diff options
| -rw-r--r-- | dev-libs/openssl/Manifest | 4 | ||||
| -rw-r--r-- | dev-libs/openssl/files/openssl-3.0.7-x509-CVE-2022-3996.patch | 35 | ||||
| -rw-r--r-- | dev-libs/openssl/openssl-3.0.8.ebuild (renamed from dev-libs/openssl/openssl-3.0.7-r5.ebuild) | 12 |
3 files changed, 6 insertions, 45 deletions
diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest index 6c2b9eb..8a76994 100644 --- a/dev-libs/openssl/Manifest +++ b/dev-libs/openssl/Manifest @@ -1,2 +1,2 @@ -DIST openssl-3.0.7.tar.gz 15107575 BLAKE2B 141881071fa62f056c514e7c653a61c59cc45fe951ec094041e23fb5e619133b7ebbfe31cd8203969c9d8842b8cbc10ec58da67cc181761a11c1cfdd0869df9a SHA512 6c2bcd1cd4b499e074e006150dda906980df505679d8e9d988ae93aa61ee6f8c23c0fa369e2edc1e1a743d7bec133044af11d5ed57633b631ae479feb59e3424 -DIST openssl-3.0.7.tar.gz.asc 858 BLAKE2B bd07a6f656cce817038743caf1131ef8d7a21bf587e706e32771ad9e09cb4821d21b71171a7fe7bb6bece95e9b06cea6d723aae9de8b62049b5a8316578500be SHA512 9093a8a5a990f5f37bd95e7ca55f2371e59242be408ea7d9403bcfc9c8873c022237e13c0ec81881a20607ea46927887a895a82b6f50c6f423b4c54f9ef0cde1 +DIST openssl-3.0.8.tar.gz 15151328 BLAKE2B e163cc9b8b458f72405a2f1bde3811c8d0eb22e8b08ff5608ec64799975f1546dcdce31466b8a1d5ed29bc90d19aa6017d711987c81b71f4b20e279828cf753a SHA512 8ce10be000d7d4092c8efc5b96b1d2f7da04c1c3a624d3a7923899c6b1de06f369016be957e36e8ab6d4c9102eaeec5d1973295d547f7893a7f11f132ae42b0d +DIST openssl-3.0.8.tar.gz.asc 833 BLAKE2B 1949801150e254e9be648f33014a4a16f803b42ca5a302c3942d377013e983e0ea0cca8aed594e3f9ecde26c6e31d222581e991af5fae6cd451d7ee83541f4bb SHA512 e1c04f1179aded228b39005fd9e9f6f75aedafb938b77ac58c97a00973eb412d93b92ad1c447332a5d96850b62b01093502928e6c190bdd0234a94c4e815d2a6 diff --git a/dev-libs/openssl/files/openssl-3.0.7-x509-CVE-2022-3996.patch b/dev-libs/openssl/files/openssl-3.0.7-x509-CVE-2022-3996.patch deleted file mode 100644 index 079a4f5..0000000 --- a/dev-libs/openssl/files/openssl-3.0.7-x509-CVE-2022-3996.patch +++ /dev/null @@ -1,35 +0,0 @@ -https://bugs.gentoo.org/885797 - -https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7 -https://github.com/openssl/openssl/issues/19643 - -From 7725e7bfe6f2ce8146b6552b44e0d226be7638e7 Mon Sep 17 00:00:00 2001 -From: Pauli <pauli@openssl.org> -Date: Fri, 11 Nov 2022 09:40:19 +1100 -Subject: [PATCH] x509: fix double locking problem - -This reverts commit 9aa4be691f5c73eb3c68606d824c104550c053f7 and removed the -redundant flag setting. - -Fixes #19643 - -Fixes LOW CVE-2022-3996 - -Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> -Reviewed-by: Tomas Mraz <tomas@openssl.org> -(Merged from https://github.com/openssl/openssl/pull/19652) - -(cherry picked from commit 4d0340a6d2f327700a059f0b8f954d6160f8eef5) ---- a/crypto/x509/pcy_map.c -+++ b/crypto/x509/pcy_map.c -@@ -73,10 +73,6 @@ int ossl_policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) - - ret = 1; - bad_mapping: -- if (ret == -1 && CRYPTO_THREAD_write_lock(x->lock)) { -- x->ex_flags |= EXFLAG_INVALID_POLICY; -- CRYPTO_THREAD_unlock(x->lock); -- } - sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free); - return ret; - diff --git a/dev-libs/openssl/openssl-3.0.7-r5.ebuild b/dev-libs/openssl/openssl-3.0.8.ebuild index 65274cd..06b41fb 100644 --- a/dev-libs/openssl/openssl-3.0.7-r5.ebuild +++ b/dev-libs/openssl/openssl-3.0.8.ebuild @@ -1,7 +1,7 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=7 +EAPI=8 VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig @@ -19,7 +19,7 @@ else SRC_URI="mirror://openssl/source/${MY_P}.tar.gz verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )" #KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux" - KEYWORDS="~alpha ~amd64 ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~riscv ~s390 ~sparc ~x86" + KEYWORDS="~alpha ~amd64 ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~riscv ~s390 ~sparc ~x86" fi S="${WORKDIR}"/${MY_P} @@ -40,7 +40,7 @@ BDEPEND=" sys-devel/bc sys-process/procps ) - verify-sig? ( >=sec-keys/openpgp-keys-openssl-20221101 )" + verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )" DEPEND="${COMMON_DEPEND}" RDEPEND="${COMMON_DEPEND}" @@ -50,10 +50,6 @@ MULTILIB_WRAPPED_HEADERS=( /usr/include/openssl/configuration.h ) -PATCHES=( - "${FILESDIR}"/${P}-x509-CVE-2022-3996.patch -) - pkg_setup() { if use ktls ; then if kernel_is -lt 4 18 ; then |