Gentoo Archives: gentoo-commits

From:	Sam James <sam@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: profiles/
Date:	Wed, 29 Jun 2022 00:08:48
Message-Id:	`1656461282.4237aff222a1f435f3cd335ddfcdda9513290d28.sam@gentoo`

1	commit: 4237aff222a1f435f3cd335ddfcdda9513290d28
2	Author: Sam James <sam <AT> gentoo <DOT> org>
3	AuthorDate: Wed Jun 29 00:07:53 2022 +0000
4	Commit: Sam James <sam <AT> gentoo <DOT> org>
5	CommitDate: Wed Jun 29 00:08:02 2022 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4237aff2
7
8	profiles: mask broken OpenSSL versions
9
10	I should've pre-emptively masked these before to explain to avoid
11	someone bumping them.
12
13	See: e7b9a095de5e6f78668385223fa6ccd9fdeb36ae
14	See: ac22f739ccb5a81016f42859ec489d9fdbc416dd
15	See: e509d05a877800358c778520f149e51c978ca0f4
16	Signed-off-by: Sam James <sam <AT> gentoo.org>
17
18	profiles/package.mask \| 9 +++++++++
19	1 file changed, 9 insertions(+)
20
21	diff --git a/profiles/package.mask b/profiles/package.mask
22	index c454d1c3be13..1e9b1d33bf8c 100644
23	--- a/profiles/package.mask
24	+++ b/profiles/package.mask
25	@@ -33,6 +33,15 @@
26
27	#--- END OF EXAMPLES ---
28
29	+# Sam James <sam@g.o> (2022-06-29)
30	+# Pre-emptively mask broken upstream versions.
31	+# 1. openssl 1.1.1o fails tests (https://github.com/openssl/openssl/issues/18619)
32	+# 2. openssl 3.0.4 has a buffer overflow w/ AVX512 (https://github.com/openssl/openssl/issues/18625)
33	+# Gentoo isn't vulnerable to the original CVE which caused these releases
34	+# (CVE-2022-2068) as we have our own rehash script.
35	+=dev-libs/openssl-1.1.1p
36	+=dev-libs/openssl-3.0.4
37	+
38	# Piotr Karbowski <slashbeast@g.o> (2022-06-26)
39	# Abandoned upstream, depends on API that no longer exists.
40	# Removal on 2022-07-26.