1 |
commit: 1ace67d81ba5a5bee571ed3b171187dc3c8b76c7 |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Dec 5 12:42:01 2015 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Dec 5 12:42:01 2015 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1ace67d8 |
7 |
|
8 |
dev-libs/libressl: add upstream patch to address CVE-2015-3194, bug #567564 |
9 |
|
10 |
Package-Manager: portage-2.2.20.1 |
11 |
|
12 |
.../libressl/files/libressl-2.2.4-clientcert.patch | 35 +++++++++++++++ |
13 |
dev-libs/libressl/libressl-2.2.4-r1.ebuild | 50 ++++++++++++++++++++++ |
14 |
dev-libs/libressl/libressl-2.3.1-r1.ebuild | 50 ++++++++++++++++++++++ |
15 |
3 files changed, 135 insertions(+) |
16 |
|
17 |
diff --git a/dev-libs/libressl/files/libressl-2.2.4-clientcert.patch b/dev-libs/libressl/files/libressl-2.2.4-clientcert.patch |
18 |
new file mode 100644 |
19 |
index 0000000..ac2f88e |
20 |
--- /dev/null |
21 |
+++ b/dev-libs/libressl/files/libressl-2.2.4-clientcert.patch |
22 |
@@ -0,0 +1,35 @@ |
23 |
+untrusted comment: signature from openbsd 5.8 base secret key |
24 |
+RWQNNZXtC/MqP8u13/pPZfTpPeHhU93PG0DBihXvQ7lB0CvONLwoTfHr9f40s515bidPGcGLAH4xu+yz3skT6b3tKETEWZw8BgA= |
25 |
+ |
26 |
+OpenBSD 5.8 errata 9, Dec 3, 2015: |
27 |
+ |
28 |
+CVE-2015-3194 - NULL pointer dereference in client certificate validation |
29 |
+ |
30 |
+Apply by doing: |
31 |
+ signify -Vep /etc/signify/openbsd-58-base.pub -x 009_clientcert.patch.sig \ |
32 |
+ -m - | (cd /usr/src && patch -p0) |
33 |
+ |
34 |
+And then rebuild and install libcrypto: |
35 |
+ cd /usr/src/lib/libcrypto |
36 |
+ make obj |
37 |
+ make depend |
38 |
+ make |
39 |
+ make install |
40 |
+ |
41 |
+Index: lib/libssl/src/crypto/rsa/rsa_ameth.c |
42 |
+=================================================================== |
43 |
+RCS file: /cvs/src/lib/libssl/src/crypto/rsa/rsa_ameth.c,v |
44 |
+retrieving revision 1.14 |
45 |
+retrieving revision 1.14.6.1 |
46 |
+diff -u -p -u -p -r1.14 -r1.14.6.1 |
47 |
+--- lib/libssl/src/crypto/rsa/rsa_ameth.c 11 Feb 2015 04:05:14 -0000 1.14 |
48 |
++++ lib/libssl/src/crypto/rsa/rsa_ameth.c 4 Dec 2015 04:13:43 -0000 1.14.6.1 |
49 |
+@@ -298,7 +298,7 @@ rsa_pss_decode(const X509_ALGOR *alg, X5 |
50 |
+ if (pss->maskGenAlgorithm) { |
51 |
+ ASN1_TYPE *param = pss->maskGenAlgorithm->parameter; |
52 |
+ if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1 && |
53 |
+- param->type == V_ASN1_SEQUENCE) { |
54 |
++ param && param->type == V_ASN1_SEQUENCE) { |
55 |
+ p = param->value.sequence->data; |
56 |
+ plen = param->value.sequence->length; |
57 |
+ *pmaskHash = d2i_X509_ALGOR(NULL, &p, plen); |
58 |
|
59 |
diff --git a/dev-libs/libressl/libressl-2.2.4-r1.ebuild b/dev-libs/libressl/libressl-2.2.4-r1.ebuild |
60 |
new file mode 100644 |
61 |
index 0000000..cbbcb2b |
62 |
--- /dev/null |
63 |
+++ b/dev-libs/libressl/libressl-2.2.4-r1.ebuild |
64 |
@@ -0,0 +1,50 @@ |
65 |
+# Copyright 1999-2015 Gentoo Foundation |
66 |
+# Distributed under the terms of the GNU General Public License v2 |
67 |
+# $Id$ |
68 |
+ |
69 |
+EAPI=5 |
70 |
+ |
71 |
+inherit eutils multilib-minimal |
72 |
+ |
73 |
+DESCRIPTION="Free version of the SSL/TLS protocol forked from OpenSSL" |
74 |
+HOMEPAGE="http://www.libressl.org/" |
75 |
+SRC_URI="http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${P}.tar.gz" |
76 |
+ |
77 |
+LICENSE="ISC openssl" |
78 |
+SLOT="0/35" # reflects ABI of libcrypto.so and libssl.so |
79 |
+KEYWORDS="~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~x86" |
80 |
+IUSE="+asm static-libs" |
81 |
+ |
82 |
+RDEPEND="!dev-libs/openssl:0" |
83 |
+DEPEND="${RDEPEND}" |
84 |
+PDEPEND="app-misc/ca-certificates" |
85 |
+ |
86 |
+src_prepare() { |
87 |
+ touch crypto/Makefile.in |
88 |
+ |
89 |
+ epatch "${FILESDIR}"/${P}-clientcert.patch |
90 |
+ |
91 |
+ sed -i \ |
92 |
+ -e '/^[ \t]*CFLAGS=/s#-g ##' \ |
93 |
+ -e '/^[ \t]*CFLAGS=/s#-g"#"#' \ |
94 |
+ -e '/^[ \t]*CFLAGS=/s#-O2 ##' \ |
95 |
+ -e '/^[ \t]*CFLAGS=/s#-O2"#"#' \ |
96 |
+ -e '/^[ \t]*USER_CFLAGS=/s#-O2 ##' \ |
97 |
+ -e '/^[ \t]*USER_CFLAGS=/s#-O2"#"#' \ |
98 |
+ configure || die "fixing CFLAGS failed" |
99 |
+} |
100 |
+ |
101 |
+multilib_src_configure() { |
102 |
+ ECONF_SOURCE="${S}" econf \ |
103 |
+ $(use_enable asm) \ |
104 |
+ $(use_enable static-libs static) |
105 |
+} |
106 |
+ |
107 |
+multilib_src_test() { |
108 |
+ emake check |
109 |
+} |
110 |
+ |
111 |
+multilib_src_install_all() { |
112 |
+ einstalldocs |
113 |
+ prune_libtool_files |
114 |
+} |
115 |
|
116 |
diff --git a/dev-libs/libressl/libressl-2.3.1-r1.ebuild b/dev-libs/libressl/libressl-2.3.1-r1.ebuild |
117 |
new file mode 100644 |
118 |
index 0000000..660a329 |
119 |
--- /dev/null |
120 |
+++ b/dev-libs/libressl/libressl-2.3.1-r1.ebuild |
121 |
@@ -0,0 +1,50 @@ |
122 |
+# Copyright 1999-2015 Gentoo Foundation |
123 |
+# Distributed under the terms of the GNU General Public License v2 |
124 |
+# $Id$ |
125 |
+ |
126 |
+EAPI=5 |
127 |
+ |
128 |
+inherit eutils multilib-minimal |
129 |
+ |
130 |
+DESCRIPTION="Free version of the SSL/TLS protocol forked from OpenSSL" |
131 |
+HOMEPAGE="http://www.libressl.org/" |
132 |
+SRC_URI="http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${P}.tar.gz" |
133 |
+ |
134 |
+LICENSE="ISC openssl" |
135 |
+SLOT="0/36" # reflects ABI of libcrypto.so and libssl.so |
136 |
+KEYWORDS="~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~x86" |
137 |
+IUSE="+asm static-libs" |
138 |
+ |
139 |
+RDEPEND="!dev-libs/openssl:0" |
140 |
+DEPEND="${RDEPEND}" |
141 |
+PDEPEND="app-misc/ca-certificates" |
142 |
+ |
143 |
+src_prepare() { |
144 |
+ touch crypto/Makefile.in |
145 |
+ |
146 |
+ epatch "${FILESDIR}"/${PN}-2.2.4-clientcert.patch |
147 |
+ |
148 |
+ sed -i \ |
149 |
+ -e '/^[ \t]*CFLAGS=/s#-g ##' \ |
150 |
+ -e '/^[ \t]*CFLAGS=/s#-g"#"#' \ |
151 |
+ -e '/^[ \t]*CFLAGS=/s#-O2 ##' \ |
152 |
+ -e '/^[ \t]*CFLAGS=/s#-O2"#"#' \ |
153 |
+ -e '/^[ \t]*USER_CFLAGS=/s#-O2 ##' \ |
154 |
+ -e '/^[ \t]*USER_CFLAGS=/s#-O2"#"#' \ |
155 |
+ configure || die "fixing CFLAGS failed" |
156 |
+} |
157 |
+ |
158 |
+multilib_src_configure() { |
159 |
+ ECONF_SOURCE="${S}" econf \ |
160 |
+ $(use_enable asm) \ |
161 |
+ $(use_enable static-libs static) |
162 |
+} |
163 |
+ |
164 |
+multilib_src_test() { |
165 |
+ emake check |
166 |
+} |
167 |
+ |
168 |
+multilib_src_install_all() { |
169 |
+ einstalldocs |
170 |
+ prune_libtool_files |
171 |
+} |