diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2015-12-05 07:42:01 -0500 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2015-12-05 07:42:01 -0500 |
| commit | 1ace67d81ba5a5bee571ed3b171187dc3c8b76c7 (patch) | |
| tree | 0217a62bf457934d1dcc3f5dd8acc948589e5799 /dev-libs | |
| parent | profiles/package.mask: Mask dev-java/{jpf,jpfcodegen} for removal. See bug 56... (diff) | |
| download | gentoo-1ace67d81ba5a5bee571ed3b171187dc3c8b76c7.tar.gz gentoo-1ace67d81ba5a5bee571ed3b171187dc3c8b76c7.tar.bz2 gentoo-1ace67d81ba5a5bee571ed3b171187dc3c8b76c7.zip | |
dev-libs/libressl: add upstream patch to address CVE-2015-3194, bug #567564
Package-Manager: portage-2.2.20.1
Diffstat (limited to 'dev-libs')
| -rw-r--r-- | dev-libs/libressl/files/libressl-2.2.4-clientcert.patch | 35 | ||||
| -rw-r--r-- | dev-libs/libressl/libressl-2.2.4-r1.ebuild | 50 | ||||
| -rw-r--r-- | dev-libs/libressl/libressl-2.3.1-r1.ebuild | 50 |
3 files changed, 135 insertions, 0 deletions
diff --git a/dev-libs/libressl/files/libressl-2.2.4-clientcert.patch b/dev-libs/libressl/files/libressl-2.2.4-clientcert.patch new file mode 100644 index 000000000000..ac2f88e2b901 --- /dev/null +++ b/dev-libs/libressl/files/libressl-2.2.4-clientcert.patch @@ -0,0 +1,35 @@ +untrusted comment: signature from openbsd 5.8 base secret key +RWQNNZXtC/MqP8u13/pPZfTpPeHhU93PG0DBihXvQ7lB0CvONLwoTfHr9f40s515bidPGcGLAH4xu+yz3skT6b3tKETEWZw8BgA= + +OpenBSD 5.8 errata 9, Dec 3, 2015: + +CVE-2015-3194 - NULL pointer dereference in client certificate validation + +Apply by doing: + signify -Vep /etc/signify/openbsd-58-base.pub -x 009_clientcert.patch.sig \ + -m - | (cd /usr/src && patch -p0) + +And then rebuild and install libcrypto: + cd /usr/src/lib/libcrypto + make obj + make depend + make + make install + +Index: lib/libssl/src/crypto/rsa/rsa_ameth.c +=================================================================== +RCS file: /cvs/src/lib/libssl/src/crypto/rsa/rsa_ameth.c,v +retrieving revision 1.14 +retrieving revision 1.14.6.1 +diff -u -p -u -p -r1.14 -r1.14.6.1 +--- lib/libssl/src/crypto/rsa/rsa_ameth.c 11 Feb 2015 04:05:14 -0000 1.14 ++++ lib/libssl/src/crypto/rsa/rsa_ameth.c 4 Dec 2015 04:13:43 -0000 1.14.6.1 +@@ -298,7 +298,7 @@ rsa_pss_decode(const X509_ALGOR *alg, X5 + if (pss->maskGenAlgorithm) { + ASN1_TYPE *param = pss->maskGenAlgorithm->parameter; + if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1 && +- param->type == V_ASN1_SEQUENCE) { ++ param && param->type == V_ASN1_SEQUENCE) { + p = param->value.sequence->data; + plen = param->value.sequence->length; + *pmaskHash = d2i_X509_ALGOR(NULL, &p, plen); diff --git a/dev-libs/libressl/libressl-2.2.4-r1.ebuild b/dev-libs/libressl/libressl-2.2.4-r1.ebuild new file mode 100644 index 000000000000..cbbcb2bc27ab --- /dev/null +++ b/dev-libs/libressl/libressl-2.2.4-r1.ebuild @@ -0,0 +1,50 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit eutils multilib-minimal + +DESCRIPTION="Free version of the SSL/TLS protocol forked from OpenSSL" +HOMEPAGE="http://www.libressl.org/" +SRC_URI="http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${P}.tar.gz" + +LICENSE="ISC openssl" +SLOT="0/35" # reflects ABI of libcrypto.so and libssl.so +KEYWORDS="~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~x86" +IUSE="+asm static-libs" + +RDEPEND="!dev-libs/openssl:0" +DEPEND="${RDEPEND}" +PDEPEND="app-misc/ca-certificates" + +src_prepare() { + touch crypto/Makefile.in + + epatch "${FILESDIR}"/${P}-clientcert.patch + + sed -i \ + -e '/^[ \t]*CFLAGS=/s#-g ##' \ + -e '/^[ \t]*CFLAGS=/s#-g"#"#' \ + -e '/^[ \t]*CFLAGS=/s#-O2 ##' \ + -e '/^[ \t]*CFLAGS=/s#-O2"#"#' \ + -e '/^[ \t]*USER_CFLAGS=/s#-O2 ##' \ + -e '/^[ \t]*USER_CFLAGS=/s#-O2"#"#' \ + configure || die "fixing CFLAGS failed" +} + +multilib_src_configure() { + ECONF_SOURCE="${S}" econf \ + $(use_enable asm) \ + $(use_enable static-libs static) +} + +multilib_src_test() { + emake check +} + +multilib_src_install_all() { + einstalldocs + prune_libtool_files +} diff --git a/dev-libs/libressl/libressl-2.3.1-r1.ebuild b/dev-libs/libressl/libressl-2.3.1-r1.ebuild new file mode 100644 index 000000000000..660a3295f023 --- /dev/null +++ b/dev-libs/libressl/libressl-2.3.1-r1.ebuild @@ -0,0 +1,50 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit eutils multilib-minimal + +DESCRIPTION="Free version of the SSL/TLS protocol forked from OpenSSL" +HOMEPAGE="http://www.libressl.org/" +SRC_URI="http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${P}.tar.gz" + +LICENSE="ISC openssl" +SLOT="0/36" # reflects ABI of libcrypto.so and libssl.so +KEYWORDS="~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~x86" +IUSE="+asm static-libs" + +RDEPEND="!dev-libs/openssl:0" +DEPEND="${RDEPEND}" +PDEPEND="app-misc/ca-certificates" + +src_prepare() { + touch crypto/Makefile.in + + epatch "${FILESDIR}"/${PN}-2.2.4-clientcert.patch + + sed -i \ + -e '/^[ \t]*CFLAGS=/s#-g ##' \ + -e '/^[ \t]*CFLAGS=/s#-g"#"#' \ + -e '/^[ \t]*CFLAGS=/s#-O2 ##' \ + -e '/^[ \t]*CFLAGS=/s#-O2"#"#' \ + -e '/^[ \t]*USER_CFLAGS=/s#-O2 ##' \ + -e '/^[ \t]*USER_CFLAGS=/s#-O2"#"#' \ + configure || die "fixing CFLAGS failed" +} + +multilib_src_configure() { + ECONF_SOURCE="${S}" econf \ + $(use_enable asm) \ + $(use_enable static-libs static) +} + +multilib_src_test() { + emake check +} + +multilib_src_install_all() { + einstalldocs + prune_libtool_files +} |