diff options
author | V3n3RiX <venerix@koprulu.sector> | 2023-06-14 15:21:15 +0100 |
---|---|---|
committer | V3n3RiX <venerix@koprulu.sector> | 2023-06-14 15:21:15 +0100 |
commit | 1c382dc5dbc52576ac2300fee0498af8af44e7b4 (patch) | |
tree | 45d2492f5c659cbb01120d4192c9be34841362bd /dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0466.patch | |
parent | b9e8f3cc44aed3b6da71c7510c6287bf7bbbc66b (diff) |
Revert "gentoo auto-resync : 14:06:2023 - 15:13:45"
This reverts commit b9e8f3cc44aed3b6da71c7510c6287bf7bbbc66b.
Diffstat (limited to 'dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0466.patch')
-rw-r--r-- | dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0466.patch | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0466.patch b/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0466.patch new file mode 100644 index 000000000000..c71665d82e18 --- /dev/null +++ b/dev-libs/openssl/files/openssl-3.0.8-CVE-2023-0466.patch @@ -0,0 +1,41 @@ +commit 51e8a84ce742db0f6c70510d0159dad8f7825908 +Author: Tomas Mraz <tomas@openssl.org> +Date: Tue Mar 21 16:15:47 2023 +0100 + + Fix documentation of X509_VERIFY_PARAM_add0_policy() + + The function was incorrectly documented as enabling policy checking. + + Fixes: CVE-2023-0466 + + Reviewed-by: Matt Caswell <matt@openssl.org> + Reviewed-by: Paul Dale <pauli@openssl.org> + (Merged from https://github.com/openssl/openssl/pull/20563) + +diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod +index 75a1677022..43c1900bca 100644 +--- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod ++++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod +@@ -98,8 +98,9 @@ B<trust>. + X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to + B<t>. Normally the current time is used. + +-X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled +-by default) and adds B<policy> to the acceptable policy set. ++X509_VERIFY_PARAM_add0_policy() adds B<policy> to the acceptable policy set. ++Contrary to preexisting documentation of this function it does not enable ++policy checking. + + X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled + by default) and sets the acceptable policy set to B<policies>. Any existing +@@ -400,6 +401,10 @@ The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i. + The X509_VERIFY_PARAM_get0_host(), X509_VERIFY_PARAM_get0_email(), + and X509_VERIFY_PARAM_get1_ip_asc() functions were added in OpenSSL 3.0. + ++The function X509_VERIFY_PARAM_add0_policy() was historically documented as ++enabling policy checking however the implementation has never done this. ++The documentation was changed to align with the implementation. ++ + =head1 COPYRIGHT + + Copyright 2009-2023 The OpenSSL Project Authors. All Rights Reserved. |