summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlex Xu (Hello71) <alex_y_xu@yahoo.ca>2023-01-02 16:43:12 -0500
committerAlex Xu (Hello71) <alex_y_xu@yahoo.ca>2023-01-02 16:43:12 -0500
commit50640194fe0aaaffde3984f936bf0ffea6ec1776 (patch)
treefbe766f6ec3f0fa126a64c36d2a6141fad311cdf
parent64178fc1ec9bff272cee1c291dfe0069e7b69999 (diff)
downloadgentoo-overlay-50640194fe0aaaffde3984f936bf0ffea6ec1776.tar.xz
gentoo-overlay-50640194fe0aaaffde3984f936bf0ffea6ec1776.zip
dev-libs/openssl: sync
-rw-r--r--dev-libs/openssl/files/gentoo.config-1.0.4 (renamed from dev-libs/openssl/files/gentoo.config-1.0.2)15
-rw-r--r--dev-libs/openssl/files/openssl-3.0.5-test-memcmp.patch22
-rw-r--r--dev-libs/openssl/files/openssl-3.0.7-x509-CVE-2022-3996.patch35
-rw-r--r--dev-libs/openssl/openssl-3.0.7-r3.ebuild (renamed from dev-libs/openssl/openssl-3.0.7-r1.ebuild)12
4 files changed, 54 insertions, 30 deletions
diff --git a/dev-libs/openssl/files/gentoo.config-1.0.2 b/dev-libs/openssl/files/gentoo.config-1.0.4
index 68d7d0a..573a97d 100644
--- a/dev-libs/openssl/files/gentoo.config-1.0.2
+++ b/dev-libs/openssl/files/gentoo.config-1.0.4
@@ -95,17 +95,22 @@ linux)
# hppa64*) machine=parisc64;;
hppa*) machine="generic32 -DB_ENDIAN";;
i[0-9]86*|\
- x86_64*:x86) machine=elf;;
+ x86_64*:x86) machine=x86;;
ia64*) machine=ia64;;
- m68*) machine="generic32 -DB_ENDIAN";;
- mips*el*) machine="generic32 -DL_ENDIAN";;
- mips*) machine="generic32 -DB_ENDIAN";;
+ loongarch64*) machine="loongarch64 -DL_ENDIAN" system=linux64;;
+ m68*) machine="latomic -DB_ENDIAN";;
+ mips*el*:o32) machine="mips32 -DL_ENDIAN";;
+ mips*:o32) machine="mips32 -DB_ENDIAN";;
+ mips*el*:n32) machine="mips64 -DL_ENDIAN";;
+ mips*:n32) machine="mips64 -DB_ENDIAN";;
+ mips*el*:n64) machine="mips64 -DL_ENDIAN" system=linux64;;
+ mips*:n64) machine="mips64 -DB_ENDIAN" system=linux64;;
powerpc64*le*)machine=ppc64le;;
powerpc64*) machine=ppc64;;
powerpc*le*) machine="generic32 -DL_ENDIAN";;
powerpc*) machine=ppc;;
riscv32*) machine="generic32 -DL_ENDIAN";;
- riscv64*) machine="generic64 -DL_ENDIAN";;
+ riscv64*) machine="riscv64 -DL_ENDIAN" system=linux64;;
# sh64*) machine=elf;;
sh*b*) machine="generic32 -DB_ENDIAN";;
sh*) machine="generic32 -DL_ENDIAN";;
diff --git a/dev-libs/openssl/files/openssl-3.0.5-test-memcmp.patch b/dev-libs/openssl/files/openssl-3.0.5-test-memcmp.patch
deleted file mode 100644
index 8fa0387..0000000
--- a/dev-libs/openssl/files/openssl-3.0.5-test-memcmp.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-From 7f58de577c05ae0bbd20eee9b2971cfa1cd062c8 Mon Sep 17 00:00:00 2001
-From: Gregor Jasny <gjasny@googlemail.com>
-Date: Tue, 5 Jul 2022 12:57:06 +0200
-Subject: [PATCH] Add missing header for memcmp
-
-CLA: trivial
----
- test/v3ext.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/test/v3ext.c b/test/v3ext.c
-index 926f3884b138..a8ab64b2714b 100644
---- a/test/v3ext.c
-+++ b/test/v3ext.c
-@@ -8,6 +8,7 @@
- */
-
- #include <stdio.h>
-+#include <string.h>
- #include <openssl/x509.h>
- #include <openssl/x509v3.h>
- #include <openssl/pem.h>
diff --git a/dev-libs/openssl/files/openssl-3.0.7-x509-CVE-2022-3996.patch b/dev-libs/openssl/files/openssl-3.0.7-x509-CVE-2022-3996.patch
new file mode 100644
index 0000000..079a4f5
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-3.0.7-x509-CVE-2022-3996.patch
@@ -0,0 +1,35 @@
+https://bugs.gentoo.org/885797
+
+https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7
+https://github.com/openssl/openssl/issues/19643
+
+From 7725e7bfe6f2ce8146b6552b44e0d226be7638e7 Mon Sep 17 00:00:00 2001
+From: Pauli <pauli@openssl.org>
+Date: Fri, 11 Nov 2022 09:40:19 +1100
+Subject: [PATCH] x509: fix double locking problem
+
+This reverts commit 9aa4be691f5c73eb3c68606d824c104550c053f7 and removed the
+redundant flag setting.
+
+Fixes #19643
+
+Fixes LOW CVE-2022-3996
+
+Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/19652)
+
+(cherry picked from commit 4d0340a6d2f327700a059f0b8f954d6160f8eef5)
+--- a/crypto/x509/pcy_map.c
++++ b/crypto/x509/pcy_map.c
+@@ -73,10 +73,6 @@ int ossl_policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
+
+ ret = 1;
+ bad_mapping:
+- if (ret == -1 && CRYPTO_THREAD_write_lock(x->lock)) {
+- x->ex_flags |= EXFLAG_INVALID_POLICY;
+- CRYPTO_THREAD_unlock(x->lock);
+- }
+ sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
+ return ret;
+
diff --git a/dev-libs/openssl/openssl-3.0.7-r1.ebuild b/dev-libs/openssl/openssl-3.0.7-r3.ebuild
index c388456..fd6e3fc 100644
--- a/dev-libs/openssl/openssl-3.0.7-r1.ebuild
+++ b/dev-libs/openssl/openssl-3.0.7-r3.ebuild
@@ -18,7 +18,8 @@ if [[ ${PV} == 9999 ]] ; then
else
SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
- KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+ #KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
+ KEYWORDS="~alpha ~amd64 ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~riscv ~s390 ~sparc ~x86"
fi
S="${WORKDIR}"/${MY_P}
@@ -51,6 +52,7 @@ MULTILIB_WRAPPED_HEADERS=(
)
PATCHES=(
+ "${FILESDIR}"/${P}-x509-CVE-2022-3996.patch
)
pkg_setup() {
@@ -61,6 +63,7 @@ pkg_setup() {
CONFIG_CHECK="~TLS ~TLS_DEVICE"
ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+ use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
linux-info_pkg_setup
fi
@@ -91,7 +94,7 @@ src_unpack() {
src_prepare() {
# Allow openssl to be cross-compiled
- cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+ cp "${FILESDIR}"/gentoo.config-1.0.4 gentoo.config || die
chmod a+rx gentoo.config || die
# Keep this in sync with app-misc/c_rehash
@@ -157,9 +160,12 @@ src_prepare() {
-i Configure || die
fi
+ local sslout=$(./gentoo.config)
+ einfo "Using configuration: ${sslout:-(openssl knows best)}"
+
# The config script does stupid stuff to prompt the user. Kill it.
sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
- ./config --test-sanity || die "I AM NOT SANE"
+ ./config ${sslout} --test-sanity || die "I AM NOT SANE"
multilib_copy_sources
}