openssl: Update openssl to 1.1.1n from upstream
Upgraded dev-libs/openssl to version 1.1.1n while keeping the chromeos
specific bits per the README.md file in dev-libs/openssl directory. We
also put back bindist IUSE so that dependent packages keep working.
BUG=b/224990614
TEST=presubmit
RELEASE_NOTE=Upgrade openssl package to 1.1.1n to resolve CVE-2022-0778
Change-Id: I9809dac91a42463d1a0a00b9ddf2255453b894c3
Reviewed-on: https://cos-review.googlesource.com/c/third_party/overlays/chromiumos-overlay/+/30761
Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
Reviewed-by: Vaibhav Rustagi <vaibhavrustagi@google.com>
diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index ee7d87c..eb3e8fc 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1 +1,2 @@
-DIST openssl-1.1.1m.tar.gz 9847315 BLAKE2B 163262933df11afdb7b0c58fbbf0454b05e02951d28ed24e2c530affa18dee884d86555f7314506852ebfcc092bb509b6f9cd33893e30dab67bfb6f5713946eb SHA512 ba0ef99b321546c13385966e4a607734df38b96f6ed45c4c67063a5f8d1482986855279797a6920d9f86c2ec31ce3e104dcc62c37328caacdd78aec59aa66156
+DIST openssl-1.1.1n.tar.gz 9850712 BLAKE2B af530258d9f7ca4f1bd1c6c344eb385e766e465c9341dd08797676165f67bbb82d3fd549ed7559dc12fb8c9c4db5e04fa6ec7ab729ec1467f5e8bce469ff5398 SHA512 1937796736613dcf4105a54e42ecb61f95a1cea74677156f9459aea0f2c95159359e766089632bf364ee6b0d28d661eb9957bce8fecc9d2436378d8d79e8d0a4
+DIST openssl-1.1.1n.tar.gz.asc 488 BLAKE2B 8fc18fdc884473dc4c243499cc3528691a9ecc184e39e8d942450d41c42d22a96398036ae804af23c4f28d082c62f5babaa275ceb2e13b33b5acfd59a802c186 SHA512 24abc3d187cabed830dcd3189a34c2dc29e0b8013a607011a0e85cc68f0ec48c1de14a005053a4de3a4013cfa9658016ac65cfb8cfac58da55231371926beeda
diff --git a/dev-libs/openssl/openssl-1.1.1m-r1.ebuild b/dev-libs/openssl/openssl-1.1.1m-r1.ebuild
deleted file mode 120000
index e4d9536..0000000
--- a/dev-libs/openssl/openssl-1.1.1m-r1.ebuild
+++ /dev/null
@@ -1 +0,0 @@
-openssl-1.1.1m.ebuild
\ No newline at end of file
diff --git a/dev-libs/openssl/openssl-1.1.1n-r1.ebuild b/dev-libs/openssl/openssl-1.1.1n-r1.ebuild
new file mode 120000
index 0000000..923411f
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.1.1n-r1.ebuild
@@ -0,0 +1 @@
+openssl-1.1.1n.ebuild
\ No newline at end of file
diff --git a/dev-libs/openssl/openssl-1.1.1m.ebuild b/dev-libs/openssl/openssl-1.1.1n.ebuild
similarity index 95%
rename from dev-libs/openssl/openssl-1.1.1m.ebuild
rename to dev-libs/openssl/openssl-1.1.1n.ebuild
index 2d5685e..2f8de9d 100644
--- a/dev-libs/openssl/openssl-1.1.1m.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1n.ebuild
@@ -3,19 +3,21 @@
EAPI="7"
-inherit flag-o-matic toolchain-funcs multilib-minimal
+inherit flag-o-matic toolchain-funcs multilib-minimal verify-sig
MY_P=${P/_/-}
DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+ verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
+VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/openssl.org.asc
LICENSE="openssl"
SLOT="0/1.1" # .so version of libssl/libcrypto
[[ "${PV}" = *_pre* ]] || \
KEYWORDS="*"
-IUSE="+asm bindist rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla"
+IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig bindist"
RESTRICT="!test? ( test )"
RDEPEND=">=app-misc/c_rehash-1.7-r1
@@ -28,7 +30,8 @@
sys-apps/diffutils
sys-devel/bc
kernel_linux? ( sys-process/procps )
- )"
+ )
+ verify-sig? ( sec-keys/openpgp-keys-openssl )"
PDEPEND="app-misc/ca-certificates"
PATCHES=(
