[gentoo-commits] repo/gentoo:master commit in: dev-libs/libressl/files/, dev-libs/libressl/ - gentoo-commits

From:	"Anthony G. Basile" <blueness@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: dev-libs/libressl/files/, dev-libs/libressl/
Date:	Sat, 05 Dec 2015 12:36:57
Message-Id:	`1449319321.1ace67d81ba5a5bee571ed3b171187dc3c8b76c7.blueness@gentoo`

1

commit:     1ace67d81ba5a5bee571ed3b171187dc3c8b76c7

2

Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>

3

AuthorDate: Sat Dec  5 12:42:01 2015 +0000

4

Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>

5

CommitDate: Sat Dec  5 12:42:01 2015 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1ace67d8

7

8

dev-libs/libressl: add upstream patch to address CVE-2015-3194, bug #567564

9

10

Package-Manager: portage-2.2.20.1

11

12

 .../libressl/files/libressl-2.2.4-clientcert.patch | 35 +++++++++++++++

13

 dev-libs/libressl/libressl-2.2.4-r1.ebuild         | 50 ++++++++++++++++++++++

14

 dev-libs/libressl/libressl-2.3.1-r1.ebuild         | 50 ++++++++++++++++++++++

15

 3 files changed, 135 insertions(+)

16

17

diff --git a/dev-libs/libressl/files/libressl-2.2.4-clientcert.patch b/dev-libs/libressl/files/libressl-2.2.4-clientcert.patch

18

new file mode 100644

19

index 0000000..ac2f88e

20

--- /dev/null

21

+++ b/dev-libs/libressl/files/libressl-2.2.4-clientcert.patch

22

@@ -0,0 +1,35 @@

23

+untrusted comment: signature from openbsd 5.8 base secret key

24

+RWQNNZXtC/MqP8u13/pPZfTpPeHhU93PG0DBihXvQ7lB0CvONLwoTfHr9f40s515bidPGcGLAH4xu+yz3skT6b3tKETEWZw8BgA=

25

+

26

+OpenBSD 5.8 errata 9, Dec 3, 2015:

27

+

28

+CVE-2015-3194 - NULL pointer dereference in client certificate validation

29

+

30

+Apply by doing:

31

+    signify -Vep /etc/signify/openbsd-58-base.pub -x 009_clientcert.patch.sig \

32

+        -m - | (cd /usr/src && patch -p0)

33

+

34

+And then rebuild and install libcrypto:

35

+    cd /usr/src/lib/libcrypto

36

+    make obj

37

+    make depend

38

+    make

39

+    make install

40

+

41

+Index: lib/libssl/src/crypto/rsa/rsa_ameth.c

42

+===================================================================

43

+RCS file: /cvs/src/lib/libssl/src/crypto/rsa/rsa_ameth.c,v

44

+retrieving revision 1.14

45

+retrieving revision 1.14.6.1

46

+diff -u -p -u -p -r1.14 -r1.14.6.1

47

+--- lib/libssl/src/crypto/rsa/rsa_ameth.c	11 Feb 2015 04:05:14 -0000	1.14

48

++++ lib/libssl/src/crypto/rsa/rsa_ameth.c	4 Dec 2015 04:13:43 -0000	1.14.6.1

49

+@@ -298,7 +298,7 @@ rsa_pss_decode(const X509_ALGOR *alg, X5

50

+ 	if (pss->maskGenAlgorithm) {

51

+ 		ASN1_TYPE *param = pss->maskGenAlgorithm->parameter;

52

+ 		if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1 &&

53

+-		    param->type == V_ASN1_SEQUENCE) {

54

++		    param && param->type == V_ASN1_SEQUENCE) {

55

+ 			p = param->value.sequence->data;

56

+ 			plen = param->value.sequence->length;

57

+ 			*pmaskHash = d2i_X509_ALGOR(NULL, &p, plen);

58

59

diff --git a/dev-libs/libressl/libressl-2.2.4-r1.ebuild b/dev-libs/libressl/libressl-2.2.4-r1.ebuild

60

new file mode 100644

61

index 0000000..cbbcb2b

62

--- /dev/null

63

+++ b/dev-libs/libressl/libressl-2.2.4-r1.ebuild

64

@@ -0,0 +1,50 @@

65

+# Copyright 1999-2015 Gentoo Foundation

66

+# Distributed under the terms of the GNU General Public License v2

67

+# $Id$

68

+

69

+EAPI=5

70

+

71

+inherit eutils multilib-minimal

72

+

73

+DESCRIPTION="Free version of the SSL/TLS protocol forked from OpenSSL"

74

+HOMEPAGE="http://www.libressl.org/"

75

+SRC_URI="http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${P}.tar.gz"

76

+

77

+LICENSE="ISC openssl"

78

+SLOT="0/35" # reflects ABI of libcrypto.so and libssl.so

79

+KEYWORDS="~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~x86"

80

+IUSE="+asm static-libs"

81

+

82

+RDEPEND="!dev-libs/openssl:0"

83

+DEPEND="${RDEPEND}"

84

+PDEPEND="app-misc/ca-certificates"

85

+

86

+src_prepare() {

87

+	touch crypto/Makefile.in

88

+

89

+	epatch "${FILESDIR}"/${P}-clientcert.patch

90

+

91

+	sed -i \

92

+		-e '/^[ \t]*CFLAGS=/s#-g ##' \

93

+		-e '/^[ \t]*CFLAGS=/s#-g"#"#' \

94

+		-e '/^[ \t]*CFLAGS=/s#-O2 ##' \

95

+		-e '/^[ \t]*CFLAGS=/s#-O2"#"#' \

96

+		-e '/^[ \t]*USER_CFLAGS=/s#-O2 ##' \

97

+		-e '/^[ \t]*USER_CFLAGS=/s#-O2"#"#' \

98

+		configure || die "fixing CFLAGS failed"

99

+}

100

+

101

+multilib_src_configure() {

102

+	ECONF_SOURCE="${S}" econf \

103

+		$(use_enable asm) \

104

+		$(use_enable static-libs static)

105

+}

106

+

107

+multilib_src_test() {

108

+	emake check

109

+}

110

+

111

+multilib_src_install_all() {

112

+	einstalldocs

113

+	prune_libtool_files

114

+}

115

116

diff --git a/dev-libs/libressl/libressl-2.3.1-r1.ebuild b/dev-libs/libressl/libressl-2.3.1-r1.ebuild

117

new file mode 100644

118

index 0000000..660a329

119

--- /dev/null

120

+++ b/dev-libs/libressl/libressl-2.3.1-r1.ebuild

121

@@ -0,0 +1,50 @@

122

+# Copyright 1999-2015 Gentoo Foundation

123

+# Distributed under the terms of the GNU General Public License v2

124

+# $Id$

125

+

126

+EAPI=5

127

+

128

+inherit eutils multilib-minimal

129

+

130

+DESCRIPTION="Free version of the SSL/TLS protocol forked from OpenSSL"

131

+HOMEPAGE="http://www.libressl.org/"

132

+SRC_URI="http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${P}.tar.gz"

133

+

134

+LICENSE="ISC openssl"

135

+SLOT="0/36" # reflects ABI of libcrypto.so and libssl.so

136

+KEYWORDS="~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~x86"

137

+IUSE="+asm static-libs"

138

+

139

+RDEPEND="!dev-libs/openssl:0"

140

+DEPEND="${RDEPEND}"

141

+PDEPEND="app-misc/ca-certificates"

142

+

143

+src_prepare() {

144

+	touch crypto/Makefile.in

145

+

146

+	epatch "${FILESDIR}"/${PN}-2.2.4-clientcert.patch

147

+

148

+	sed -i \

149

+		-e '/^[ \t]*CFLAGS=/s#-g ##' \

150

+		-e '/^[ \t]*CFLAGS=/s#-g"#"#' \

151

+		-e '/^[ \t]*CFLAGS=/s#-O2 ##' \

152

+		-e '/^[ \t]*CFLAGS=/s#-O2"#"#' \

153

+		-e '/^[ \t]*USER_CFLAGS=/s#-O2 ##' \

154

+		-e '/^[ \t]*USER_CFLAGS=/s#-O2"#"#' \

155

+		configure || die "fixing CFLAGS failed"

156

+}

157

+

158

+multilib_src_configure() {

159

+	ECONF_SOURCE="${S}" econf \

160

+		$(use_enable asm) \

161

+		$(use_enable static-libs static)

162

+}

163

+

164

+multilib_src_test() {

165

+	emake check

166

+}

167

+

168

+multilib_src_install_all() {

169

+	einstalldocs

170

+	prune_libtool_files

171

+}

1	commit: 1ace67d81ba5a5bee571ed3b171187dc3c8b76c7
2	Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3	AuthorDate: Sat Dec 5 12:42:01 2015 +0000
4	Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5	CommitDate: Sat Dec 5 12:42:01 2015 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1ace67d8
7
8	dev-libs/libressl: add upstream patch to address CVE-2015-3194, bug #567564
9
10	Package-Manager: portage-2.2.20.1
11
12	.../libressl/files/libressl-2.2.4-clientcert.patch \| 35 +++++++++++++++
13	dev-libs/libressl/libressl-2.2.4-r1.ebuild \| 50 ++++++++++++++++++++++
14	dev-libs/libressl/libressl-2.3.1-r1.ebuild \| 50 ++++++++++++++++++++++
15	3 files changed, 135 insertions(+)
16
17	diff --git a/dev-libs/libressl/files/libressl-2.2.4-clientcert.patch b/dev-libs/libressl/files/libressl-2.2.4-clientcert.patch
18	new file mode 100644
19	index 0000000..ac2f88e
20	--- /dev/null
21	+++ b/dev-libs/libressl/files/libressl-2.2.4-clientcert.patch
22	@@ -0,0 +1,35 @@
23	+untrusted comment: signature from openbsd 5.8 base secret key
24	+RWQNNZXtC/MqP8u13/pPZfTpPeHhU93PG0DBihXvQ7lB0CvONLwoTfHr9f40s515bidPGcGLAH4xu+yz3skT6b3tKETEWZw8BgA=
25	+
26	+OpenBSD 5.8 errata 9, Dec 3, 2015:
27	+
28	+CVE-2015-3194 - NULL pointer dereference in client certificate validation
29	+
30	+Apply by doing:
31	+ signify -Vep /etc/signify/openbsd-58-base.pub -x 009_clientcert.patch.sig \
32	+ -m - \| (cd /usr/src && patch -p0)
33	+
34	+And then rebuild and install libcrypto:
35	+ cd /usr/src/lib/libcrypto
36	+ make obj
37	+ make depend
38	+ make
39	+ make install
40	+
41	+Index: lib/libssl/src/crypto/rsa/rsa_ameth.c
42	+===================================================================
43	+RCS file: /cvs/src/lib/libssl/src/crypto/rsa/rsa_ameth.c,v
44	+retrieving revision 1.14
45	+retrieving revision 1.14.6.1
46	+diff -u -p -u -p -r1.14 -r1.14.6.1
47	+--- lib/libssl/src/crypto/rsa/rsa_ameth.c 11 Feb 2015 04:05:14 -0000 1.14
48	++++ lib/libssl/src/crypto/rsa/rsa_ameth.c 4 Dec 2015 04:13:43 -0000 1.14.6.1
49	+@@ -298,7 +298,7 @@ rsa_pss_decode(const X509_ALGOR *alg, X5
50	+ if (pss->maskGenAlgorithm) {
51	+ ASN1_TYPE *param = pss->maskGenAlgorithm->parameter;
52	+ if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1 &&
53	+- param->type == V_ASN1_SEQUENCE) {
54	++ param && param->type == V_ASN1_SEQUENCE) {
55	+ p = param->value.sequence->data;
56	+ plen = param->value.sequence->length;
57	+ *pmaskHash = d2i_X509_ALGOR(NULL, &p, plen);
58
59	diff --git a/dev-libs/libressl/libressl-2.2.4-r1.ebuild b/dev-libs/libressl/libressl-2.2.4-r1.ebuild
60	new file mode 100644
61	index 0000000..cbbcb2b
62	--- /dev/null
63	+++ b/dev-libs/libressl/libressl-2.2.4-r1.ebuild
64	@@ -0,0 +1,50 @@
65	+# Copyright 1999-2015 Gentoo Foundation
66	+# Distributed under the terms of the GNU General Public License v2
67	+# $Id$
68	+
69	+EAPI=5
70	+
71	+inherit eutils multilib-minimal
72	+
73	+DESCRIPTION="Free version of the SSL/TLS protocol forked from OpenSSL"
74	+HOMEPAGE="http://www.libressl.org/"
75	+SRC_URI="http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${P}.tar.gz"
76	+
77	+LICENSE="ISC openssl"
78	+SLOT="0/35" # reflects ABI of libcrypto.so and libssl.so
79	+KEYWORDS="~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~x86"
80	+IUSE="+asm static-libs"
81	+
82	+RDEPEND="!dev-libs/openssl:0"
83	+DEPEND="${RDEPEND}"
84	+PDEPEND="app-misc/ca-certificates"
85	+
86	+src_prepare() {
87	+ touch crypto/Makefile.in
88	+
89	+ epatch "${FILESDIR}"/${P}-clientcert.patch
90	+
91	+ sed -i \
92	+ -e '/^[ \t]*CFLAGS=/s#-g ##' \
93	+ -e '/^[ \t]*CFLAGS=/s#-g"#"#' \
94	+ -e '/^[ \t]*CFLAGS=/s#-O2 ##' \
95	+ -e '/^[ \t]*CFLAGS=/s#-O2"#"#' \
96	+ -e '/^[ \t]*USER_CFLAGS=/s#-O2 ##' \
97	+ -e '/^[ \t]*USER_CFLAGS=/s#-O2"#"#' \
98	+ configure \|\| die "fixing CFLAGS failed"
99	+}
100	+
101	+multilib_src_configure() {
102	+ ECONF_SOURCE="${S}" econf \
103	+ $(use_enable asm) \
104	+ $(use_enable static-libs static)
105	+}
106	+
107	+multilib_src_test() {
108	+ emake check
109	+}
110	+
111	+multilib_src_install_all() {
112	+ einstalldocs
113	+ prune_libtool_files
114	+}
115
116	diff --git a/dev-libs/libressl/libressl-2.3.1-r1.ebuild b/dev-libs/libressl/libressl-2.3.1-r1.ebuild
117	new file mode 100644
118	index 0000000..660a329
119	--- /dev/null
120	+++ b/dev-libs/libressl/libressl-2.3.1-r1.ebuild
121	@@ -0,0 +1,50 @@
122	+# Copyright 1999-2015 Gentoo Foundation
123	+# Distributed under the terms of the GNU General Public License v2
124	+# $Id$
125	+
126	+EAPI=5
127	+
128	+inherit eutils multilib-minimal
129	+
130	+DESCRIPTION="Free version of the SSL/TLS protocol forked from OpenSSL"
131	+HOMEPAGE="http://www.libressl.org/"
132	+SRC_URI="http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${P}.tar.gz"
133	+
134	+LICENSE="ISC openssl"
135	+SLOT="0/36" # reflects ABI of libcrypto.so and libssl.so
136	+KEYWORDS="~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~x86"
137	+IUSE="+asm static-libs"
138	+
139	+RDEPEND="!dev-libs/openssl:0"
140	+DEPEND="${RDEPEND}"
141	+PDEPEND="app-misc/ca-certificates"
142	+
143	+src_prepare() {
144	+ touch crypto/Makefile.in
145	+
146	+ epatch "${FILESDIR}"/${PN}-2.2.4-clientcert.patch
147	+
148	+ sed -i \
149	+ -e '/^[ \t]*CFLAGS=/s#-g ##' \
150	+ -e '/^[ \t]*CFLAGS=/s#-g"#"#' \
151	+ -e '/^[ \t]*CFLAGS=/s#-O2 ##' \
152	+ -e '/^[ \t]*CFLAGS=/s#-O2"#"#' \
153	+ -e '/^[ \t]*USER_CFLAGS=/s#-O2 ##' \
154	+ -e '/^[ \t]*USER_CFLAGS=/s#-O2"#"#' \
155	+ configure \|\| die "fixing CFLAGS failed"
156	+}
157	+
158	+multilib_src_configure() {
159	+ ECONF_SOURCE="${S}" econf \
160	+ $(use_enable asm) \
161	+ $(use_enable static-libs static)
162	+}
163	+
164	+multilib_src_test() {
165	+ emake check
166	+}
167	+
168	+multilib_src_install_all() {
169	+ einstalldocs
170	+ prune_libtool_files
171	+}

Gentoo Archives: gentoo-commits