	--prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \

	zlib enable-camellia enable-seed enable-rfc3779 \

	enable-cms enable-md2 enable-rc5 ${ktlsopt} enable-fips\

	no-mdc2 no-ec2m enable-sm2 enable-sm4 enable-buildtest-c++\

	shared  ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\""' \

	-Wl,--allow-multiple-definition





%make_build all



%install

[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT

# Install OpenSSL.

install -d $RPM_BUILD_ROOT{%{_bindir},%{_includedir},%{_libdir},%{_mandir},%{_libdir}/openssl,%{_pkgdocdir}}



%make_install



# rename so name with actual version

rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT%{_libdir}/*.so.%{soversion}

# create symbolic link

for lib in $RPM_BUILD_ROOT%{_libdir}/*.so.%{version} ; do

     ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`

     ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`.%{soversion}

done



mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs

install -m644 %{SOURCE1} $RPM_BUILD_ROOT%{_pkgdocdir}/Makefile.certificate



mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc/*.pl $RPM_BUILD_ROOT%{_bindir}

mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc/tsget $RPM_BUILD_ROOT%{_bindir}





mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/{certs,crl,newcerts,private}

chmod 700 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/private



touch -r %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/{openssl.cnf,ct_log_list.cnf}





# rename man pages avoid conflicting with other man pages in system

%define manpostfix _openssl

pushd $RPM_BUILD_ROOT%{_mandir}

ln -s -f config.5 man5/openssl.cnf.5

for manpage in man*/* ; do

    if [ -L ${manpage} ]; then

        targetfile=`ls -l ${manpage} | awk '{print $NF}'`

        ln -sf ${targetfile}%{manpostfix} ${manpage}%{manpostfix}

        rm -f ${manpage}

    else

        mv ${manpage} ${manpage}%{manpostfix}

    fi

done

popd



# Next step of gradual disablement of ssl3.

# Make SSL3 disappear to newly built dependencies.

sed -i '/^\#ifndef OPENSSL_NO_SSL_TRACE/i\

#ifndef OPENSSL_NO_SSL3\

# define OPENSSL_NO_SSL3\

#endif' $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h



basearch=%{_arch}

%ifarch %{ix86}

basearch=i386

%endif



rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/*.dist



%check

LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}

export LD_LIBRARY_PATH

OPENSSL_ENABLE_MD5_VERIFY=

export OPENSSL_ENABLE_MD5_VERIFY

OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file

export OPENSSL_SYSTEM_CIPHERS_OVERRIDE

make test || :



%post libs -p /sbin/ldconfig



%postun libs -p /sbin/ldconfig



%files

%license LICENSE.txt

%doc NEWS.md README.md

%{_bindir}/openssl

%{_pkgdocdir}/Makefile.certificate



%files libs

%license LICENSE.txt

%dir %{_sysconfdir}/pki/tls

%dir %{_sysconfdir}/pki/tls/certs

%dir %{_sysconfdir}/pki/tls/misc

%dir %{_sysconfdir}/pki/tls/private

%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf

%config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf

%config(noreplace) %{_sysconfdir}/pki/tls/fipsmodule.cnf

%attr(0755,root,root) %{_libdir}/libcrypto.so.%{version}

%{_libdir}/libcrypto.so.%{soversion}

%attr(0755,root,root) %{_libdir}/libssl.so.%{version}

%{_libdir}/libssl.so.%{soversion}

%attr(0755,root,root) %{_libdir}/engines-%{soversion}

%attr(0755,root,root) %{_libdir}/ossl-modules



%files devel

%doc CHANGES.md doc/dir-locals.example.el doc/openssl-c-indent.el

%{_prefix}/include/openssl

%{_libdir}/*.so

%{_libdir}/*.a

%{_mandir}/man3/*

%{_libdir}/pkgconfig/*.pc





%files help

%defattr(-,root,root)

%{_mandir}/man1/*

%{_mandir}/man5/*

%{_mandir}/man7/*

%exclude %{_mandir}/man1/*.pl*

%exclude %{_mandir}/man1/tsget*



%files perl

%{_bindir}/c_rehash

%{_bindir}/*.pl

%{_bindir}/tsget

%{_mandir}/man1/*.pl*

%{_mandir}/man1/tsget*

%dir %{_sysconfdir}/pki/CA

%dir %{_sysconfdir}/pki/CA/private

%dir %{_sysconfdir}/pki/CA/certs

%dir %{_sysconfdir}/pki/CA/crl

%dir %{_sysconfdir}/pki/CA/newcerts



%ldconfig_scriptlets libs



%changelog

* Mon Jun 3 2024 wangcheng <wangcheng156@huawei.com> - 1:3.0.12-6

- fix CVE-2024-4741



* Fri May 17 2024 cenhuilin <cenhuilin@kylinos.cn> - 1:3.0.12-5

- fix CVE-2024-4603



* Sun Apr 28 2024 wangcheng <wangcheng156@huawei.com> - 1:3.0.12-4

- fix CVE-2024-2511



* Wed Mar  6 2024 Wenlong Zhang <zhangwenlong@loongson.cn> - 1:3.0.12-3

- Fix build error for loongarch64



* Thu Jan 18 2024 Xu Yizhou <xuyizhou1@huawei.com> - 1:3.0.12-2

- Fix SM4-XTS aarch64 assembly implementation bug



* Thu Jan 04 2024 wangcheng <wangcheng156@huawei.com> - 1:3.0.12-1

- Upgrade to 3.0.12

  Resolves: CVE-2023-0464

  Resolves: CVE-2023-0465

  Resolves: CVE-2023-0466

  Resolves: CVE-2023-1255

  Resolves: CVE-2023-2650

  Resolves: CVE-2023-5363

  Resolves: CVE-2023-6237

  Resolves: CVE-2023-6129

  Resolves: CVE-2023-5678

  Resolves: CVE-2024-0727



* Fri Sep 22 2023 dongyuzhen <dongyuzhen@h-partners.com> - 1:3.0.9-5

- Backport some upstream patches



* Wed Sep 13 2023 luhuaxin <luhuaxin1@huawei.com> - 1:3.0.9-4

- Support decode SM2 parameters



* Wed Sep 13 2023 luhuaxin <luhuaxin1@huawei.com> - 1:3.0.9-3

- Support SM2 CMS signature and use SM2 default id



* Tue Aug 08 2023 zhujianwei <zhujianwei7@huawei.com> - 1:3.0.9-2

- fix CVE-2023-2975 CVE-2023-3446 CVE-2023-3816



* Sat Jul 22 2023 wangcheng <wangcheng156@huawei.com> - 1:3.0.9-1

- upgrade to 3.0.9



* Mon Jun 12 2023 steven <steven_ygui@163.com> - 1:3.0.8-7

- fix CVE-2023-2650



* Wed Apr 26 2023 zcwei <u201911736@hust.edu.cn> - 1:3.0.8-6

- fix CVE-2023-1255



* Tue Apr 4 2023 wangcheng <wangcheng156@huawei.com> - 1:3.0.8-5

- fix some CVEs



* Mon Mar 27 2023 xuraoqing <xuraoqing@huawei.com> - 1:3.0.8-4

- fix CVE-2023-0464 and add test cases



* Fri Mar 17 2023 wangjunqiang <wangjunqiang@iscas.ac.cn> - 1:3.0.8-3

- fix sslarch and libdir for riscv64



* Thu Mar 16 2023 Xu Yizhou <xuyizhou1@huawei.com> - 1:3.0.8-2

- backport SM4 GCM/CCM/XTS implementation

- backport SM3/SM4 optimization



* Tue Feb 7 2023 wangcheng <wangcheng156@huawei.com> - 1:3.0.8-1

- upgrade to 3.0.8 for fixing CVEs



* Tue Feb 7 2023 wangcheng <wangcheng156@huawei.com> - 1:3.0.7-2

- disable sctp in openssl building



* Thu Jan 19 2023 wangcheng <wangcheng156@huawei.com> - 1:3.0.7-1

- Package init
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/jinlun123123/openssl_1.git
git@gitee.com:jinlun123123/openssl_1.git
jinlun123123
openssl_1
openssl_1
master
Going to Help Center

Search

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
Repository Report
Back to the top
D67c1975 1850385 1daf7b77 1850385