summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--dev-libs/openssl/Manifest4
-rw-r--r--dev-libs/openssl/files/openssl-3.0.7-x509-CVE-2022-3996.patch35
-rw-r--r--dev-libs/openssl/openssl-3.0.8.ebuild (renamed from dev-libs/openssl/openssl-3.0.7-r5.ebuild)12
3 files changed, 6 insertions, 45 deletions
diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 6c2b9eb..8a76994 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,2 +1,2 @@
-DIST openssl-3.0.7.tar.gz 15107575 BLAKE2B 141881071fa62f056c514e7c653a61c59cc45fe951ec094041e23fb5e619133b7ebbfe31cd8203969c9d8842b8cbc10ec58da67cc181761a11c1cfdd0869df9a SHA512 6c2bcd1cd4b499e074e006150dda906980df505679d8e9d988ae93aa61ee6f8c23c0fa369e2edc1e1a743d7bec133044af11d5ed57633b631ae479feb59e3424
-DIST openssl-3.0.7.tar.gz.asc 858 BLAKE2B bd07a6f656cce817038743caf1131ef8d7a21bf587e706e32771ad9e09cb4821d21b71171a7fe7bb6bece95e9b06cea6d723aae9de8b62049b5a8316578500be SHA512 9093a8a5a990f5f37bd95e7ca55f2371e59242be408ea7d9403bcfc9c8873c022237e13c0ec81881a20607ea46927887a895a82b6f50c6f423b4c54f9ef0cde1
+DIST openssl-3.0.8.tar.gz 15151328 BLAKE2B e163cc9b8b458f72405a2f1bde3811c8d0eb22e8b08ff5608ec64799975f1546dcdce31466b8a1d5ed29bc90d19aa6017d711987c81b71f4b20e279828cf753a SHA512 8ce10be000d7d4092c8efc5b96b1d2f7da04c1c3a624d3a7923899c6b1de06f369016be957e36e8ab6d4c9102eaeec5d1973295d547f7893a7f11f132ae42b0d
+DIST openssl-3.0.8.tar.gz.asc 833 BLAKE2B 1949801150e254e9be648f33014a4a16f803b42ca5a302c3942d377013e983e0ea0cca8aed594e3f9ecde26c6e31d222581e991af5fae6cd451d7ee83541f4bb SHA512 e1c04f1179aded228b39005fd9e9f6f75aedafb938b77ac58c97a00973eb412d93b92ad1c447332a5d96850b62b01093502928e6c190bdd0234a94c4e815d2a6
diff --git a/dev-libs/openssl/files/openssl-3.0.7-x509-CVE-2022-3996.patch b/dev-libs/openssl/files/openssl-3.0.7-x509-CVE-2022-3996.patch
deleted file mode 100644
index 079a4f5..0000000
--- a/dev-libs/openssl/files/openssl-3.0.7-x509-CVE-2022-3996.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-https://bugs.gentoo.org/885797
-
-https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7
-https://github.com/openssl/openssl/issues/19643
-
-From 7725e7bfe6f2ce8146b6552b44e0d226be7638e7 Mon Sep 17 00:00:00 2001
-From: Pauli <pauli@openssl.org>
-Date: Fri, 11 Nov 2022 09:40:19 +1100
-Subject: [PATCH] x509: fix double locking problem
-
-This reverts commit 9aa4be691f5c73eb3c68606d824c104550c053f7 and removed the
-redundant flag setting.
-
-Fixes #19643
-
-Fixes LOW CVE-2022-3996
-
-Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/19652)
-
-(cherry picked from commit 4d0340a6d2f327700a059f0b8f954d6160f8eef5)
---- a/crypto/x509/pcy_map.c
-+++ b/crypto/x509/pcy_map.c
-@@ -73,10 +73,6 @@ int ossl_policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
-
- ret = 1;
- bad_mapping:
-- if (ret == -1 && CRYPTO_THREAD_write_lock(x->lock)) {
-- x->ex_flags |= EXFLAG_INVALID_POLICY;
-- CRYPTO_THREAD_unlock(x->lock);
-- }
- sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
- return ret;
-
diff --git a/dev-libs/openssl/openssl-3.0.7-r5.ebuild b/dev-libs/openssl/openssl-3.0.8.ebuild
index 65274cd..06b41fb 100644
--- a/dev-libs/openssl/openssl-3.0.7-r5.ebuild
+++ b/dev-libs/openssl/openssl-3.0.8.ebuild
@@ -1,7 +1,7 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
-EAPI=7
+EAPI=8
VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig
@@ -19,7 +19,7 @@ else
SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux"
- KEYWORDS="~alpha ~amd64 ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~riscv ~s390 ~sparc ~x86"
+ KEYWORDS="~alpha ~amd64 ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~riscv ~s390 ~sparc ~x86"
fi
S="${WORKDIR}"/${MY_P}
@@ -40,7 +40,7 @@ BDEPEND="
sys-devel/bc
sys-process/procps
)
- verify-sig? ( >=sec-keys/openpgp-keys-openssl-20221101 )"
+ verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
DEPEND="${COMMON_DEPEND}"
RDEPEND="${COMMON_DEPEND}"
@@ -50,10 +50,6 @@ MULTILIB_WRAPPED_HEADERS=(
/usr/include/openssl/configuration.h
)
-PATCHES=(
- "${FILESDIR}"/${P}-x509-CVE-2022-3996.patch
-)
-
pkg_setup() {
if use ktls ; then
if kernel_is -lt 4 18 ; then