define OPENSSL_NO_SSL3 so the newly built dependencies do not

have access to SSL3 API calls anymore
This commit is contained in:
Tomas Mraz 2018-09-27 16:53:06 +02:00
parent 33bd389ea8
commit 8574fb5150

View File

@ -22,7 +22,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl Name: openssl
Version: 1.1.1 Version: 1.1.1
Release: 3%{?dist} Release: 4%{?dist}
Epoch: 1 Epoch: 1
# We have to remove certain patented algorithms from the openssl source # We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below. # tarball with the hobble-openssl script which is included below.
@ -373,6 +373,13 @@ basearch=sparc
basearch=sparc64 basearch=sparc64
%endif %endif
# Next step of gradual disablement of SSL3.
# Make SSL3 disappear to newly built dependencies.
sed -i '/^\#ifndef OPENSSL_NO_SSL_TRACE/i\
\#ifndef OPENSSL_NO_SSL3\
\# define OPENSSL_NO_SSL3\
\#endif\' $RPM_BUILD_ROOT/%{_prefix}/include/openssl/opensslconf.h
%ifarch %{multilib_arches} %ifarch %{multilib_arches}
# Do an opensslconf.h switcheroo to avoid file conflicts on systems where you # Do an opensslconf.h switcheroo to avoid file conflicts on systems where you
# can have both a 32- and 64-bit version of the library, and they each need # can have both a 32- and 64-bit version of the library, and they each need
@ -449,6 +456,10 @@ export LD_LIBRARY_PATH
%postun libs -p /sbin/ldconfig %postun libs -p /sbin/ldconfig
%changelog %changelog
* Thu Sep 27 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.1-4
- define OPENSSL_NO_SSL3 so the newly built dependencies do not
have access to SSL3 API calls anymore
* Mon Sep 17 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.1-3 * Mon Sep 17 2018 Tomáš Mráz <tmraz@redhat.com> 1.1.1-3
- reinstate accidentally dropped patch for weak ciphersuites - reinstate accidentally dropped patch for weak ciphersuites