gentoo auto-resync : 13:12:2022 - 21:28:20

author: V3n3RiX <venerix@koprulu.sector> 2022-12-13 21:28:20 +0000
committer: V3n3RiX <venerix@koprulu.sector> 2022-12-13 21:28:20 +0000
commit: b9d995791a762215ef1ced2cc1a47b8d3c2cff1a (patch)
tree: ceff6a3b47b9258682735a5595c9ee8a0427a445 /dev-libs/openssl
parent: 50098d976449286058396cebad0087e28f771b90 (diff)
3 files changed, 39 insertions, 2 deletions
diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index b527e7899dad..ca98d13b7268 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -2,6 +2,7 @@ AUX gentoo.config-1.0.2 5302 BLAKE2B b699533ed86c48c0d033092b4d901de837a6a495113
 AUX openssl-1.1.0j-parallel_install_fix.patch 515 BLAKE2B a1bcffce4dc9e0566e21e753cf1a18ee6eac92aca5880c50b33966d8ecb391f7430e1db6ea5a30ee4e3a9d77fb9e5542e864508b01c325011e368165e079a96c SHA512 0badd29ec8cffd95b2b69a4b8f8eecfc9ea0c00a812b298a650ee353e3965147fd2da1f9058d2d51744838f38168257b89aaf317287c55a7b76f16a69c781828
 AUX openssl-1.1.1i-riscv32.patch 2557 BLAKE2B 97e51303706ee96d3fae46959b91d1021dcbb3efa421866f6e09bbee6287aae95c6f5d9498bd9d8974b0de747ef696242691cfebec90b31dc9e2cc31b41b81ec SHA512 f75ae1034bb9dda7f4959e8a5d6d0dae21200723d82aebfbea58bd1d7775ef4042e49fdf49d5738771d79d764e44a1b6e0da341d210ea51d21516bb3874b626a
 AUX openssl-3.0.5-test-memcmp.patch 581 BLAKE2B 83dd0d05c73185f759e06dc352d196c22cd2359111170523a56f2a1f2b92c769245cda126fc44604f00060995ac4d35d8f573e0c841c8ef23f8d85b598ad08ee SHA512 9e9adde007e48f8af696af82bfeab56bc97a86204efd5fd27f92608afc521cd72f3cb5358b981a35e190b9fd2e02bd6eb499354549300de01fed69ee4f122093
+AUX openssl-3.0.7-x509-CVE-2022-3996.patch 1126 BLAKE2B 9d873e4e63417a4e25b764e1f639a118dc39493e97f4de2ec436058d4515702daae251799ec656c27139e9c2a46ea750c5f0cdaf032d5e7fe3b9916aa5a9fbb1 SHA512 c0e319485e8b3dd02854e0ef1e3a2bee2c5dc01ecc470fad9e4425f43ae4fdb1c4fa70441abed9bdb7833dfdf7e1da164a0461354538d71e4a185bbd80bf0b47
 DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
 DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
@@ -14,5 +15,5 @@ DIST openssl-3.0.7.tar.gz.asc 858 BLAKE2B bd07a6f656cce817038743caf1131ef8d7a21b
 EBUILD openssl-1.0.2u-r1.ebuild 9980 BLAKE2B 0017b72acb2eb86f2927845903c93aacfc9c2812ecc5dd5daa23ffc6dd961a4258181ac2c085798b228df5aa23fff2faf476f880406a7c0eeecde3a8391d6a11 SHA512 7aadb788732ee4dbf32ba34567c8ffc897354ac4028f26ec60fab8f099a445c494825bcaad7a5bc053a1ca3f70bfc0f9e944cce5a4051708555cae24c6c5b9a9
 EBUILD openssl-1.1.1q.ebuild 10190 BLAKE2B d43cbde3d6b34a33f7937b59d0a2770290cc342ff664796bca1c546d2a70ba609d0d8f035c1cf2d8f339bcd82ab651e970a5d9ee55a2a6734a2e17b7187aff59 SHA512 47e480e4344753939cd8f64c1e7dd36eed12b8568cc18dd9691bb4d231088d2f77d1ba5fb79f2f9f3ec18b3bb8fb9c118bbb716af91d0023fe920fc968f081ee
 EBUILD openssl-1.1.1s.ebuild 10158 BLAKE2B 37c2c20d232c239ba52bdd60b225162c4c14022bc10fb2e8e43a2db301d839cb2479dcfbbf640525a40fe8d2767941459a6bb4cd95e35324cc2bbb21d73870f2 SHA512 548b0b19fb692ff69409aed3acea87ab6146977175b43017524dfb4dcc77b911deef94ef29b480a911a712191a9116047ff66aef5ec7de57d796902a6c2f3de3
-EBUILD openssl-3.0.7.ebuild 9822 BLAKE2B 3e02ff1e501324bef649599d0a72a3e98a7964008ec58843ec50c50a4a55f31f390cc9a788a75ce5667b5526247d827c9a84a7aea4cdf76f84e6a18d7bfb419a SHA512 c50987dca5505ccc416c4c88bb41f05e5578a694a1a9cacbde337e36de27a0003badedeb096614965f646ba4e79e387a3b8dbb9c0ff34e26a4466c309a013c22
+EBUILD openssl-3.0.7-r1.ebuild 9867 BLAKE2B 049d5057a35ba2ff74e08be1c8c949b358a10f40b57d7516acb65a51154f7e1467494a2f8fe07635d28f4f7bbc1282d6f1975cd0efd3cdd6ab1da278e6e10789 SHA512 0c36faa55474586c00e091c7e03982d3b9527bf7302d740ecc8d5b77acaf849ca33c0a35d9a03385d26a2bc8831528437e76011f1abbc28c3978996abdfee8c1
 MISC metadata.xml 1664 BLAKE2B cf9d4613e5387e7ec0787b1a6c137baa71effb8458fa63b5dea0be4d5cf7c8607257262dbf89dcc0c3db7b17b10232d32902b7569827bd4f2717b3ef7dffaaa9 SHA512 01deef1de981201c14101630d2a4ae270abcac9a4b27b068359d76f63aeb6075aceb33db60175c105294cb7045aae389168f4cf1edf0f6e3656ccc2fe92e9c92
diff --git a/dev-libs/openssl/files/openssl-3.0.7-x509-CVE-2022-3996.patch b/dev-libs/openssl/files/openssl-3.0.7-x509-CVE-2022-3996.patch
new file mode 100644
index 000000000000..079a4f508ccb
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-3.0.7-x509-CVE-2022-3996.patch
@@ -0,0 +1,35 @@
+https://bugs.gentoo.org/885797
+
+https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7
+https://github.com/openssl/openssl/issues/19643
+
+From 7725e7bfe6f2ce8146b6552b44e0d226be7638e7 Mon Sep 17 00:00:00 2001
+From: Pauli <pauli@openssl.org>
+Date: Fri, 11 Nov 2022 09:40:19 +1100
+Subject: [PATCH] x509: fix double locking problem
+
+This reverts commit 9aa4be691f5c73eb3c68606d824c104550c053f7 and removed the
+redundant flag setting.
+
+Fixes #19643
+
+Fixes LOW CVE-2022-3996
+
+Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/19652)
+
+(cherry picked from commit 4d0340a6d2f327700a059f0b8f954d6160f8eef5)
+--- a/crypto/x509/pcy_map.c
++++ b/crypto/x509/pcy_map.c
+@@ -73,10 +73,6 @@ int ossl_policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
+ 
+     ret = 1;
+  bad_mapping:
+-    if (ret == -1 && CRYPTO_THREAD_write_lock(x->lock)) {
+-        x->ex_flags |= EXFLAG_INVALID_POLICY;
+-        CRYPTO_THREAD_unlock(x->lock);
+-    }
+     sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
+     return ret;
+ 
diff --git a/dev-libs/openssl/openssl-3.0.7.ebuild b/dev-libs/openssl/openssl-3.0.7-r1.ebuild
index 8bde8401c1ce..4a19c01cc36b 100644
--- a/dev-libs/openssl/openssl-3.0.7.ebuild
+++ b/dev-libs/openssl/openssl-3.0.7-r1.ebuild
@@ -1,7 +1,7 @@
 # Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI=7
+EAPI=8
 
 VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
 inherit edo flag-o-matic linux-info toolchain-funcs multilib-minimal multiprocessing verify-sig
@@ -51,6 +51,7 @@ MULTILIB_WRAPPED_HEADERS=(
 )
 
 PATCHES=(
+	"${FILESDIR}"/${P}-x509-CVE-2022-3996.patch
 )
 
 pkg_setup() {
author	V3n3RiX <venerix@koprulu.sector>	2022-12-13 21:28:20 +0000
committer	V3n3RiX <venerix@koprulu.sector>	2022-12-13 21:28:20 +0000
commit	b9d995791a762215ef1ced2cc1a47b8d3c2cff1a (patch)
tree	ceff6a3b47b9258682735a5595c9ee8a0427a445 /dev-libs/openssl
parent	50098d976449286058396cebad0087e28f771b90 (diff)