diff options
Diffstat (limited to 'dev-libs')
| -rw-r--r-- | dev-libs/Manifest.gz | bin | 97861 -> 97866 bytes | |||
| -rw-r--r-- | dev-libs/capstone/Manifest | 7 | ||||
| -rw-r--r-- | dev-libs/capstone/capstone-5.0.ebuild | 92 | ||||
| -rw-r--r-- | dev-libs/capstone/capstone-5.0_rc2-r2.ebuild | 83 | ||||
| -rw-r--r-- | dev-libs/capstone/capstone-5.0_rc2-r3.ebuild | 95 | ||||
| -rw-r--r-- | dev-libs/capstone/capstone-5.0_rc4.ebuild | 91 | ||||
| -rw-r--r-- | dev-libs/json-c/Manifest | 2 | ||||
| -rw-r--r-- | dev-libs/json-c/json-c-0.17.ebuild | 2 | ||||
| -rw-r--r-- | dev-libs/libbpf/Manifest | 2 | ||||
| -rw-r--r-- | dev-libs/libbpf/libbpf-1.2.2.ebuild | 2 | ||||
| -rw-r--r-- | dev-libs/nss/Manifest | 4 | ||||
| -rw-r--r-- | dev-libs/nss/nss-3.91.ebuild | 2 | ||||
| -rw-r--r-- | dev-libs/nss/nss-3.93.ebuild | 2 | ||||
| -rw-r--r-- | dev-libs/openssl/Manifest | 2 | ||||
| -rw-r--r-- | dev-libs/openssl/files/openssl-3.1.1-CVE-2023-2975.patch | 110 | ||||
| -rw-r--r-- | dev-libs/openssl/files/openssl-3.1.1-CVE-2023-3446.patch | 121 |
16 files changed, 10 insertions, 607 deletions
diff --git a/dev-libs/Manifest.gz b/dev-libs/Manifest.gz Binary files differindex 680d362cf8d6..945b51b984fc 100644 --- a/dev-libs/Manifest.gz +++ b/dev-libs/Manifest.gz diff --git a/dev-libs/capstone/Manifest b/dev-libs/capstone/Manifest index b7f217b16026..0e15db33bb3f 100644 --- a/dev-libs/capstone/Manifest +++ b/dev-libs/capstone/Manifest @@ -4,14 +4,7 @@ AUX capstone-5.0_rc2-pkgconfig.patch 464 BLAKE2B 68727cd48eb79d43417df46312d8def AUX capstone-9999-werror.patch 533 BLAKE2B ec2589edaf25bcf551cc3b3321fd77109551270da3fbac1c0457031b14aa9bd85dff06440e219e0db22017898d7f2e779e11f63fdcc7e7112baee040393ca1f4 SHA512 c98e83e296147d4520b5323393347739b07e93ef00a339154de131a31c4eba420a6387c23a4f9382408fa9dc243b55a262f73a48412da6bc7d7d1b31cfb19f11 DIST capstone-4.0.2.tar.gz 3439542 BLAKE2B 435729a8fef2dce6495635352101b3befe563c8404efdbb0dccabecbe2bded332221665bacdbcd9043dda72b652b6f29c0e1a548cefb8c64d5b6b9dc174ed3d9 SHA512 7f93534517307b737422a8825b66b2a1f3e1cca2049465d60ab12595940154aaf843ba40ed348fce58de58b990c19a0caef289060eb72898cb008a88c470970e DIST capstone-5.0.1.tar.gz 7654195 BLAKE2B 83f6681d4c9c748df00daf59f7b33637ab72eee661261c22acae40a6db2def70bb6b5339d731244fdbae6f1e1b0b5b22bb6f60c1390a1bebceb97b3f810aedb0 SHA512 350aba77ce2d96b5c25764913591ba80e4497177ae0a8b2c820c6755ee8310848fbfc54e7ccac27fafc2dbc6778118ad92c53d1b5cb601d4fa146dec7d7e11e5 -DIST capstone-5.0.tar.gz 7636912 BLAKE2B 8980268415a1e66afb9420a4fd4d94dcb78a7022b62a27d7a95ab0eb21a23fc27e2a2e99c0250133f3ff42c589ea7a5dba59c03175ae8f85fe74a80b52790763 SHA512 bb345fe7abaaf4932db93702ce713403aa88d1a63ff931be43f0ef72c5b1a7d17b85df6157fc476e236e009a2bd75cabb2534588387d01b3851e756e6c3e444d -DIST capstone-5.0_rc2.tar.gz 5761725 BLAKE2B 2f5074fe1881309ee2d36cdfeba10bacefbac5c994d42dd3b08c07fe8b70e298d9d18e9c061dad1a54c6368bdc296fd02f30d77f78b1ae05074764e7041aef2c SHA512 fdc4992399a2add960b12ff2495087a97fa66dce85e87375ba9d19e02b7ea5fb16a7efa93d839c2693378f6367efc9df68f192584ba624443d3b0b197d4dcd9a -DIST capstone-5.0_rc4.tar.gz 7640978 BLAKE2B 32f10208ee1789c8818aa321b2d5d11b2aadbc358ae64e862e150d1ddaaa77b9b379175dbbf9c079fb3bc967b40712346e65d7a53003e5dc9ebacab746b821de SHA512 71a685017ad10a25431debe3678e2b29dc3380f78dce3eddaf3ffa26611d1ecc1f191bf930745befc5d45592a8a2887da3a258ab26db460f999d764d3155ac69 EBUILD capstone-4.0.2-r2.ebuild 1536 BLAKE2B ff48fcc776ee396d790f6c1a52a9059fc1db4650b1f73ef5b2de2caa0ed51c662ffef2d53c0008d7a3abb5261dd7ae22fbc0f214882b33e674ab7e64c2929831 SHA512 6b5913274cf1d6c9d6deb0972a2e2d3532b81e52acc88191560effa22bfc8df3374d09ea2ffa5f6ca804c292e671d523793dd937c7e658fe03cbc53ff331f3f7 EBUILD capstone-5.0.1.ebuild 1773 BLAKE2B 8952d592dbcb5868abf9b44e4043af97bb2c73ec5530c15ac3821f23824f0c93a59e703049c37bdff3927f8ec455906e23ef26f49f97cf36e4f08e246e810f67 SHA512 19e295e5cb1df616619d88205585f3bcc49a8ed592dd5410659def33b5291053179f47567793ba9e7851442ac449a193b63b16a21f7cd623f8e54b1e2be766a7 -EBUILD capstone-5.0.ebuild 1779 BLAKE2B 974e024813b3771c03adcbc5267baae54c38ee8c620081d016e96798adb5a1896312d27257c0b0b0838b79056cc480848b24a3820790535f1c89b7eaaf7e7285 SHA512 acc85f8a3b91da14d7f2b28124c32f6c70421de4fc61263bcf0b54a7531c90168893bf6e1b322f8e567c66b114cc2eaf1059ff3ed4347ef419a19960d81c04a1 -EBUILD capstone-5.0_rc2-r2.ebuild 1530 BLAKE2B 3cd7be6305deefb6c8c2b404119f9a139856c3156c255bac229bb0b2817a694f47e260a7e6e1385518f426e8ec10a2f64232039f00dfac40f7c0bfec88847ee9 SHA512 ff56bf0e531e1284963d79a5917fd3cc15c269f5986d5adba51fb3476abd629b85a390649dd011f44f3344028813a8349b0d27a4274c6d1ae86794a38eda05b0 -EBUILD capstone-5.0_rc2-r3.ebuild 1824 BLAKE2B 57736dfd1a9b27e17bbb50ec109055cfb4204d5f38663c5810dd050ab945da758a5a3c9e19f0e7570fb0684f3ac1949e04684dd91e122d11d244abaf240f7a5b SHA512 5ba56034e254ff783ea48cc3e26145a9360b0d8f0917d3699ecbfe2c3c93c3c1dd9c2f543303d00939616e84edfdcd72d28f76e3d6c73c0ee6674dd0b473d6b3 -EBUILD capstone-5.0_rc4.ebuild 1752 BLAKE2B 824b3ca5c3136cf505b04a833369fe87fef39f0d0de4ea45570b8fbf7c98a45b588f613570fbc002b2fb5024dcbbad40e02724fafc533cc8a0c0bbdc51331f62 SHA512 291d508f410aa39fc10e3a8f27638dc013be0c826deaf319ec064a192fc44aa9120e4202be77a4f5d7bf7dc7b2aca70f8b23332e5c3ebdacdb7885f1fbb1cbe7 EBUILD capstone-9999.ebuild 2011 BLAKE2B ba99ea124dc4bde09972d93f5f13878eb79efba8faec9fe0be830a4b925257bdcba3776d5eedf7675c5788438935993e05e987c4c4e22cf74a43e793cbd809ca SHA512 0f43f3a9a17bf0b20aedaa6373c774ec15b551e6641b311857c3d7fba83cc2f0a7c2e04c3f7eb48ff85a95343fa53ef6ce22e8f850a86db484f93d637a9130cc MISC metadata.xml 484 BLAKE2B 32c39bf06443ce4ca18191a4c9626cf517d5bd4f837c179e6186a68a0053217bf41d61d2c4d46c9792b1974879d22b36e4a02fa461a1b085acf5c4406bde4891 SHA512 f06dcd3133982f72cf21c5bb3d9a34207d7083233b5e70856f6a1dab60ef361cf1432659af30ea6b90fcb38cfdaec49f0792623ef841e136bc33cb5e1c40d1cf diff --git a/dev-libs/capstone/capstone-5.0.ebuild b/dev-libs/capstone/capstone-5.0.ebuild deleted file mode 100644 index f34cfc5ee6a5..000000000000 --- a/dev-libs/capstone/capstone-5.0.ebuild +++ /dev/null @@ -1,92 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -PYTHON_COMPAT=( python3_{10..12} ) -DISTUTILS_EXT=1 -DISTUTILS_OPTIONAL=1 -DISTUTILS_USE_PEP517=setuptools - -inherit cmake distutils-r1 toolchain-funcs - -DESCRIPTION="disassembly/disassembler framework + bindings" -HOMEPAGE="https://www.capstone-engine.org/" - -if [[ ${PV} == 9999 ]]; then - inherit git-r3 - EGIT_REPO_URI="https://github.com/capstone-engine/capstone.git" - EGIT_REPO_BRANCH="next" -else - MY_PV="${PV/_rc/-rc}-post1" - SRC_URI="https://github.com/capstone-engine/capstone/archive/${MY_PV}.tar.gz -> ${P}.tar.gz" - S="${WORKDIR}/${PN}-${MY_PV}" - KEYWORDS="amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv x86" -fi - -LICENSE="BSD" -SLOT="0/5" # libcapstone.so.5 - -IUSE="python static-libs test" -RDEPEND="python? ( ${PYTHON_DEPS} )" -DEPEND="${RDEPEND} - python? ( dev-python/setuptools[${PYTHON_USEDEP}] ) -" -BDEPEND="${DISTUTILS_DEPS}" -REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" - -distutils_enable_tests setup.py - -if [[ ${PV} == *_rc* ]]; then - # Upstream doesn't flag release candidates (bug 858350) - QA_PKGCONFIG_VERSION="" -fi - -wrap_python() { - local phase=$1 - shift - - if use python; then - pushd bindings/python >/dev/null || die - distutils-r1_${phase} "$@" - popd >/dev/null || die - fi -} - -src_prepare() { - tc-export RANLIB - cmake_src_prepare - - wrap_python ${FUNCNAME} -} - -src_configure() { - local mycmakeargs=( - -DCAPSTONE_BUILD_TESTS="$(usex test)" - ) - cmake_src_configure - - wrap_python ${FUNCNAME} -} - -src_compile() { - cmake_src_compile - - wrap_python ${FUNCNAME} -} - -src_test() { - cmake_src_test - - wrap_python ${FUNCNAME} -} - -src_install() { - cmake_src_install - - wrap_python ${FUNCNAME} - - if ! use static-libs ; then - find "${ED}" -name '*.a' -delete || die - fi -} diff --git a/dev-libs/capstone/capstone-5.0_rc2-r2.ebuild b/dev-libs/capstone/capstone-5.0_rc2-r2.ebuild deleted file mode 100644 index fe79e806cfad..000000000000 --- a/dev-libs/capstone/capstone-5.0_rc2-r2.ebuild +++ /dev/null @@ -1,83 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -DISTUTILS_OPTIONAL=1 -PYTHON_COMPAT=( python3_{9..11} ) - -inherit cmake distutils-r1 toolchain-funcs - -DESCRIPTION="disassembly/disassembler framework + bindings" -HOMEPAGE="https://www.capstone-engine.org/" -SRC_URI="https://github.com/capstone-engine/capstone/archive/${PV/_rc/-rc}.tar.gz -> ${P}.tar.gz" - -LICENSE="BSD" -SLOT="0/5" # libcapstone.so.5 -KEYWORDS="amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv x86" - -IUSE="python test" -RDEPEND="python? ( ${PYTHON_DEPS} )" -DEPEND="${RDEPEND} - python? ( dev-python/setuptools[${PYTHON_USEDEP}] ) -" -REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" - -distutils_enable_tests setup.py - -S=${WORKDIR}/${P/_rc/-rc} - -PATCHES=( - "${FILESDIR}"/${P}-pkgconfig.patch - "${FILESDIR}"/${P}-oob-mem-access.patch -) - -if [[ ${PV} == *_rc* ]]; then - # Upstream doesn't flag release candidates (bug 858350) - QA_PKGCONFIG_VERSION="" -fi - -wrap_python() { - local phase=$1 - shift - - if use python; then - pushd bindings/python >/dev/null || die - distutils-r1_${phase} "$@" - popd >/dev/null || die - fi -} - -src_prepare() { - tc-export RANLIB - cmake_src_prepare - - wrap_python ${FUNCNAME} -} - -src_configure() { - local mycmakeargs=( - -DCAPSTONE_BUILD_TESTS="$(usex test)" - ) - cmake_src_configure - - wrap_python ${FUNCNAME} -} - -src_compile() { - cmake_src_compile - - wrap_python ${FUNCNAME} -} - -src_test() { - cmake_src_test - - wrap_python ${FUNCNAME} -} - -src_install() { - cmake_src_install - - wrap_python ${FUNCNAME} -} diff --git a/dev-libs/capstone/capstone-5.0_rc2-r3.ebuild b/dev-libs/capstone/capstone-5.0_rc2-r3.ebuild deleted file mode 100644 index c2a407fa7ca8..000000000000 --- a/dev-libs/capstone/capstone-5.0_rc2-r3.ebuild +++ /dev/null @@ -1,95 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -DISTUTILS_OPTIONAL=1 -PYTHON_COMPAT=( python3_{9..11} ) -DISTUTILS_USE_PEP517=setuptools - -inherit cmake distutils-r1 toolchain-funcs - -DESCRIPTION="disassembly/disassembler framework + bindings" -HOMEPAGE="https://www.capstone-engine.org/" - -if [[ ${PV} == 9999 ]]; then - inherit git-r3 - EGIT_REPO_URI="https://github.com/capstone-engine/capstone.git" - EGIT_REPO_BRANCH="next" -else - SRC_URI="https://github.com/capstone-engine/capstone/archive/${PV/_rc/-rc}.tar.gz -> ${P}.tar.gz" - S=${WORKDIR}/${P/_rc/-rc} - KEYWORDS="amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv x86" -fi - -LICENSE="BSD" -SLOT="0/5" # libcapstone.so.5 - -IUSE="python static-libs test" -RDEPEND="python? ( ${PYTHON_DEPS} )" -DEPEND="${RDEPEND} - python? ( dev-python/setuptools[${PYTHON_USEDEP}] ) -" -BDEPEND="${DISTUTILS_DEPS}" -REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" - -distutils_enable_tests setup.py - -PATCHES=( - "${FILESDIR}"/${P}-pkgconfig.patch - "${FILESDIR}"/${P}-oob-mem-access.patch -) - -if [[ ${PV} == *_rc* ]]; then - # Upstream doesn't flag release candidates (bug 858350) - QA_PKGCONFIG_VERSION="" -fi - -wrap_python() { - local phase=$1 - shift - - if use python; then - pushd bindings/python >/dev/null || die - distutils-r1_${phase} "$@" - popd >/dev/null || die - fi -} - -src_prepare() { - tc-export RANLIB - cmake_src_prepare - - wrap_python ${FUNCNAME} -} - -src_configure() { - local mycmakeargs=( - -DCAPSTONE_BUILD_TESTS="$(usex test)" - ) - cmake_src_configure - - wrap_python ${FUNCNAME} -} - -src_compile() { - cmake_src_compile - - wrap_python ${FUNCNAME} -} - -src_test() { - cmake_src_test - - wrap_python ${FUNCNAME} -} - -src_install() { - cmake_src_install - - wrap_python ${FUNCNAME} - - if ! use static-libs ; then - find "${ED}" -name '*.a' -delete || die - fi -} diff --git a/dev-libs/capstone/capstone-5.0_rc4.ebuild b/dev-libs/capstone/capstone-5.0_rc4.ebuild deleted file mode 100644 index 67ee41c5cd22..000000000000 --- a/dev-libs/capstone/capstone-5.0_rc4.ebuild +++ /dev/null @@ -1,91 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -PYTHON_COMPAT=( python3_{9..11} ) -DISTUTILS_EXT=1 -DISTUTILS_OPTIONAL=1 -DISTUTILS_USE_PEP517=setuptools - -inherit cmake distutils-r1 toolchain-funcs - -DESCRIPTION="disassembly/disassembler framework + bindings" -HOMEPAGE="https://www.capstone-engine.org/" - -if [[ ${PV} == 9999 ]]; then - inherit git-r3 - EGIT_REPO_URI="https://github.com/capstone-engine/capstone.git" - EGIT_REPO_BRANCH="next" -else - SRC_URI="https://github.com/capstone-engine/capstone/archive/${PV/_rc/-rc}.tar.gz -> ${P}.tar.gz" - S=${WORKDIR}/${P/_rc/-rc} - KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~x86" -fi - -LICENSE="BSD" -SLOT="0/5" # libcapstone.so.5 - -IUSE="python static-libs test" -RDEPEND="python? ( ${PYTHON_DEPS} )" -DEPEND="${RDEPEND} - python? ( dev-python/setuptools[${PYTHON_USEDEP}] ) -" -BDEPEND="${DISTUTILS_DEPS}" -REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" - -distutils_enable_tests setup.py - -if [[ ${PV} == *_rc* ]]; then - # Upstream doesn't flag release candidates (bug 858350) - QA_PKGCONFIG_VERSION="" -fi - -wrap_python() { - local phase=$1 - shift - - if use python; then - pushd bindings/python >/dev/null || die - distutils-r1_${phase} "$@" - popd >/dev/null || die - fi -} - -src_prepare() { - tc-export RANLIB - cmake_src_prepare - - wrap_python ${FUNCNAME} -} - -src_configure() { - local mycmakeargs=( - -DCAPSTONE_BUILD_TESTS="$(usex test)" - ) - cmake_src_configure - - wrap_python ${FUNCNAME} -} - -src_compile() { - cmake_src_compile - - wrap_python ${FUNCNAME} -} - -src_test() { - cmake_src_test - - wrap_python ${FUNCNAME} -} - -src_install() { - cmake_src_install - - wrap_python ${FUNCNAME} - - if ! use static-libs ; then - find "${ED}" -name '*.a' -delete || die - fi -} diff --git a/dev-libs/json-c/Manifest b/dev-libs/json-c/Manifest index 3c452a039497..cb2e16fdb82e 100644 --- a/dev-libs/json-c/Manifest +++ b/dev-libs/json-c/Manifest @@ -1,6 +1,6 @@ DIST json-c-0.16.tar.gz 351916 BLAKE2B 11457fa39330338c85bfdfb0dd38fc703ad6942e730ba090c9fe017dfb81ef905d7b1bb1c768b9b51f6445a8cf3cf4007d7740be3a9878f8062edc62ba554c66 SHA512 255cff99033340b2c2678255d41dae7808f83ed0c102e693d2d9e186bd1f21dd1385fcaa360c0fc087a00965a9567fbda733370e6b518a9be2f1bb0a80439151 DIST json-c-0.17.tar.gz 390045 BLAKE2B 26be25141447f2b652fa09d7096141a8bf7992469bcc53b275c1bc0108fc36a8898a8185c381218d3146d00fa03bdd0b837be073410fc93af943b5f083dbaa69 SHA512 4cbedd559502bf9014cfcd1d0bb8bb80d2abac4e969d95d4170123cd9cbafb0756b913fdbb83f666d14f674d6539a60ed1c5d0eb03c36b8037a2e00dc1636e19 EBUILD json-c-0.16-r1.ebuild 1015 BLAKE2B eedc8461e221573689072f789e5585f58389befcda995650cc14ea1f37eaf1205702052b2faeebdf4d6083d99173c8072d3b82d5d0452de25860695f8183da4d SHA512 66cb5b5aa00a6f44334e0bdb7081d746e87fda879b1b3bbc5fd0d9ba37523ec2e461eb010b195bc4bcfffbedf0fe0c27363de0a99252690a621b167f1c9626a2 -EBUILD json-c-0.17.ebuild 1127 BLAKE2B c6b3f1b54c7812f10d755e5f54ca9c7a0ddebfc582948df731a9a9dabe41e4061413154ced41c7753f127e6f25f0ed322ee2c8e9eea8e80743e9bc40b14053eb SHA512 e6031a4f20628138dabcad558ffb55cbfcc63d4eafc83e3a8239df441249fa0ea9e167a2650ccdc8d0e2c814d1a9b49349588b331b58cc64cda64c50833a3fdd +EBUILD json-c-0.17.ebuild 1126 BLAKE2B a7977ca935d9a636f1e82160730f63a6221d5c21676822017d5c950326730933b78111f7326ca7432a508c36c8189d220c7640d2e2f4b62a3491de8887b9610f SHA512 6d8b9adaf6348916f4875939265da6d8284818240abae0f59ee267714a75795fdb173f926f4687e652b247f490bcb5438c04e5a28d8dae07587b8934adc14e20 EBUILD json-c-9999.ebuild 1214 BLAKE2B af6f1dbfba3d9c60706d96b3247e0cb6b050f1ba9ff607e93ab1b5d4b3d637603beffd289148b70c6234134dcf65d11340d44435892b6d165c5c8c41103c623d SHA512 aa8f87c111619248d56279908039e168783e7adaca98d3e7533cd5eb05c8eacbc6309e523043f3175afbbd1388a62b5227d2f4e26ab4c43728375150e1bfbb95 MISC metadata.xml 1011 BLAKE2B d9f64f6e06a3b1a5bb315e35590426e9e87d777bf2fe73a7f8c57e6730ce99236d071d7d9ddf190e654e39e91d4134fdd07689afa958d6aec69dc5a787e95bf8 SHA512 731afa46afd8fdd519425c1a58f791f4d999333e726426770a0f37e552d640d4a198f6b2eb859dca3c4aca21f3e1fc8ad147de0e07efcede14b5d791b66e4e72 diff --git a/dev-libs/json-c/json-c-0.17.ebuild b/dev-libs/json-c/json-c-0.17.ebuild index 9bde58312630..57991331313c 100644 --- a/dev-libs/json-c/json-c-0.17.ebuild +++ b/dev-libs/json-c/json-c-0.17.ebuild @@ -11,7 +11,7 @@ SRC_URI="https://s3.amazonaws.com/json-c_releases/releases/${P}.tar.gz" LICENSE="MIT" SLOT="0/5" -KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos" +KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~mips ppc ~ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos" IUSE="cpu_flags_x86_rdrand static-libs threads" MULTILIB_WRAPPED_HEADERS=( diff --git a/dev-libs/libbpf/Manifest b/dev-libs/libbpf/Manifest index 95c68cb522a8..34142e9fe08d 100644 --- a/dev-libs/libbpf/Manifest +++ b/dev-libs/libbpf/Manifest @@ -4,6 +4,6 @@ DIST libbpf-1.2.0.tar.gz 999623 BLAKE2B cd10fd9133f01d3f8dbd5ed4585e5605c3b9fb0d DIST libbpf-1.2.2.tar.gz 1000104 BLAKE2B 45a2ceabd38b3ea55f466de68d0806df6ae802b509063ca12d670ba972bac3dc5c7e518e8c9904915dbc9877c27ea892a7b857aa03d4e86016969b2d278b0b4a SHA512 bc7620207e6f521b9b5baab00bd81346084b8eabf81bff3ec24e5367d389f2a331a0b082798f8bb5d4fea836c3c0cc961fc881abc3a4e05d91152150bdfe47be EBUILD libbpf-0.8.1.ebuild 1153 BLAKE2B 98da8cd35ab316a4bbf9d4e6a9c40b278ecd1385d8077a16e4582fb9a4209c40ebcf4ec9e24d3312334ace6c2f99da9732e7a9379a0dd478baa66bdd790a4793 SHA512 16a7e9a08fe9d782da9f57727b50592d42c7cfcd5cbf407197c5764e2a7175f0277a116e25379092e0f67adac353513f614d9bfe2edac2990d0fc91d5adc9a26 EBUILD libbpf-1.2.0.ebuild 1185 BLAKE2B 57c4bfa90f1601343e66e0233c30af684c47688eda103bd2672472cf6a199f8849f0821d2e889e583dc09a4a8e36b9a9f92fb3d1abb6e2db844b5f57c3566489 SHA512 ab6998bfa3a4674c6df8ccfa0b46216779d6ea48d22f33a45836f233f3c755b714aeada2f8950814a083a1a490ca10672df60351b9c8ece555fe98a3a1bb5c27 -EBUILD libbpf-1.2.2.ebuild 1186 BLAKE2B d02a7ac2dad2d30be97960ffd9207952e988ee290e63c628580da74e1c3d371749b9b940b415cb1958fb5e011a42fe3293ab900a73836e1a7be730a112c2b701 SHA512 bedd5ab01e038659e486091de0e928a76a7d29b7caa9a02bb8ebabb40ff02bb3bf08e4d51316a82937a16d74e35f8ff123d397da78e6ab60cc7e7856207821aa +EBUILD libbpf-1.2.2.ebuild 1185 BLAKE2B 57c4bfa90f1601343e66e0233c30af684c47688eda103bd2672472cf6a199f8849f0821d2e889e583dc09a4a8e36b9a9f92fb3d1abb6e2db844b5f57c3566489 SHA512 ab6998bfa3a4674c6df8ccfa0b46216779d6ea48d22f33a45836f233f3c755b714aeada2f8950814a083a1a490ca10672df60351b9c8ece555fe98a3a1bb5c27 EBUILD libbpf-9999.ebuild 1192 BLAKE2B e26a265cb13392e4e90e48ab96cabad38188e9b28ccf40e8e7b11a08117193dbe025f5ab71c09da29a7e3ab2561c154389e87be9b1a1fba8e7d57eb3105a07bb SHA512 955be1dde34476c2b66014f9b3da584ea38459105f49980e29fd943198feb3ee228a6ffb121c9bbce7c109712c37bbc8996f8cc4715eba626bd08aadaa23d7e8 MISC metadata.xml 420 BLAKE2B c61b50bd86dd9d110c35d57a9352ca3862790460f0a6f8e4be9e4ac2eb603fe6c1d6bbe8d77e9fdf32d08e7aaf19349516f25a0fdcb29e2671d71d2c230fc1f5 SHA512 131f77e33aa5b3cbc037a297fe0ed9affbcb956b4c7ddc64889eba5f8315f5090ae4fd7a6054f8961461072ca77d13f8bc6674f3ed27372b7b96c4322c487676 diff --git a/dev-libs/libbpf/libbpf-1.2.2.ebuild b/dev-libs/libbpf/libbpf-1.2.2.ebuild index 9865da3227cf..a82b4169cdc1 100644 --- a/dev-libs/libbpf/libbpf-1.2.2.ebuild +++ b/dev-libs/libbpf/libbpf-1.2.2.ebuild @@ -10,7 +10,7 @@ if [[ ${PV} =~ [9]{4,} ]]; then EGIT_REPO_URI="https://github.com/libbpf/libbpf.git" else SRC_URI="https://github.com/${PN}/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" - KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc x86" + KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" fi S="${WORKDIR}/${P}/src" diff --git a/dev-libs/nss/Manifest b/dev-libs/nss/Manifest index cde4df482f65..42def83da40b 100644 --- a/dev-libs/nss/Manifest +++ b/dev-libs/nss/Manifest @@ -11,8 +11,8 @@ DIST nss-3.93.tar.gz 72281331 BLAKE2B 99e50f450a451f2b0bc0aad9b0fba405c987d88546 DIST nss-3.94.tar.gz 76580364 BLAKE2B ad7d4fb7c8ddb063100b70717642677fcea177e46f04cf1a172eb4a7d565f99fdf0fca8b431498d83948f88aa89d4d53fbbc871cd8d64fb95242990eae203852 SHA512 3a839a6cc7267e45749f769621c3e8823f92cb654ee40460187e59b50825bb0f84ca278cd61881a3e0e7d95f95e0ffcd266a10c780cdcf8a08a2f0a9bb71892f DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4 EBUILD nss-3.79.4.ebuild 10715 BLAKE2B 0b5947e1a5f4f0e4bc3d037a92116c25d3995b8e3c3a912e23e17b96136564b89946013dca40351b698af2a974b698cca0fd4832fff9e07d78ae628744a8c0eb SHA512 f519e6c3a17ef0bd51291ed8f210ae2b20c8faa9fe5f3cb0b5466a37b63bd7606420e1f90e46fa05632cda31f0482230a7aba6ce48006e5cf846bf42f9d6bc86 -EBUILD nss-3.91.ebuild 11380 BLAKE2B 5f022bd02670517dc2dc9ac8c7223e20d070f78aafc92b0cf006548e332079693594889a016e7301aa3b41a061b792021fc04f687b52e1baf5637646cb0d23ff SHA512 0eaf0b67551b9f156f28be0fb6c47dac00c0bd27276e1688a3498dd0f250f04875f1f2ac76f7beef4fb6f25c9af737d484732901b5c6a4060164a2209ce78fe4 +EBUILD nss-3.91.ebuild 11472 BLAKE2B 9b3fba4c0ed92382674a29139044b1ccdcbf0e1b73fc0c3c6a8f5c70b593932008086dad58f731c5d2dcabe9a1f73800b775b6f9841b053fe71210a5bcc562dd SHA512 3ec88411ab7883f18c382c7e867e5b709a3d79585b64badca960422c11f2ffd71c13c79703e19a5692f5f9823593ffd9bf81cb7faf3b7fcf963dc420641c3115 EBUILD nss-3.92.ebuild 11335 BLAKE2B 5f94b4d9687ab37207861670a97d856f91e30f0ea57f0f67c4e3c18066939db2dc3c79cbbddacca53515fd49f3211fda4c84be2cf37e16967e7fd1e7c9d56344 SHA512 313d21c4ea9f4c009b828ee2c3bea5a9b5999822e0a7890950f0952a3c95f59313dba9bff7c18926539b8c2673b295de1dda3f4f678efbe83403180e65454c92 -EBUILD nss-3.93.ebuild 11335 BLAKE2B 5f94b4d9687ab37207861670a97d856f91e30f0ea57f0f67c4e3c18066939db2dc3c79cbbddacca53515fd49f3211fda4c84be2cf37e16967e7fd1e7c9d56344 SHA512 313d21c4ea9f4c009b828ee2c3bea5a9b5999822e0a7890950f0952a3c95f59313dba9bff7c18926539b8c2673b295de1dda3f4f678efbe83403180e65454c92 +EBUILD nss-3.93.ebuild 11427 BLAKE2B 38dfc4561aeae8208e5af788640ebce0ab87923dbd1cec0ca4b701e68a620f28cbba023705b97d4215a0ad8d04d6f8b53b6a62c836b54329b6b1e0c566e84a0f SHA512 1f61e5af486ae8625464eeba10f19df6fd4747ea14df5f4da176a66aa9f3e69d76fdb9a5a9a980f8fc752072f5f12ada732ba37e83a7f042560af5372b7a81b8 EBUILD nss-3.94.ebuild 11483 BLAKE2B 84ee4638a5252deeb03f83cd1a3835d13ec8b55b8f53181be4157f4b56f2f5cee6308f5b93e668210283e6ffce9a4ab1c1931822b23fd9f3a0fd174f56de2d61 SHA512 134285d8e55bab7297d6147ebffbb7dc6d954ac2a7bd71b61f57131e38b025cbb7e80872ba5719223a01d5f14f9f05cdeedae73adbdd8de5d7928fa9dc4fba2e MISC metadata.xml 603 BLAKE2B 74c5a84f8a860b6a43731ed83cd40373187236de7add14ca33f3417eb0cfc165aa5df5308dca14b4664bcfe453e0f328988df4459af5781da4cbcb7bfc00e93d SHA512 9d7fb0be71d18ad1da440de047f4430bd3b50a8584d8dccd43e5e4cdf050f5c5cfeb34cd82ea617f2419ff092908becd1508eb7efcf54f3cca8c7f36af9517bb diff --git a/dev-libs/nss/nss-3.91.ebuild b/dev-libs/nss/nss-3.91.ebuild index af7565b1cdfa..3cbea7fe57fa 100644 --- a/dev-libs/nss/nss-3.91.ebuild +++ b/dev-libs/nss/nss-3.91.ebuild @@ -238,6 +238,8 @@ multilib_src_test() { export DOMSUF="localdomain" export USE_IP=TRUE export IP_ADDRESS="127.0.0.1" + # Per README, this is recommended to make run tests quicker. + export NSS_CYCLES="standard" NSINSTALL="${PWD}/$(find -type f -name nsinstall)" diff --git a/dev-libs/nss/nss-3.93.ebuild b/dev-libs/nss/nss-3.93.ebuild index 051c4682bcae..e5b28698782c 100644 --- a/dev-libs/nss/nss-3.93.ebuild +++ b/dev-libs/nss/nss-3.93.ebuild @@ -237,6 +237,8 @@ multilib_src_test() { export DOMSUF="localdomain" export USE_IP=TRUE export IP_ADDRESS="127.0.0.1" + # Per README, this is recommended to make run tests quicker. + export NSS_CYCLES="standard" NSINSTALL="${PWD}/$(find -type f -name nsinstall)" diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest index 45221acdb647..1dfd336f19eb 100644 --- a/dev-libs/openssl/Manifest +++ b/dev-libs/openssl/Manifest @@ -4,8 +4,6 @@ AUX openssl-1.1.0j-parallel_install_fix.patch 515 BLAKE2B a1bcffce4dc9e0566e21e7 AUX openssl-1.1.1i-riscv32.patch 2557 BLAKE2B 97e51303706ee96d3fae46959b91d1021dcbb3efa421866f6e09bbee6287aae95c6f5d9498bd9d8974b0de747ef696242691cfebec90b31dc9e2cc31b41b81ec SHA512 f75ae1034bb9dda7f4959e8a5d6d0dae21200723d82aebfbea58bd1d7775ef4042e49fdf49d5738771d79d764e44a1b6e0da341d210ea51d21516bb3874b626a AUX openssl-3.0.9-CVE-2023-2975.patch 4607 BLAKE2B 6f668ab581573b4092a2e1b65f55288a77d48aa62053d6ce088f5e587cdc3ef6687522c36c21016f1095e8b1c036d28e54f1121eab2f13c821a08866930c7b0a SHA512 f070adb3722fa7561039efb149756571ba87d03094ff009a2fec433d5c3f24e99ca26bd67f73fd219c95a8117ca522ced9e501da7657f3e5a43a14727c34c889 AUX openssl-3.0.9-CVE-2023-3446.patch 4406 BLAKE2B 2ec4d353197bfcdfd953001228e9946436e4fced5d554d3e3b7fe9fc4a64d2f54fc2abbf294b47c37a1fc3a10a313c200d8bf8f100052103080b83144cab927d SHA512 e2e7ff2cddba0fb7bb3909c897aac8403de2accdfef23222371196bbf9d5c608a1b8505ef7ef2f15cb0bd9223d05e7195af4d66f96671c41c07dae0b5454b752 -AUX openssl-3.1.1-CVE-2023-2975.patch 4608 BLAKE2B 0e25fac29905f00f66d85210310783dd9a9e8f3d7e003789481fe27767282d81d28255238ac2b358b5b0460f43ad13a5c877d0650279f56661d5f86710db7eaa SHA512 29496068d5fb7c981e5341a0228bf14bfaf5062f30edcf3856a191d9061a30cb23054e4db6a89e1b6c90493576e747af1044d02b15a22ce386c99b570787d2dc -AUX openssl-3.1.1-CVE-2023-3446.patch 4407 BLAKE2B 78b14b2c6513475f4dadfa74eb6bb51e51b11eea9840a391b7eb29a37b26ebc4b2ed7f731cf029bb4152fbd3c8e684887be885ac79c471bd5d91fb1e60ff461d SHA512 8252fb9e1181517dc331ef241e892ad718a6bbaf381ca18baa1b3a68d8d83a963b90d999a77570a86dfb897b8ca3b6210d91816d49285a2b2404def0df576292 DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659 DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32 diff --git a/dev-libs/openssl/files/openssl-3.1.1-CVE-2023-2975.patch b/dev-libs/openssl/files/openssl-3.1.1-CVE-2023-2975.patch deleted file mode 100644 index 5abf60737dbd..000000000000 --- a/dev-libs/openssl/files/openssl-3.1.1-CVE-2023-2975.patch +++ /dev/null @@ -1,110 +0,0 @@ -https://github.com/openssl/openssl/commit/6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc -https://github.com/openssl/openssl/commit/76214c4a8f3374b786811fdfeda3d98690f8faf4 - -From 6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc Mon Sep 17 00:00:00 2001 -From: Tomas Mraz <tomas@openssl.org> -Date: Tue, 4 Jul 2023 17:30:35 +0200 -Subject: [PATCH] Do not ignore empty associated data with AES-SIV mode - -The AES-SIV mode allows for multiple associated data items -authenticated separately with any of these being 0 length. - -The provided implementation ignores such empty associated data -which is incorrect in regards to the RFC 5297 and is also -a security issue because such empty associated data then become -unauthenticated if an application expects to authenticate them. - -Fixes CVE-2023-2975 - -Reviewed-by: Matt Caswell <matt@openssl.org> -Reviewed-by: Paul Dale <pauli@openssl.org> -(Merged from https://github.com/openssl/openssl/pull/21384) - -(cherry picked from commit c426c281cfc23ab182f7d7d7a35229e7db1494d9) ---- a/providers/implementations/ciphers/cipher_aes_siv.c -+++ b/providers/implementations/ciphers/cipher_aes_siv.c -@@ -120,14 +120,18 @@ static int siv_cipher(void *vctx, unsigned char *out, size_t *outl, - if (!ossl_prov_is_running()) - return 0; - -- if (inl == 0) { -- *outl = 0; -- return 1; -- } -+ /* Ignore just empty encryption/decryption call and not AAD. */ -+ if (out != NULL) { -+ if (inl == 0) { -+ if (outl != NULL) -+ *outl = 0; -+ return 1; -+ } - -- if (outsize < inl) { -- ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); -- return 0; -+ if (outsize < inl) { -+ ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); -+ return 0; -+ } - } - - if (ctx->hw->cipher(ctx, out, in, inl) <= 0) - -From 76214c4a8f3374b786811fdfeda3d98690f8faf4 Mon Sep 17 00:00:00 2001 -From: Tomas Mraz <tomas@openssl.org> -Date: Tue, 4 Jul 2023 17:50:37 +0200 -Subject: [PATCH] Add testcases for empty associated data entries with AES-SIV - -Reviewed-by: Matt Caswell <matt@openssl.org> -Reviewed-by: Paul Dale <pauli@openssl.org> -(Merged from https://github.com/openssl/openssl/pull/21384) - -(cherry picked from commit 3993bb0c0c87e3ed0ab4274e4688aa814e164cfc) ---- a/test/recipes/30-test_evp_data/evpciph_aes_siv.txt -+++ b/test/recipes/30-test_evp_data/evpciph_aes_siv.txt -@@ -20,6 +20,19 @@ Tag = 85632d07c6e8f37f950acd320a2ecc93 - Plaintext = 112233445566778899aabbccddee - Ciphertext = 40c02b9690c4dc04daef7f6afe5c - -+Cipher = aes-128-siv -+Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff -+Tag = f1c5fdeac1f15a26779c1501f9fb7588 -+Plaintext = 112233445566778899aabbccddee -+Ciphertext = 27e946c669088ab06da58c5c831c -+ -+Cipher = aes-128-siv -+Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff -+AAD = -+Tag = d1022f5b3664e5a4dfaf90f85be6f28a -+Plaintext = 112233445566778899aabbccddee -+Ciphertext = b66cff6b8eca0b79f083b39a0901 -+ - Cipher = aes-128-siv - Key = 7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f - AAD = 00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100 -@@ -29,6 +42,24 @@ Tag = 7bdb6e3b432667eb06f4d14bff2fbd0f - Plaintext = 7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553 - Ciphertext = cb900f2fddbe404326601965c889bf17dba77ceb094fa663b7a3f748ba8af829ea64ad544a272e9c485b62a3fd5c0d - -+Cipher = aes-128-siv -+Key = 7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f -+AAD = 00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100 -+AAD = -+AAD = 09f911029d74e35bd84156c5635688c0 -+Tag = 83ce6593a8fa67eb6fcd2819cedfc011 -+Plaintext = 7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553 -+Ciphertext = 30d937b42f71f71f93fc2d8d702d3eac8dc7651eefcd81120081ff29d626f97f3de17f2969b691c91b69b652bf3a6d -+ -+Cipher = aes-128-siv -+Key = 7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f -+AAD = -+AAD = 00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100 -+AAD = 09f911029d74e35bd84156c5635688c0 -+Tag = 77dd4a44f5a6b41302121ee7f378de25 -+Plaintext = 7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553 -+Ciphertext = 0fcd664c922464c88939d71fad7aefb864e501b0848a07d39201c1067a7288f3dadf0131a823a0bc3d588e8564a5fe -+ - Cipher = aes-192-siv - Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfefffffefdfcfbfaf9f8f7f6f5f4f3f2f1f0 - AAD = 101112131415161718191a1b1c1d1e1f2021222324252627 - diff --git a/dev-libs/openssl/files/openssl-3.1.1-CVE-2023-3446.patch b/dev-libs/openssl/files/openssl-3.1.1-CVE-2023-3446.patch deleted file mode 100644 index 781b0c8f48b3..000000000000 --- a/dev-libs/openssl/files/openssl-3.1.1-CVE-2023-3446.patch +++ /dev/null @@ -1,121 +0,0 @@ -https://github.com/openssl/openssl/commit/fc9867c1e03c22ebf56943be205202e576aabf23 -https://github.com/openssl/openssl/commit/4791e79b8803924b28c19af4d4036ad85335110d - -From fc9867c1e03c22ebf56943be205202e576aabf23 Mon Sep 17 00:00:00 2001 -From: Matt Caswell <matt@openssl.org> -Date: Thu, 6 Jul 2023 16:36:35 +0100 -Subject: [PATCH] Fix DH_check() excessive time with over sized modulus - -The DH_check() function checks numerous aspects of the key or parameters -that have been supplied. Some of those checks use the supplied modulus -value even if it is excessively large. - -There is already a maximum DH modulus size (10,000 bits) over which -OpenSSL will not generate or derive keys. DH_check() will however still -perform various tests for validity on such a large modulus. We introduce a -new maximum (32,768) over which DH_check() will just fail. - -An application that calls DH_check() and supplies a key or parameters -obtained from an untrusted source could be vulnerable to a Denial of -Service attack. - -The function DH_check() is itself called by a number of other OpenSSL -functions. An application calling any of those other functions may -similarly be affected. The other functions affected by this are -DH_check_ex() and EVP_PKEY_param_check(). - -CVE-2023-3446 - -Reviewed-by: Paul Dale <pauli@openssl.org> -Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> -Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> -Reviewed-by: Tomas Mraz <tomas@openssl.org> -(Merged from https://github.com/openssl/openssl/pull/21451) - -(cherry picked from commit 9e0094e2aa1b3428a12d5095132f133c078d3c3d) ---- a/crypto/dh/dh_check.c -+++ b/crypto/dh/dh_check.c -@@ -152,6 +152,12 @@ int DH_check(const DH *dh, int *ret) - if (nid != NID_undef) - return 1; - -+ /* Don't do any checks at all with an excessively large modulus */ -+ if (BN_num_bits(dh->params.p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) { -+ ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE); -+ return 0; -+ } -+ - if (!DH_check_params(dh, ret)) - return 0; - ---- a/include/openssl/dh.h -+++ b/include/openssl/dh.h -@@ -92,7 +92,11 @@ int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); - # include <openssl/dherr.h> - - # ifndef OPENSSL_DH_MAX_MODULUS_BITS --# define OPENSSL_DH_MAX_MODULUS_BITS 10000 -+# define OPENSSL_DH_MAX_MODULUS_BITS 10000 -+# endif -+ -+# ifndef OPENSSL_DH_CHECK_MAX_MODULUS_BITS -+# define OPENSSL_DH_CHECK_MAX_MODULUS_BITS 32768 - # endif - - # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 - -From 4791e79b8803924b28c19af4d4036ad85335110d Mon Sep 17 00:00:00 2001 -From: Matt Caswell <matt@openssl.org> -Date: Fri, 7 Jul 2023 14:39:48 +0100 -Subject: [PATCH] Add a test for CVE-2023-3446 - -Confirm that the only errors DH_check() finds with DH parameters with an -excessively long modulus is that the modulus is too large. We should not -be performing time consuming checks using that modulus. - -Reviewed-by: Paul Dale <pauli@openssl.org> -Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> -Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> -Reviewed-by: Tomas Mraz <tomas@openssl.org> -(Merged from https://github.com/openssl/openssl/pull/21451) - -(cherry picked from commit ede782b4c8868d1f09c9cd237f82b6f35b7dba8b) ---- a/test/dhtest.c -+++ b/test/dhtest.c -@@ -73,7 +73,7 @@ static int dh_test(void) - goto err1; - - /* check fails, because p is way too small */ -- if (!DH_check(dh, &i)) -+ if (!TEST_true(DH_check(dh, &i))) - goto err2; - i ^= DH_MODULUS_TOO_SMALL; - if (!TEST_false(i & DH_CHECK_P_NOT_PRIME) -@@ -124,6 +124,17 @@ static int dh_test(void) - /* We'll have a stale error on the queue from the above test so clear it */ - ERR_clear_error(); - -+ /* Modulus of size: dh check max modulus bits + 1 */ -+ if (!TEST_true(BN_set_word(p, 1)) -+ || !TEST_true(BN_lshift(p, p, OPENSSL_DH_CHECK_MAX_MODULUS_BITS))) -+ goto err3; -+ -+ /* -+ * We expect no checks at all for an excessively large modulus -+ */ -+ if (!TEST_false(DH_check(dh, &i))) -+ goto err3; -+ - /* - * II) key generation - */ -@@ -138,7 +149,7 @@ static int dh_test(void) - goto err3; - - /* ... and check whether it is valid */ -- if (!DH_check(a, &i)) -+ if (!TEST_true(DH_check(a, &i))) - goto err3; - if (!TEST_false(i & DH_CHECK_P_NOT_PRIME) - || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME) - |