From ca01ac507fb8aba6171dfef32f86f3aef7fe3165 Mon Sep 17 00:00:00 2001 From: Camber Huang Date: Mon, 17 Oct 2022 21:26:01 +0800 Subject: [PATCH] openssl: update to 1.1.1q (Security, #3958, #4249) * Fixes CVE-2022-2068 and CVE-2022-1292 * Replace CROSS:-BUILD with ab_match_arch * Change build configuration for riscv64 to `linux64-riscv64` Signed-off-by: Camber Huang --- base-libs/openssl/autobuild/build | 37 +++++++++++++++---------------- base-libs/openssl/spec | 4 ++-- 2 files changed, 20 insertions(+), 21 deletions(-) diff --git a/base-libs/openssl/autobuild/build b/base-libs/openssl/autobuild/build index 1d28cd03032..b645d1dfc60 100644 --- a/base-libs/openssl/autobuild/build +++ b/base-libs/openssl/autobuild/build @@ -1,28 +1,22 @@ # Architectural targets... -if [[ "${CROSS:-$ARCH}" = "amd64" ]]; then +if ab_match_arch "amd64" ; then ARCH_OPTS="linux-x86_64" -elif [[ "${CROSS:-$ARCH}" = "arm64" ]]; then +elif ab_match_arch "arm64" ; then ARCH_OPTS="linux-aarch64" -elif [[ "${CROSS:-$ARCH}" = "armv4" ]]; then +elif ab_match_arch "+(armv4|armv6hf|armv7hf)" ; then ARCH_OPTS="linux-armv4" -elif [[ "${CROSS:-$ARCH}" = "armv6hf" ]]; then - ARCH_OPTS="linux-armv4" -elif [[ "${CROSS:-$ARCH}" = "armv7hf" ]]; then - ARCH_OPTS="linux-armv4" -elif [[ "${CROSS:-$ARCH}" = "i486" ]]; then +elif ab_match_arch "i486" ; then ARCH_OPTS="linux-x86" -elif [[ "${CROSS:-$ARCH}" = "loongson2f" ]]; then +elif ab_match_arch "+(loongson2f|loongson3)" ; then ARCH_OPTS="linux64-mips64" -elif [[ "${CROSS:-$ARCH}" = "loongson3" ]]; then - ARCH_OPTS="linux64-mips64" -elif [[ "${CROSS:-$ARCH}" = "powerpc" ]]; then +elif ab_match_arch = "powerpc" ; then ARCH_OPTS="linux-ppc" -elif [[ "${CROSS:-$ARCH}" = "ppc64" ]]; then +elif ab_match_arch "ppc64" ; then ARCH_OPTS="linux-ppc64" -elif [[ "${CROSS:-$ARCH}" = "ppc64el" ]]; then +elif ab_match_arch "ppc64el" ; then ARCH_OPTS="linux-ppc64le" -elif [[ "${CROSS:-$ARCH}" = "riscv64" ]]; then - ARCH_OPTS="linux-generic64" +elif ab_match_arch "riscv64" ; then + ARCH_OPTS="linux64-riscv64" fi # Use on little endian platforms when GCC supports uint128_t. @@ -32,18 +26,23 @@ fi # and it tolerates unaligned data access. # # Enabling only on x86_64 (amd64) for now, following Debian. -if [[ "${CROSS:-$ARCH}" = "amd64" ]]; then +if ab_match_arch "amd64" ; then + abinfo "Enabling ec_nistp_64_gcc_128 for amd64 ..." ARCH_OPTS+=" enable-ec_nistp_64_gcc_128" fi -./Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib \ +abinfo "Running Configure ..." +"$SRCDIR"/Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib \ shared zlib ${ARCH_OPTS}\ "-Wa,--noexecstack ${CPPFLAGS} ${CFLAGS}" + +abinfo "Building binaries ..." make depend make +abinfo "Installing files ..." make MANDIR=/usr/share/man MANSUFFIX=ssl DESTDIR="$PKGDIR" install -if [[ "${CROSS:-$ARCH}" = "i486" || "${CROSS:-$ARCH}" = "powerpc" ]]; then +if ab_match_arch "+(i486|powerpc)"; then rm -rv "$PKGDIR"/usr/share/doc/openssl/html fi diff --git a/base-libs/openssl/spec b/base-libs/openssl/spec index 1b14c82dbe4..dd29e2c7f32 100644 --- a/base-libs/openssl/spec +++ b/base-libs/openssl/spec @@ -1,4 +1,4 @@ -VER=1.1.1n +VER=1.1.1q SRCS="tbl::https://openssl.org/source/openssl-$VER.tar.gz" -CHKSUMS="sha256::40dceb51a4f6a5275bde0e6bf20ef4b91bfc32ed57c0552e2e8e15463372b17a" +CHKSUMS="sha256::d7939ce614029cdff0b6c20f0e2e5703158a489a72b2507b8bd51bf8c8fd10ca" CHKUPDATE="anitya::id=2566"