openssl/openssl.spec

%define soversion 1.1
Name:        openssl
Epoch:       1
Version:     1.1.1f
Release:     39
Summary:     Cryptography and SSL/TLS Toolkit
License:     OpenSSL and SSLeay and GPLv2+
URL:         https://www.openssl.org/
Source0:     https://www.openssl.org/source/old/1.1.1/%{name}-%{version}.tar.gz
Source1:     Makefile.certificate
Patch1:      openssl-1.1.1-build.patch
Patch2:      openssl-1.1.1-fips.patch
Patch3:      CVE-2020-1967.patch
Patch4:      Ensure-ECDSA_size-always-returns-0.patch
Patch5:      Fix-the-error-handling-in-EC_POINTs_mul.patch
Patch6:      Integer-overflow-in-ASN1_STRING_set.patch
Patch7:      AES-CTR-DRGB-do-not-leak-timing-information.patch
Patch8:      Fix-AES-CTR_DRBG-on-1.1.1.patch
Patch9:      BIO_do_accept-correct-error-return-value.patch
Patch10:     Add-test-for-CVE-2020-1967.patch
Patch11:     EC-Constify-internal-EC_KEY-pointer-usage.patch
Patch12:     EC-harden-EC_KEY-against-leaks-from-memory-accesses.patch
Patch13:     BN-harden-BN_copy-against-leaks-from-memory-accesses.patch
Patch14:     Fix-type-cast-in-SSL_CTX_set1_groups-macro.patch
Patch15:     i2b_PVK_bio-don-t-set-PEM_R_BIO_WRITE_FAILURE-in-cas.patch
Patch16:     fuzz-asn1.c-Add-missing-include.patch
Patch17:     Fix-use-after-free-in-BIO_C_SET_SSL-callback.patch
Patch18:     Fix-PEM-certificate-loading-that-sometimes-fails.patch
Patch19:     Fix-rsa8192.pem.patch
Patch20:     Correct-alignment-calculation-in-ssl3_setup_write.patch
Patch21:     Fix-crash-in-early-data-send-with-out-of-band-PSK-us.patch
Patch22:     Test-TLSv1.3-out-of-band-PSK-with-all-5-ciphersuites.patch
Patch23:     Cast-the-unsigned-char-to-unsigned-int-before-shifti.patch
Patch24:     Avoid-potential-overflow-to-the-sign-bit-when-shifti.patch
Patch25:     t1_trce-Fix-remaining-places-where-the-24-bit-shift-.patch
Patch26:     Fix-d2i_PrivateKey-to-work-as-documented.patch
Patch27:     Prevent-use-after-free-of-global_engine_lock.patch
Patch28:     Allow-NULL-arg-to-OSSL_STORE_close.patch
Patch29:     EVP_EncryptInit.pod-fix-example.patch
Patch30:     bio-printf-Avoid-using-rounding-errors-in-range-chec.patch
Patch31:     Make-BIO_do_connect-and-friends-handle-multiple-IP-a.patch
Patch32:     Revert-the-check-for-NaN-in-f-format.patch
Patch33:     fix-a-docs-typo.patch
Patch34:     Replace-BUF_strdup-call-by-OPENSSL_strdup-adding-fai.patch
Patch35:     Fix-err-checking-and-mem-leaks-of-BIO_set_conn_port-.patch
Patch36:     Do-not-allow-dropping-Extended-Master-Secret-extensi.patch
Patch37:     EVP-allow-empty-strings-to-EVP_Decode-functions.patch
Patch38:     CMS_get0_signers-description.patch
Patch39:     Ensure-we-never-use-a-partially-initialised-CMAC_CTX.patch
Patch40:     Correctly-handle-the-return-value-from-EVP_Cipher-in.patch
Patch41:     Fix-wrong-return-value-check-of-mmap-function.patch
Patch42:     doc-man3-fix-types-taken-by-HMAC-HMAC_Update.patch
Patch43:     Ensure-that-SSL_dup-copies-the-min-max-protocol-vers.patch
Patch44:     Don-t-attempt-to-duplicate-the-BIO-state-in-SSL_dup.patch
Patch45:     Add-an-SSL_dup-test.patch
Patch46:     Free-pre_proc_exts-in-SSL_free.patch
Patch47:     Fix-issue-1418-by-moving-check-of-KU_KEY_CERT_SIGN-a.patch
Patch48:     x509_vfy.c-Improve-key-usage-checks-in-internal_veri.patch
Patch49:     doc-Fix-documentation-of-EVP_EncryptUpdate.patch
Patch50:     Avoid-errors-with-a-priori-inapplicable-protocol-bou.patch
Patch51:     fixed-swapped-parameters-descriptions-for-x509.patch
Patch52:     Update-EVP_EncodeInit.pod.patch
Patch53:     Avoid-segfault-in-SSL_export_keying_material-if-ther.patch
Patch54:     sslapitest-Add-test-for-premature-call-of-SSL_export.patch
Patch55:     Fix-PEM_write_bio_PrivateKey_traditional-to-not-outp.patch
Patch56:     Coverity-Fixes.patch
Patch57:     Fix-memory-leaks-in-conf_def.c.patch
Patch58:     Support-keys-with-RSA_METHOD_FLAG_NO_CHECK-with-OCSP.patch
Patch59:     Use-size-of-target-buffer-for-allocation.patch
Patch60:     Avoid-memory-leak-of-parent-on-allocation-failure-fo.patch
Patch61:     Pass-an-EVP_PKEY-for-SSL_SECOP_TMP_DH-in-the-securit.patch
Patch62:     Avoid-potential-doublefree-on-dh-object-assigned-to-.patch
Patch63:     Fix-AES-GCM-bug-on-aarch64-BigEndian.patch
Patch64:     crypto-poly1305-asm-fix-armv8-pointer-authentication.patch
Patch65:     Verification-zero-length-content-in-S-MIME-format.patch
Patch66:     CVE-2020-1971-0001-DirectoryString-is-a-CHOICE-type-and-therefore-uses-.patch
Patch67:     CVE-2020-1971-0002-Correctly-compare-EdiPartyName-in-GENERAL_NAME_cmp.patch
Patch68:     CVE-2020-1971-0003-Check-that-multi-strings-CHOICE-types-don-t-use-impl.patch
Patch69:     CVE-2020-1971-0004-Complain-if-we-are-attempting-to-encode-with-an-inva.patch
Patch70:     CVE-2020-1971-0005-Add-a-test-for-GENERAL_NAME_cmp.patch
Patch71:     CVE-2020-1971-0006-Add-a-test-for-encoding-decoding-using-an-invalid-AS.patch
Patch72:     CVE-2021-23840.patch
Patch73:     CVE-2021-23841.patch
Patch74:     CVE-2021-3449.patch
Patch75:     CVE-2021-3711-0001-Check-the-plaintext-buffer-is-large-enough-when-decr.patch
Patch76:     CVE-2021-3711-0002-Correctly-calculate-the-length-of-SM2-plaintext-give.patch
Patch77:     CVE-2021-3711-0003-Extend-tests-for-SM2-decryption.patch
Patch78:     CVE-2021-3712-0001-Fix-a-read-buffer-overrun-in-X509_aux_print.patch
Patch79:     CVE-2021-3712-0002-Fix-EC_GROUP_new_from_ecparameters-to-check-the-base.patch
Patch80:     bugfix-Don-t-Overflow-when-printing-Thawte-Strong-Extranet-.patch
Patch81:     CVE-2021-4160.patch
Patch82:     CVE-2022-0778-Add-a-negative-testcase-for-BN_mod_sqrt.patch
Patch83:     CVE-2022-0778-Fix-possible-infinite-loop-in-BN_mod_sqrt.patch
Patch84:     CVE-2022-1292.patch
Patch85:     CVE-2022-2068-Fix-file-operations-in-c_rehash.patch
Patch86:     CVE-2022-2097-Fix-AES-OCB-encrypt-decrypt-for-x86-AES-NI.patch
Patch87:     Backport-Update-expired-SCT-certificates.patch
Patch88:     Backport-ct_test.c-Update-the-epoch-time.patch
Patch89:     backport-CVE-2022-4304-Fix-Timing-Oracle-in-RSA-decryption.patch
Patch90:     backport-CVE-2022-4450-Avoid-dangling-ptrs-in-header-and-data-params-for-PE.patch
Patch91:     backport-CVE-2023-0215-Check-CMS-failure-during-BIO-setup-with-stream-is-ha.patch
Patch92:     backport-CVE-2023-0215-Fix-a-UAF-resulting-from-a-bug-in-BIO_new_NDEF.patch
Patch93:     backport-CVE-2023-0286-Fix-GENERAL_NAME_cmp-for-x400Address-1.patch
Patch94:     backport-test-add-test-cases-for-the-policy-resource-overuse.patch
Patch95:     backport-x509-excessive-resource-use-verifying-policy-constra.patch
Patch96:     backport-Ensure-that-EXFLAG_INVALID_POLICY-is-checked-even-in.patch
Patch97:     backport-Fix-documentation-of-X509_VERIFY_PARAM_add0_policy.patch
Patch98:     fix-the-test-case-failure.patch
Patch99:     backport-CVE-2023-2650-Restrict-the-size-of-OBJECT-IDENTIFIERs-that-OBJ_obj.patch
Patch100:    backport-Add-a-test-for-CVE-2023-3446.patch
Patch101:    backport-CVE-2023-3446-Fix-DH_check-excessive-time-with-over-sized-modulus.patch
Patch102:    backport-Update-further-expiring-certificates-that-affect-tes.patch
Patch103:    backport-CVE-2023-3817.patch
Patch104:    backport-CVE-2023-3817-testcase.patch
Patch105:    backport-A-null-pointer-dereference-occurs-when-memory-alloca.patch
Patch106:    backport-Make-DH_check-set-some-error-bits-in-recently-added-.patch
Patch107:    backport-CVE-2023-5678-Make-DH_check_pub_key-and-DH_generate_key-safer-yet.patch
Patch108:    backport-Fix-integer-overflow-in-evp_EncryptDecryptUpdate.patch
Patch109:    backport-Fix-Coverity-1201763-uninitialised-pointer-read.patch
Patch110:    backport-Fix-Coverity-1498611-1498608-uninitialised-read.patch
Patch111:    backport-Fix-coverity-1498607-uninitialised-value.patch
Patch112:    backport-Fix-issue-where-OBJ_nid2obj-doesn-t-always-raise-an-.patch
Patch113:    backport-Set-protocol-in-init_client.patch
Patch114:    backport-Fix-a-crash-in-ssl_security_cert_chain.patch
Patch115:    backport-Fix-undefined-behaviour-in-EC_GROUP_new_from_ecparam.patch
Patch116:    backport-Fix-a-memory-leak-in-ec_key_simple_oct2priv.patch
Patch117:    backport-Fix-a-crash-in-asn1_item_embed_new.patch
Patch118:    backport-Fix-leakage-when-the-cacheline-is-32-bytes-in-CBC_MA.patch
Patch119:    backport-Add-test-for-empty-supported-groups-extension.patch
Patch120:    backport-Do-not-send-an-empty-supported-groups-extension.patch
Patch121:    backport-x509-use-actual-issuer-name-if-a-CA-is-used.patch
Patch122:    backport-Fix-a-memory-leak-in-crl_set_issuers.patch
Patch123:    backport-ASN1-Reset-the-content-dump-flag-after-dumping.patch
Patch124:    backport-Don-t-reset-the-packet-pointer-in-ssl3_setup_read_bu.patch
Patch125:    backport-bn-procduce-correct-sign-for-result-of-BN_mod.patch
Patch126:    backport-CVE-2024-0727-fix-pkcs12-decoding-crashes.patch
Patch127:    backport-CVE-2024-2511-Fix-unconstrained-session-cache-growth-in-TLSv1.3.patch
Patch128:    backport-Add-a-test-for-session-cache-handling.patch
Patch129:    backport-Extend-the-multi_resume-test-for-simultaneous-resump.patch
Patch130:    backport-Hardening-around-not_resumable-sessions.patch
Patch131:    backport-Add-a-test-for-session-cache-overflow.patch
Patch132:    backport-CVE-2024-4741-Only-free-the-read-buffer.patch
Patch133:    backport-CVE-2024-4741-Set-rlayer.packet-to-NULL-after-we-ve-.patch
Patch134:    backport-CVE-2024-4741-test-Fix-possible-use-after-free.patch
Patch135:    backport-CVE-2024-5535-Fix-SSL_select_next_proto-and-add-ALPN.patch
Patch136:    backport-Pipeline-output-input-buf-arrays-must-live-until-the.patch
Patch137:    backport-Fix-password_callback-to-handle-short-passwords.patch
Patch138:    backport-Check-password-length-only-when-verify-is-enabled.patch
Patch139:    backport-ticket_lifetime_hint-may-exceed-1-week-in-TLSv1.3.patch
Patch140:    backport-CVE-2024-9143-Harden-BN_GF2m_poly2arr-against-misuse.patch
Patch141:    backport-CVE-2024-13176-Fix-timing-side-channel.patch

BuildRequires: gcc make lksctp-tools-devel coreutils util-linux zlib-devel

Requires:    coreutils perl %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
Requires:    %{name}-help = %{epoch}:%{version}-%{release}
Obsoletes:   openssl-perl < %{epoch}:%{version}-%{release}
Provides:    openssl-perl%{_isa} = %{epoch}:%{version}-%{release}
Provides:    openssl-perl = %{epoch}:%{version}-%{release}
Obsoletes:   openssl-SMx < %{epoch}:%{version}-%{release}
Provides:    openssl-SMx = %{epoch}:%{version}-%{release}

%description
OpenSSL is a robust, commercial-grade, and full-featured toolkit for the
Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.

%package libs
Summary:      A general purpose cryptography library with TLS implementation
Group:        System Environment/Libraries
Requires:     ca-certificates >= 2008-5
Requires:     crypto-policies >= 20180730
Recommends:   openssl-pkcs11%{?_isa}
Obsoletes:    openssl < 1:1.0.1-0.3.beta3
Obsoletes:    openssl-fips < 1:1.0.1e-28
Provides:     openssl-fips = %{epoch}:%{version}-%{release}
Obsoletes:    openssl-SMx-libs < %{epoch}:%{version}-%{release}
Provides:     openssl-SMx-libs = %{epoch}:%{version}-%{release}

%description libs
The openssl-libs package contains the libraries that are used
by various applications which support cryptographic algorithms
and protocols.

%package devel
Summary:   Development files for openssl
Requires:  %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
Requires: krb5-devel zlib-devel pkgconfig
Obsoletes: openssl-static < %{epoch}:%{version}-%{release}
Provides:  openssl-static = %{epoch}:%{version}-%{release} openssl-static%{?_isa} = %{epoch}:%{version}-%{release}
Obsoletes: openssl-SMx-devel < %{epoch}:%{version}-%{release}
Provides:  openssl-SMx-devel = %{epoch}:%{version}-%{release}

%description devel
%{summary}.

%package_help

%prep
%autosetup -n %{name}-%{version} -p1

%build

sslarch=%{_os}-%{_target_cpu}
%ifarch x86_64 aarch64
sslflags=enable-ec_nistp_64_gcc_128
%endif

RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -DPURIFY $RPM_LD_FLAGS"
./Configure \
    --prefix=%{_prefix} \
    --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
    zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
    enable-cms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method \
    enable-weak-ssl-ciphers \
    no-mdc2 no-ec2m enable-sm2 enable-sm4 \
    shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\""'

%make_build all

%define __spec_install_post \
    %{?__debug_package:%{__debug_install_post}} \
    %{__arch_install_post} \
    %{__os_install_post} \
    crypto/fips/fips_standalone_hmac $RPM_BUILD_ROOT%{_libdir}/libcrypto.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{version}.hmac \
    ln -sf .libcrypto.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libcrypto.so.%{soversion}.hmac \
    crypto/fips/fips_standalone_hmac $RPM_BUILD_ROOT%{_libdir}/libssl.so.%{version} >$RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{version}.hmac \
    ln -sf .libssl.so.%{version}.hmac $RPM_BUILD_ROOT%{_libdir}/.libssl.so.%{soversion}.hmac \
%{nil}

%install

%make_install

# rename so name with actual version
rename so.%{soversion} so.%{version} $RPM_BUILD_ROOT%{_libdir}/*.so.%{soversion}
# create symbolic link
for lib in $RPM_BUILD_ROOT%{_libdir}/*.so.%{version} ; do
     ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`
     ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`.%{soversion}
done

mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/certs
install -m644 %{SOURCE1} $RPM_BUILD_ROOT%{_pkgdocdir}/Makefile.certificate

mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc/*.pl $RPM_BUILD_ROOT%{_bindir}
mv $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/misc/tsget $RPM_BUILD_ROOT%{_bindir}


mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/{certs,crl,newcerts,private}
chmod 700 $RPM_BUILD_ROOT%{_sysconfdir}/pki/CA/private

touch -r %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/{openssl.cnf,ct_log_list.cnf}


# rename man pages avoid conflicting with other man pages in system
%define manpostfix _openssl
pushd $RPM_BUILD_ROOT%{_mandir}
ln -s -f config.5 man5/openssl.cnf.5
for manpage in man*/* ; do
    if [ -L ${manpage} ]; then
        targetfile=`ls -l ${manpage} | awk '{print $NF}'`
        ln -sf ${targetfile}%{manpostfix} ${manpage}%{manpostfix}
        rm -f ${manpage}
    else
        mv ${manpage} ${manpage}%{manpostfix}
    fi
done
popd

rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/*.dist

%check
LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
export LD_LIBRARY_PATH
crypto/fips/fips_standalone_hmac libcrypto.so.%{soversion} >.libcrypto.so.%{soversion}.hmac
ln -s .libcrypto.so.%{soversion}.hmac .libcrypto.so.hmac
crypto/fips/fips_standalone_hmac libssl.so.%{soversion} >.libssl.so.%{soversion}.hmac
ln -s .libssl.so.%{soversion}.hmac .libssl.so.hmac
OPENSSL_ENABLE_MD5_VERIFY=
export OPENSSL_ENABLE_MD5_VERIFY
OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file
export OPENSSL_SYSTEM_CIPHERS_OVERRIDE
make test || :

%post libs -p /sbin/ldconfig

%postun libs -p /sbin/ldconfig

%files
%defattr(-,root,root)
%license LICENSE
%doc AUTHORS CHANGES FAQ NEWS README
%{_pkgdocdir}/Makefile.certificate
%dir %{_sysconfdir}/pki/CA
%dir %{_sysconfdir}/pki/CA/private
%dir %{_sysconfdir}/pki/CA/certs
%dir %{_sysconfdir}/pki/CA/crl
%dir %{_sysconfdir}/pki/CA/newcerts
%{_bindir}/*

%files libs
%defattr(-,root,root)
%license LICENSE
%dir %{_sysconfdir}/pki/tls
%dir %{_sysconfdir}/pki/tls/certs
%dir %{_sysconfdir}/pki/tls/misc
%dir %{_sysconfdir}/pki/tls/private
%config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
%config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf
%{_libdir}/libcrypto.so.%{version}
%{_libdir}/libcrypto.so.%{soversion}
%{_libdir}/libssl.so.%{version}
%{_libdir}/libssl.so.%{soversion}
%{_libdir}/engines-%{soversion}
%attr(0644,root,root) %{_libdir}/.libcrypto.so.*.hmac
%attr(0644,root,root) %{_libdir}/.libssl.so.*.hmac

%files devel
%defattr(-,root,root)
%doc doc/dir-locals.example.el doc/openssl-c-indent.el
%{_prefix}/include/openssl
%{_libdir}/pkgconfig/*.pc
%{_libdir}/*.so
%{_libdir}/*.a

%files help
%defattr(-,root,root)
%{_mandir}/man1/*
%{_mandir}/man3/*
%{_mandir}/man5/*
%{_mandir}/man7/*
%{_pkgdocdir}/html/

%changelog
* Wed Feb 5 2025 jinlun <jinlun@huawei.com> - 1:1.1.1f-39
- fix CVE-2024-13176

* Wed Nov 27 2024 liningjie <liningjie@xfusion.com> - 1:1.1.1f-38
- fix CVE-2024-9143

* Sat Nov 16 2024 liningjie <liningjie@xfusion.com> - 1:1.1.1f-37
- fix CI build error

* Fri Oct 11 2024 hugel <gengqihu2@h-partners.com> - 1:1.1.1f-36
- fix openssl asan error

* Thu Jul 4 2024 steven <steven_ygui@163.com> - 1:1.1.1f-35
- fix CVE-2024-5535

* Mon Jun 3 2024 wangcheng <wangcheng156@huawei.com> - 1:1.1.1f-34
- fix CVE-2024-4741

* Sun Apr 28 2024 wangcheng <wangcheng156@huawei.com> - 1:1.1.1f-33
- Fix CVE-2024-2511

* Tue Jan 30 2024 lixiao <lixiao57@huawei.com> - 1:1.1.1f-32
- Fix CVE-2024-0727 PKCS12 Decoding crashes

* Fri Dec 08 2023 wangcheng <wangcheng156@huawei.com> - 1:1.1.1f-31
- backport some upstream patches

* Mon Nov 27 2023 wangcheng <wangcheng156@huawei.com> - 1:1.1.1f-30
- backport some upstream patches

* Tue Nov 14 2023 fangxiuning <fangxiuning@huawei.com> - 1:1.1.1f-29
- fix CVE-2023-5678

* Fri Sep 22 2023 dongyuzhen <dongyuzhen@h-partners.com> - 1:1.1.1f-28
- Backport some upstream patches

* Thu Aug 3 2023 liningjie <liningjie@xfusion.com> - 1:1.1.1f-27
- fix CVE-2023-3817

* Sat Jul 22 2023 zcfsite <zhchf2010@126.com> - 1:1.1.1f-26
- fix CVE-2023-3446

* Mon Jun 12 2023 ExtinctFire <shenyining_00@126.com> - 1:1.1.1f-25
- fix CVE-2023-2650

* Thu May 25 2023 wangcheng <wangcheng156@huawei.com> - 1:1.1.1f-24
- fix the test case failure

* Tue Apr 4 2023 wangcheng <wangcheng156@huawei.com> - 1:1.1.1f-23
- fix some CVEs

* Thu Feb 09 2023 wangcheng <wangcheng156@huawei.com> - 1:1.1.1f-22
- fix some CVEs

* Fri Jan 6 2023 wangcheng <wangcheng156@huawei.com> - 1:1.1.1f-21
- fix expiring-certificates test case

* Tue Sep 13 2022 wangcheng <wangcheng156@huawei.com> - 1:1.1.1f-19
- add provides for openssl-SMx

* Thu Jul 14 2022 fangxiuning <fangxiuning@huawei.com> - 1:1.1.1f-18
- fix CVE-2022-2097

* Fri Jul 01 2022 wangcheng <wangcheng156@huawei.com> - 1:1.1.1f-17
- fix CVE-2022-2068

* Mon May 16 2022 wangcheng <wangcheng156@huawei.com> - 1:1.1.1f-16
- fix CVE-2022-1292

* Mon Mar 21 2022 wangcheng156 <wangcheng156@huawei.com> - 1:1.1.1f-15
- fix CVE-2022-0778

* Mon Feb 28 2022 wangyu283 <wangyu283@huawei.com> - 1:1.1.1f-14
- fix CVE-2021-4160

* Fri Sep 24 2021 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1f-13
- bugfix Overflow when printing Thawte Strong Extranet

* Thu Sep 16 2021 wutao <wutao61@huawei.com> - 1:1.1.1f-12
- add provides openssl-perl

* Mon Aug 30 2021 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1f-11
- fix CVE-2021-3711 and CVE-2021-3712

* Wed Apr 7 2021 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1f-10
- fix CVE-2021-3449

* Thu Mar 11 2021 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1f-9
- fix CVE-2021-23840 and CVE-2021-23841

* Tue Feb 09 2021 Liufeng <liufeng111@huawei.com> - 1:1.1.1f-8
- backport some bugfix patches from OpenSSL community and reset the release

* Tue Jan 19 2021 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1f-3
- fix CVE-2020-1971

* Fri Nov 13 2020 Liufeng <liufeng111@huawei.com> - 1:1.1.1f-2
- make openssl require openssl-help

* Tue May 12 2020 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1f-1
- update openssl-1.1.1d to openssl-1.1.1f and fix CVE-2020-1967

* Wed Mar 18 2020 steven <steven_ygui@163.com> - 1:1.1.1d-9
- fix division zero issue which found by oss-fuzz

* Tue Mar 3 2020 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1d-8
- add missiong /sbin/ldconfig

* Tue Mar 3 2020 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1d-7
- Fix problem caused by missing hmac files

* Mon Feb 17 2020 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1d-6
- add openssl-libs containing dynamic library for openssl

* Sun Jan 19 2020 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1d-5
- add obsoletes

* Tue Jan 14 2020 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1d-4
- clean code

* Fri Jan 10 2020 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1d-3
- delete unused files

* Fri Dec 27 2019 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1d-2
- modify obsoletes

* Mon Dec 16 2019 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1d-1
- update to 1:1.1.1d

* Thu Nov 21 2019 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1c-5
- enable sm2 and sm4

* Fri Oct 25 2019 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1c-4
- Add missing openssl/fips.h

* Thu Oct 24 2019 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1c-3
- Add buildrequires zlib-devel

* Tue Sep 24 2019 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1c-2
- Adjust requires

* Mon Sep 16 2019 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1c-1
- Package init