openssl: update to 1.1.1q (Security, #3958, #4249)

* Fixes CVE-2022-2068 and CVE-2022-1292 * Replace CROSS:-BUILD with ab_match_arch * Change build configuration for riscv64 to `linux64-riscv64` Signed-off-by: Camber Huang <camber@poi.science>
AOSC-Dev · Nov 23, 2022 · e64e405 · e64e405
1 parent c4a1fec
commit e64e405
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 21 deletions.
diff --git a/base-libs/openssl/autobuild/build b/base-libs/openssl/autobuild/build
@@ -1,28 +1,22 @@
 # Architectural targets...
-if   [[ "${CROSS:-$ARCH}" = "amd64" ]]; then
+if ab_match_arch "amd64" ; then
     ARCH_OPTS="linux-x86_64"
-elif [[ "${CROSS:-$ARCH}" = "arm64" ]]; then
+elif ab_match_arch "arm64" ; then
     ARCH_OPTS="linux-aarch64"
-elif [[ "${CROSS:-$ARCH}" = "armv4" ]]; then
+elif ab_match_arch "+(armv4|armv6hf|armv7hf)" ; then
     ARCH_OPTS="linux-armv4"
-elif [[ "${CROSS:-$ARCH}" = "armv6hf" ]]; then
-    ARCH_OPTS="linux-armv4"
-elif [[ "${CROSS:-$ARCH}" = "armv7hf" ]]; then
-    ARCH_OPTS="linux-armv4"
-elif [[ "${CROSS:-$ARCH}" = "i486" ]]; then
+elif ab_match_arch "i486" ; then
     ARCH_OPTS="linux-x86"
-elif [[ "${CROSS:-$ARCH}" = "loongson2f" ]]; then
+elif ab_match_arch "+(loongson2f|loongson3)" ; then
     ARCH_OPTS="linux64-mips64"
-elif [[ "${CROSS:-$ARCH}" = "loongson3" ]]; then
-    ARCH_OPTS="linux64-mips64"
-elif [[ "${CROSS:-$ARCH}" = "powerpc" ]]; then
+elif ab_match_arch = "powerpc" ; then
     ARCH_OPTS="linux-ppc"
-elif [[ "${CROSS:-$ARCH}" = "ppc64" ]]; then
+elif ab_match_arch "ppc64" ; then
     ARCH_OPTS="linux-ppc64"
-elif [[ "${CROSS:-$ARCH}" = "ppc64el" ]]; then
+elif ab_match_arch "ppc64el" ; then
     ARCH_OPTS="linux-ppc64le"
-elif [[ "${CROSS:-$ARCH}" = "riscv64" ]]; then
-    ARCH_OPTS="linux-generic64"
+elif ab_match_arch "riscv64" ; then
+    ARCH_OPTS="linux64-riscv64"
 fi
 
 # Use on little endian platforms when GCC supports uint128_t.
@@ -32,18 +26,23 @@ fi
 # and it tolerates unaligned data access.
 #
 # Enabling only on x86_64 (amd64) for now, following Debian.
-if [[ "${CROSS:-$ARCH}" = "amd64" ]]; then
+if ab_match_arch "amd64" ; then
+    abinfo "Enabling ec_nistp_64_gcc_128 for amd64 ..."
     ARCH_OPTS+=" enable-ec_nistp_64_gcc_128"
 fi
 
-./Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib \
+abinfo "Running Configure ..."
+"$SRCDIR"/Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib \
             shared zlib ${ARCH_OPTS}\
             "-Wa,--noexecstack ${CPPFLAGS} ${CFLAGS}"
+
+abinfo "Building binaries ..."
 make depend
 make
 
+abinfo "Installing files ..."
 make MANDIR=/usr/share/man MANSUFFIX=ssl DESTDIR="$PKGDIR" install
 
-if [[ "${CROSS:-$ARCH}" = "i486" || "${CROSS:-$ARCH}" = "powerpc" ]]; then
+if ab_match_arch "+(i486|powerpc)"; then
     rm -rv "$PKGDIR"/usr/share/doc/openssl/html
 fi
diff --git a/base-libs/openssl/spec b/base-libs/openssl/spec
@@ -1,4 +1,4 @@
-VER=1.1.1n
+VER=1.1.1q
 SRCS="tbl::https://openssl.org/source/openssl-$VER.tar.gz"
-CHKSUMS="sha256::40dceb51a4f6a5275bde0e6bf20ef4b91bfc32ed57c0552e2e8e15463372b17a"
+CHKSUMS="sha256::d7939ce614029cdff0b6c20f0e2e5703158a489a72b2507b8bd51bf8c8fd10ca"
 CHKUPDATE="anitya::id=2566"