openssl-0.9.8j
by Farkas Levente
hi,
i update the openssl package to the latest rawhide plus my previous
patches. the full hg diff is too large so i collect the changes:
- add all new patch files from openssl-0.9.8j-6.fc11.src.rpm
- mingw32-openssl-0.9.8g-shared.patch updated to
mingw32-openssl-0.9.8j-shared.patch (attached)
- remove these patches since no longer needed:
openssl-0.9.7-beta5-version-add-engines.patch
openssl-0.9.7f-ca-dir.patch
openssl-0.9.8a-enginesdir.patch
openssl-0.9.8g-bn-mul-bug.patch
openssl-0.9.8g-cve-2008-0891.patch
openssl-0.9.8g-cve-2008-1671.patch
openssl-0.9.8g-redhat.patch
openssl-0.9.8g-shlib-version.patch
openssl-0.9.8g-soversion.patch
openssl-0.9.8g-speed-bug.patch
and my spec file patch which is attached where i try to merge with
native spec file. a few comments about it:
- rename with_tests to run_tests (since it's called in that way in
ptheads package),
- update the patch sections,
- remove the gcc hack and replace Configure scripts with our macros,
- enable pthread tests too
- add files under pki/
- add license
--
Levente "Si vis pacem para bellum!"
diff -r 8bd4182dafe0 openssl/mingw32-openssl.spec
--- a/openssl/mingw32-openssl.spec Wed Jan 28 19:29:56 2009 +0000
+++ b/openssl/mingw32-openssl.spec Fri Jan 30 13:37:21 2009 +0100
@@ -4,14 +4,29 @@
%define __find_requires %{_mingw32_findrequires}
%define __find_provides %{_mingw32_findprovides}
+# For the curious:
+# 0.9.5a soversion = 0
+# 0.9.6 soversion = 1
+# 0.9.6a soversion = 2
+# 0.9.6c soversion = 3
+# 0.9.7a soversion = 4
+# 0.9.7ef soversion = 5
+# 0.9.8ab soversion = 6
+# 0.9.8g soversion = 7
+# 0.9.8j + EAP-FAST soversion = 8
+%define soversion 8
+
# Enable the tests.
# These only work some of the time, but fail randomly at other times
# (although I have had them complete a few times, so I don't think
# there is any actual problem with the binaries).
-%define with_tests 0
+%define run_tests 0
+
+# Number of threads to spawn when testing some threading fixes.
+%define thread_test_threads %{?threads:%{threads}}%{!?threads:1}
Name: mingw32-openssl
-Version: 0.9.8g
+Version: 0.9.8j
Release: 1%{?dist}
Summary: MinGW port of the OpenSSL toolkit
@@ -30,34 +45,44 @@ Source10: opensslconf-new-warning.
Source10: opensslconf-new-warning.h
# Patches from Fedora native package.
-Patch0: openssl-0.9.8g-redhat.patch
+# Build changes
+Patch0: openssl-0.9.8j-redhat.patch
Patch1: openssl-0.9.8a-defaults.patch
Patch2: openssl-0.9.8a-link-krb5.patch
-Patch3: openssl-0.9.8g-soversion.patch
-Patch4: openssl-0.9.8a-enginesdir.patch
+Patch3: openssl-0.9.8j-soversion.patch
+Patch4: openssl-0.9.8j-enginesdir.patch
Patch5: openssl-0.9.8a-no-rpath.patch
Patch6: openssl-0.9.8b-test-use-localhost.patch
-Patch7: openssl-0.9.8g-shlib-version.patch
+Patch7: openssl-0.9.8j-shlib-version.patch
+# Bug fixes
Patch21: openssl-0.9.8b-aliasing-bug.patch
Patch22: openssl-0.9.8b-x509-name-cmp.patch
Patch23: openssl-0.9.8g-default-paths.patch
Patch24: openssl-0.9.8g-no-extssl.patch
+# Functionality changes
Patch32: openssl-0.9.8g-ia64.patch
-Patch33: openssl-0.9.7f-ca-dir.patch
+Patch33: openssl-0.9.8j-ca-dir.patch
Patch34: openssl-0.9.6-x509.patch
-Patch35: openssl-0.9.7-beta5-version-add-engines.patch
+Patch35: openssl-0.9.8j-version-add-engines.patch
Patch38: openssl-0.9.8a-reuse-cipher-change.patch
# Disabled this because it uses getaddrinfo which is lacking on Windows.
#Patch39: openssl-0.9.8g-ipv6-apps.patch
-Patch50: openssl-0.9.8g-speed-bug.patch
-Patch51: openssl-0.9.8g-bn-mul-bug.patch
-Patch52: openssl-0.9.8g-cve-2008-0891.patch
-Patch53: openssl-0.9.8g-cve-2008-1671.patch
+Patch40: openssl-0.9.8j-nocanister.patch
+Patch41: openssl-0.9.8j-use-fipscheck.patch
+Patch42: openssl-0.9.8j-fipscheck-hmac.patch
+Patch43: openssl-0.9.8j-evp-nonfips.patch
+Patch44: openssl-0.9.8j-kernel-fipsmode.patch
+Patch45: openssl-0.9.8j-env-nozlib.patch
+Patch46: openssl-0.9.8j-eap-fast.patch
+Patch47: openssl-0.9.8j-readme-warning.patch
+Patch48: openssl-0.9.8j-bad-mime.patch
+Patch49: openssl-0.9.8j-fips-no-pairwise.patch
+# Backported fixes including security fixes
# MinGW-specific patches.
Patch100: mingw32-openssl-0.9.8g-header-files.patch
Patch101: mingw32-openssl-0.9.8g-configure.patch
-Patch102: mingw32-openssl-0.9.8g-shared.patch
+Patch102: mingw32-openssl-0.9.8j-shared.patch
Patch103: mingw32-openssl-0.9.8g-global.patch
Patch104: mingw32-openssl-0.9.8g-sfx.patch
@@ -65,11 +90,12 @@ BuildRoot: %{_tmppath}/%{name}-%{ve
BuildArch: noarch
-BuildRequires: mingw32-filesystem >= 26
+BuildRequires: mingw32-filesystem >= 40
BuildRequires: mingw32-gcc
BuildRequires: mingw32-binutils
BuildRequires: mingw32-zlib
+BuildRequires: mingw32-pthreads
BuildRequires: mktemp
#BuildRequires: krb5-devel
@@ -82,12 +108,12 @@ BuildRequires: /usr/bin/rename
# /usr/bin/makedepend which comes from imake.
BuildRequires: imake
+%if %{run_tests}
# Required both to build, and to run the tests.
# XXX This needs to be fixed - cross-compilation should not
# require running executables.
BuildRequires: wine
-%if %{with_tests}
# Required to run the tests.
BuildRequires: xorg-x11-server-Xvfb
%endif
@@ -130,10 +156,16 @@ This package contains Windows (MinGW) li
%patch35 -p1 -b .version-add-engines
%patch38 -p1 -b .cipher-change
#%patch39 -p1 -b .ipv6-apps
-%patch50 -p1 -b .speed-bug
-%patch51 -p1 -b .bn-mul-bug
-%patch52 -p0 -b .srvname-crash
-%patch53 -p0 -b .srv-kex-crash
+%patch40 -p1 -b .nocanister
+%patch41 -p1 -b .use-fipscheck
+%patch42 -p1 -b .fipscheck-hmac
+%patch43 -p1 -b .evp-nonfips
+%patch44 -p1 -b .fipsmode
+%patch45 -p1 -b .env-nozlib
+%patch46 -p1 -b .eap-fast
+%patch47 -p1 -b .warning
+%patch48 -p1 -b .bad-mime
+%patch49 -p1 -b .no-pairwise
%patch100 -p1 -b .mingw-header-files
%patch101 -p1 -b .mingw-configure
@@ -148,17 +180,11 @@ touch Makefile
touch Makefile
make TABLE PERL=%{__perl}
-
%build
-
-cat > gcc <<EOS
-#!/bin/sh -
-%{_bindir}/i686-pc-mingw32-gcc -m32 "$@"
-EOS
-export PATH=.:$PATH
-
# NB: 'no-hw' is vital. MinGW cannot build the hardware drivers
# and if you don't have this you'll get an obscure link error.
+%{_mingw32_env}; \
+sed -i -e "s/MINGW32_CC/%{_mingw32_cc}/" -e "s/MINGW32_CFLAGS/%{_mingw32_cflags}/" -e "s/MINGW32_RANLIB/%{_mingw32_ranlib}/" Configure; \
./Configure \
--prefix=%{_mingw32_prefix} \
--openssldir=%{_mingw32_sysconfdir}/pki/tls \
@@ -168,11 +194,13 @@ export PATH=.:$PATH
mingw
# --with-krb5-flavor=MIT
# -I%{_mingw32_prefix}/kerberos/include -L%{_mingw32_prefix}/kerberos/%{_lib}
-make depend
-make all build-shared
-make rehash build-shared
-
-%if %{with_tests}
+%{_mingw32_make} depend
+%{_mingw32_make} all build-shared
+
+# Generate hashes for the included certs.
+%{_mingw32_make} rehash build-shared
+
+%if %{run_tests}
#----------------------------------------------------------------------
# Run some tests. I don't know why this isn't in a %-check section
# but this is how it is in the native RPM.
@@ -204,27 +232,36 @@ DISPLAY=$display
DISPLAY=$display
export DISPLAY
-make LDCMD=%{_mingw32_cc} -C test apps tests
+%{_mingw32_make} LDCMD=%{_mingw32_cc} -C test apps tests
# Disable this thread test, because we don't have pthread on Windows.
-#%-{_mingw32_cc} -o openssl-thread-test \
-# -I./include \
-# %-{_mingw32_cflags} \
-# %-{SOURCE8} \
-# -L. \
-# -lssl -lcrypto \
-# -lpthread -lz -ldl
-#
+%{_mingw32_cc} -o openssl-thread-test \
+ -I./include \
+ %-{_mingw32_cflags} \
+ %-{SOURCE8} \
+ -L. \
+ -lssl -lcrypto \
+ -lpthread -lz -ldl
+
## `krb5-config --cflags`
## `krb5-config --libs`
#
-#./openssl-thread-test --threads %{thread_test_threads}
+./openssl-thread-test --threads %{thread_test_threads}
#----------------------------------------------------------------------
%endif
# Patch33 must be patched after tests otherwise they will fail
patch -p1 -b -z .ca-dir < %{PATCH33}
+
+# Add generation of HMAC checksum of the final stripped library
+#%define __spec_install_post \
+# %{?__debug_package:%{__debug_install_post}} \
+# %{__arch_install_post} \
+# %{__os_install_post} \
+# fips/fips_standalone_sha1 $RPM_BUILD_ROOT/%{_lib}/libcrypto.so.%{version} >$RPM_BUILD_ROOT/%{_lib}/.libcrypto.so.%{version}.hmac \
+# ln -sf .libcrypto.so.%{version}.hmac $RPM_BUILD_ROOT/%{_lib}/.libcrypto.so.%{soversion}.hmac \
+#%{nil}
if ! iconv -f UTF-8 -t ASCII//TRANSLIT CHANGES >/dev/null 2>&1 ; then
iconv -f ISO-8859-1 -t UTF-8 -o CHANGES.utf8 CHANGES && \
@@ -242,8 +279,8 @@ make INSTALL_PREFIX=$RPM_BUILD_ROOT inst
make INSTALL_PREFIX=$RPM_BUILD_ROOT install build-shared
# Install the actual DLLs.
-install libcrypto-7.dll $RPM_BUILD_ROOT%{_mingw32_bindir}
-install libssl-7.dll $RPM_BUILD_ROOT%{_mingw32_bindir}
+install libcrypto-%{soversion}.dll $RPM_BUILD_ROOT%{_mingw32_bindir}
+install libssl-%{soversion}.dll $RPM_BUILD_ROOT%{_mingw32_bindir}
# Remove static libraries but DON'T remove *.dll.a files.
rm $RPM_BUILD_ROOT%{_mingw32_libdir}/libcrypto.a
@@ -257,6 +294,19 @@ chmod 0755 $RPM_BUILD_ROOT%{_mingw32_lib
chmod 0755 $RPM_BUILD_ROOT%{_mingw32_libdir}/libcrypto.dll.a
chmod 0755 $RPM_BUILD_ROOT%{_mingw32_libdir}/libssl.dll.a
+# Install a makefile for generating keys and self-signed certs, and a script
+# for generating them on the fly.
+mkdir -p $RPM_BUILD_ROOT%{_mingw32_sysconfdir}/pki/tls/certs
+install -m644 %{SOURCE2} $RPM_BUILD_ROOT%{_mingw32_sysconfdir}/pki/tls/certs/Makefile
+install -m755 %{SOURCE6} $RPM_BUILD_ROOT%{_mingw32_sysconfdir}/pki/tls/certs/make-dummy-cert
+
+# Pick a CA script.
+pushd $RPM_BUILD_ROOT%{_mingw32_sysconfdir}/pki/tls/misc
+mv CA.sh CA
+popd
+
+mkdir -m700 $RPM_BUILD_ROOT%{_mingw32_sysconfdir}/pki/CA
+mkdir -m700 $RPM_BUILD_ROOT%{_mingw32_sysconfdir}/pki/CA/private
%clean
rm -rf $RPM_BUILD_ROOT
@@ -264,10 +314,12 @@ rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root)
+%doc LICENSE
%{_mingw32_bindir}/openssl.exe
%{_mingw32_bindir}/c_rehash
-%{_mingw32_bindir}/libcrypto-7.dll
-%{_mingw32_bindir}/libssl-7.dll
+%{_mingw32_bindir}/libcrypto-%{soversion}.dll
+%{_mingw32_bindir}/libssl-%{soversion}.dll
+#{_mingw32_bindir}/.libcrypto*.hmac
%{_mingw32_libdir}/libcrypto.dll.a
%{_mingw32_libdir}/libssl.dll.a
%{_mingw32_libdir}/engines
@@ -277,5 +329,11 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Wed Jan 28 2009 Levente Farkas <lfarkas(a)lfarkas.org> - 0.9.8j-1
+- update to new upstream version.
+
+* Mon Dec 29 2008 Levente Farkas <lfarkas(a)lfarkas.org> - 0.9.8g-2
+- minor cleanup.
+
* Tue Sep 30 2008 Richard W.M. Jones <rjones(a)redhat.com> - 0.9.8g-1
- Initial RPM release.
--- ./Makefile.shared.lfarkas 2009-01-28 16:39:05.000000000 +0100
+++ ./Makefile.shared 2009-01-28 16:41:51.000000000 +0100
@@ -238,7 +238,7 @@
SHLIB=cyg$(LIBNAME); \
base=-Wl,--enable-auto-image-base; \
if expr $(PLATFORM) : 'mingw' > /dev/null; then \
- SHLIB=$(LIBNAME)eay32; base=; \
+ SHLIB=lib$(LIBNAME); base=; \
fi; \
SHLIB_SUFFIX=.dll; \
LIBVERSION="$(LIBVERSION)"; \
@@ -253,7 +253,7 @@
SHLIB=cyg$(LIBNAME); \
base=-Wl,--enable-auto-image-base; \
if expr $(PLATFORM) : 'mingw' > /dev/null; then \
- SHLIB=$(LIBNAME)eay32; \
+ SHLIB=lib$(LIBNAME); \
base=; [ $(LIBNAME) = "crypto" ] && base=-Wl,--image-base,0x63000000; \
fi; \
SHLIB_SUFFIX=.dll; \
15 years, 2 months
Win64 packages
by Richard W.M. Jones
There are some non-working/partially-working Win64 packages in the
repository now:
http://hg.et.redhat.com/cgi-bin/hg-misc.cgi/fedora-mingw--devel/
You need to build them yourselves, in the following order:
mingw64-filesystem
mingw64-binutils
mingw64-headers
mingw64-gcc-bootstrap (in mingw64-gcc/ subdir)
mingw64-runtime
mingw64-gcc
The final step (mingw64-gcc) fails at the moment building libgcc:
/usr/x86_64-pc-mingw32/bin/ld: dllcrt2.o: No such file: No such file or directory
(This file exists, but mingw64-gcc doesn't look for it on the right
path, for some reason).
Note that the directory layout for mingw64 is somewhat different from
mingw32. I arrived at what I think is the right structure after
extensive discussions and help from members of the mingw-w64 project.
/usr/x86_64-pc-mingw32/sys-root/ (prefix & sysroot)
share
x86_64-pc-mingw32
mingw -> x86_64-pc-mingw32
/usr/x86_64-pc-mingw32/sys-root/x86_64-pc-mingw32 (exec_prefix)
bin (bindir)
include (includedir)
include64 -> include
lib (libdir)
Rich.
--
Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones
Read my OCaml programming blog: http://camltastic.blogspot.com/
Fedora now supports 68 OCaml packages (the OPEN alternative to F#)
http://cocan.org/getting_started_with_ocaml_on_red_hat_and_fedora
15 years, 2 months
Differences with mingw.org cross-toolchain
by Erik Leunissen
L.S.
For several years, I've been using a linux hosted cross MinGW toolchain,
as described by:
http://www.mingw.org/wiki/LinuxCrossMinGW
from where I also retrieved the sources and build script.
I only recently discovered the fedora-mingw project and would like to
know how the cross-toolchains from both projects differ. Are there any
reasons to favor one above the other?
Thanks in advance for your information,
Erik Leunissen.
15 years, 2 months
anybody can help in this?
by Farkas Levente
hi,
i try to test my new mingw32-nsis-2.42-1 and it's always fail on x86_64.
here is a build log for f-10:
http://koji.fedoraproject.org/koji/getfile?taskID=1124228&name=root.log
but i do not understand it. it's execute:
-------------------------------
/usr/bin/yum --installroot
/var/lib/mock/dist-f10-build-348185-64678/root/ resolvedep
'mingw32-gcc-c++' 'mingw32-gcc' 'python' '/usr/lib/libwx_baseu-2.8.so'
'mingw32-binutils' 'scons' '/usr/include/gnu/stubs-32.h'
'mingw32-filesystem >= 40'
-------------------------------
and gives: "No Package Found for /usr/lib/libwx_baseu-2.8.so"
but if on my f10.x86_64 i run :
-------------------------------
# yum resolvedep /usr/lib/libwx_baseu-2.8.so
Loaded plugins: downloadonly, priorities, refresh-packagekit
Excluding Packages in global exclude list
Finished
246 packages excluded due to repository priority protections
Importing additional filelist information
0:wxGTK-devel-2.8.9-1.fc10.i386
-------------------------------
so why mock can't find wxGTK-devel.i386?
is it a mock or koji bug? or?
--
Levente "Si vis pacem para bellum!"
15 years, 2 months
pthreads
by Farkas Levente
hi,
as the latest pthreads release is 2006-12-22 and the cvs is much newer
(eg support win64) wouldn't it be useful to update to the latest cvs
(which is 2008-06-06)?
--
Levente "Si vis pacem para bellum!"
15 years, 2 months
Win64 compiler now working
by Richard W.M. Jones
... apparently. It turns a simple hello-world test program into an
executable at least.
Wine cannot run x64_64 executables, and I don't happen to have a 64
bit version of Windows installed at present.
Attached is the output of 'x86_64-pc-mingw32-objdump -p' and
'x86_64-pc-mingw32-objdump -d' on the executable, so you can see that
it does look like a viable, 64 bit Windows program.
Rich.
--
Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine. Supports Linux and Windows.
http://et.redhat.com/~rjones/virt-df/
15 years, 2 months
Discuss: Base packages for Win32 / Win64 / OS X cross-compilation
by Richard W.M. Jones
This diagram shows what packages we could end up with if we go for
full Win32, Win64 and OS X (ppc/i386) cross-compilation:
------------------------------------------------------------------------
mingw32- mingw64- darwinx-
------------------------------------------------------------------------
filesystem filesystem filesystem
binutils binutils odcctools
(from mingw) (from upstream) (from Apple)
gcc gcc gcc
(from upstream) (from upstream) (from Apple)
w32api headers headers
(from mingw) (from mw64) (from Apple)
runtime runtime -
(from mingw) (from mw64)
------------------------------------------------------------------------
where "mingw" = mingw.org, "mw64" = mingw-w64.
Of these, what might be combined?
(1) mingw32-filesystem / mingw64-filesystem / darwinx-filesystem.
These could be combined, but there seems to be very little reason to
do so. There wouldn't be very much shared in common by these three
packages.
(2) mingw32-gcc / mingw64-gcc
The Source for both of these would be the same, and there is some
value in building from the same source and not allowing the compiler
versions to get out of step.
>From here, I cannot see any other packages out of the above which are
good candidates to be combined. All the other packages come from
different sources.
- - -
For libraries the situation is a bit different. Taking zlib as the
canonical example:
------------------------------------------------------------------------
mingw32- mingw64- darwinx-
------------------------------------------------------------------------
zlib zlib zlib
Either zlib compiles on all 3 platforms, in which case simply from
a management perspective it makes sense to have a single source
RPM generating all 3 packages. Or zlib doesn't compile / is missing
from some platform, eg:
------------------------------------------------------------------------
mingw32- mingw64- darwinx-
------------------------------------------------------------------------
zlib zlib x
in which case it still seems to make sense to build from a single
source RPM. The only time I could see it making sense to build from
different SRPMS would be if either (a) different people needed to
manage the ports, or (b) for some reason we had to use a different
upstream on one of the platforms.
So ... I think this leads to the conclusion that we need the extra
base packages shown in the diagram at top. But for libraries, we
should stay with single source RPM and try to build on all three
platforms.
For development tools it's likely we'll need to deal with things on a
case-by-case basis -- eg. nsis is only applicable on mingw32, and you
would need something completely different to make darwinx installers.
Please follow up if you disagree (or agree ...)
Rich.
--
Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones
Read my OCaml programming blog: http://camltastic.blogspot.com/
Fedora now supports 68 OCaml packages (the OPEN alternative to F#)
http://cocan.org/getting_started_with_ocaml_on_red_hat_and_fedora
15 years, 2 months
Re: About MinGW Cross Compiler Project
by Keiichi Takahashi
Hello Rich,
Thank you for paying attention to the project site I maintain. Yes, I am
going to submit some of the packages to Fedora in this weekend.
BTW, I've already joined the mailing list of fedora-mingw. When I have
questions or need helps, I will post it to the mailing list first. Thanks.
Best Wishes,
Keiichi
> Hi Keiichi,
>
> I found your site:
>
> http://mingw-cross.sourceforge.net/
>
> Would you like to submit some of your packages for inclusion in
> Fedora? The advantages are that we can collaborate together on the
> libraries, particularly on upgrades, security, and new features like
> Win64 and OS X cross-compilation.
>
> Libraries (eg. FFTW, FOX, ...) and development tools (eg. wbc) are all
> permitted to go into Fedora. End-user applications are not permitted.
>
> The general process for contributing is here:
>
> http://fedoraproject.org/wiki/PackageMaintainers/Join
>
> If you have any questions or need any help, don't hesitate to ask me
> or on the Fedora MinGW mailing list:
>
> https://admin.fedoraproject.org/mailman/listinfo/fedora-mingw
>
> Rich.
>
>
15 years, 2 months
