1 |
commit: 4237aff222a1f435f3cd335ddfcdda9513290d28 |
2 |
Author: Sam James <sam <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Jun 29 00:07:53 2022 +0000 |
4 |
Commit: Sam James <sam <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Jun 29 00:08:02 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4237aff2 |
7 |
|
8 |
profiles: mask broken OpenSSL versions |
9 |
|
10 |
I should've pre-emptively masked these before to explain to avoid |
11 |
someone bumping them. |
12 |
|
13 |
See: e7b9a095de5e6f78668385223fa6ccd9fdeb36ae |
14 |
See: ac22f739ccb5a81016f42859ec489d9fdbc416dd |
15 |
See: e509d05a877800358c778520f149e51c978ca0f4 |
16 |
Signed-off-by: Sam James <sam <AT> gentoo.org> |
17 |
|
18 |
profiles/package.mask | 9 +++++++++ |
19 |
1 file changed, 9 insertions(+) |
20 |
|
21 |
diff --git a/profiles/package.mask b/profiles/package.mask |
22 |
index c454d1c3be13..1e9b1d33bf8c 100644 |
23 |
--- a/profiles/package.mask |
24 |
+++ b/profiles/package.mask |
25 |
@@ -33,6 +33,15 @@ |
26 |
|
27 |
#--- END OF EXAMPLES --- |
28 |
|
29 |
+# Sam James <sam@g.o> (2022-06-29) |
30 |
+# Pre-emptively mask broken upstream versions. |
31 |
+# 1. openssl 1.1.1o fails tests (https://github.com/openssl/openssl/issues/18619) |
32 |
+# 2. openssl 3.0.4 has a buffer overflow w/ AVX512 (https://github.com/openssl/openssl/issues/18625) |
33 |
+# Gentoo isn't vulnerable to the original CVE which caused these releases |
34 |
+# (CVE-2022-2068) as we have our own rehash script. |
35 |
+=dev-libs/openssl-1.1.1p |
36 |
+=dev-libs/openssl-3.0.4 |
37 |
+ |
38 |
# Piotr Karbowski <slashbeast@g.o> (2022-06-26) |
39 |
# Abandoned upstream, depends on API that no longer exists. |
40 |
# Removal on 2022-07-26. |