[gentoo-commits] repo/gentoo:master commit in: dev-libs/libressl/files/, dev-libs/libressl/

Anthony G. Basile Sat, 05 Dec 2015 04:37:27 -0800

commit:     1ace67d81ba5a5bee571ed3b171187dc3c8b76c7
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Dec  5 12:42:01 2015 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Dec  5 12:42:01 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1ace67d8


dev-libs/libressl: add upstream patch to address CVE-2015-3194, bug #567564

Package-Manager: portage-2.2.20.1

 .../libressl/files/libressl-2.2.4-clientcert.patch | 35 +++++++++++++++
 dev-libs/libressl/libressl-2.2.4-r1.ebuild         | 50 ++++++++++++++++++++++
 dev-libs/libressl/libressl-2.3.1-r1.ebuild         | 50 ++++++++++++++++++++++
 3 files changed, 135 insertions(+)

diff --git a/dev-libs/libressl/files/libressl-2.2.4-clientcert.patch 
b/dev-libs/libressl/files/libressl-2.2.4-clientcert.patch
new file mode 100644
index 0000000..ac2f88e
--- /dev/null
+++ b/dev-libs/libressl/files/libressl-2.2.4-clientcert.patch
@@ -0,0 +1,35 @@
+untrusted comment: signature from openbsd 5.8 base secret key
+RWQNNZXtC/MqP8u13/pPZfTpPeHhU93PG0DBihXvQ7lB0CvONLwoTfHr9f40s515bidPGcGLAH4xu+yz3skT6b3tKETEWZw8BgA=
+
+OpenBSD 5.8 errata 9, Dec 3, 2015:
+
+CVE-2015-3194 - NULL pointer dereference in client certificate validation
+
+Apply by doing:
+    signify -Vep /etc/signify/openbsd-58-base.pub -x 009_clientcert.patch.sig \
+        -m - | (cd /usr/src && patch -p0)
+
+And then rebuild and install libcrypto:
+    cd /usr/src/lib/libcrypto
+    make obj
+    make depend
+    make
+    make install
+
+Index: lib/libssl/src/crypto/rsa/rsa_ameth.c
+===================================================================
+RCS file: /cvs/src/lib/libssl/src/crypto/rsa/rsa_ameth.c,v
+retrieving revision 1.14
+retrieving revision 1.14.6.1
+diff -u -p -u -p -r1.14 -r1.14.6.1
+--- lib/libssl/src/crypto/rsa/rsa_ameth.c      11 Feb 2015 04:05:14 -0000      
1.14
++++ lib/libssl/src/crypto/rsa/rsa_ameth.c      4 Dec 2015 04:13:43 -0000       
1.14.6.1
+@@ -298,7 +298,7 @@ rsa_pss_decode(const X509_ALGOR *alg, X5
+       if (pss->maskGenAlgorithm) {
+               ASN1_TYPE *param = pss->maskGenAlgorithm->parameter;
+               if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1 &&
+-                  param->type == V_ASN1_SEQUENCE) {
++                  param && param->type == V_ASN1_SEQUENCE) {
+                       p = param->value.sequence->data;
+                       plen = param->value.sequence->length;
+                       *pmaskHash = d2i_X509_ALGOR(NULL, &p, plen);

diff --git a/dev-libs/libressl/libressl-2.2.4-r1.ebuild 
b/dev-libs/libressl/libressl-2.2.4-r1.ebuild
new file mode 100644
index 0000000..cbbcb2b
--- /dev/null
+++ b/dev-libs/libressl/libressl-2.2.4-r1.ebuild
@@ -0,0 +1,50 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit eutils multilib-minimal
+
+DESCRIPTION="Free version of the SSL/TLS protocol forked from OpenSSL"
+HOMEPAGE="http://www.libressl.org/";
+SRC_URI="http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${P}.tar.gz";
+
+LICENSE="ISC openssl"
+SLOT="0/35" # reflects ABI of libcrypto.so and libssl.so
+KEYWORDS="~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~x86"
+IUSE="+asm static-libs"
+
+RDEPEND="!dev-libs/openssl:0"
+DEPEND="${RDEPEND}"
+PDEPEND="app-misc/ca-certificates"
+
+src_prepare() {
+       touch crypto/Makefile.in
+
+       epatch "${FILESDIR}"/${P}-clientcert.patch
+
+       sed -i \
+               -e '/^[ \t]*CFLAGS=/s#-g ##' \
+               -e '/^[ \t]*CFLAGS=/s#-g"#"#' \
+               -e '/^[ \t]*CFLAGS=/s#-O2 ##' \
+               -e '/^[ \t]*CFLAGS=/s#-O2"#"#' \
+               -e '/^[ \t]*USER_CFLAGS=/s#-O2 ##' \
+               -e '/^[ \t]*USER_CFLAGS=/s#-O2"#"#' \
+               configure || die "fixing CFLAGS failed"
+}
+
+multilib_src_configure() {
+       ECONF_SOURCE="${S}" econf \
+               $(use_enable asm) \
+               $(use_enable static-libs static)
+}
+
+multilib_src_test() {
+       emake check
+}
+
+multilib_src_install_all() {
+       einstalldocs
+       prune_libtool_files
+}

diff --git a/dev-libs/libressl/libressl-2.3.1-r1.ebuild 
b/dev-libs/libressl/libressl-2.3.1-r1.ebuild
new file mode 100644
index 0000000..660a329
--- /dev/null
+++ b/dev-libs/libressl/libressl-2.3.1-r1.ebuild
@@ -0,0 +1,50 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit eutils multilib-minimal
+
+DESCRIPTION="Free version of the SSL/TLS protocol forked from OpenSSL"
+HOMEPAGE="http://www.libressl.org/";
+SRC_URI="http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${P}.tar.gz";
+
+LICENSE="ISC openssl"
+SLOT="0/36" # reflects ABI of libcrypto.so and libssl.so
+KEYWORDS="~amd64 ~arm ~hppa ~mips ~ppc ~ppc64 ~x86"
+IUSE="+asm static-libs"
+
+RDEPEND="!dev-libs/openssl:0"
+DEPEND="${RDEPEND}"
+PDEPEND="app-misc/ca-certificates"
+
+src_prepare() {
+       touch crypto/Makefile.in
+
+       epatch "${FILESDIR}"/${PN}-2.2.4-clientcert.patch
+
+       sed -i \
+               -e '/^[ \t]*CFLAGS=/s#-g ##' \
+               -e '/^[ \t]*CFLAGS=/s#-g"#"#' \
+               -e '/^[ \t]*CFLAGS=/s#-O2 ##' \
+               -e '/^[ \t]*CFLAGS=/s#-O2"#"#' \
+               -e '/^[ \t]*USER_CFLAGS=/s#-O2 ##' \
+               -e '/^[ \t]*USER_CFLAGS=/s#-O2"#"#' \
+               configure || die "fixing CFLAGS failed"
+}
+
+multilib_src_configure() {
+       ECONF_SOURCE="${S}" econf \
+               $(use_enable asm) \
+               $(use_enable static-libs static)
+}
+
+multilib_src_test() {
+       emake check
+}
+
+multilib_src_install_all() {
+       einstalldocs
+       prune_libtool_files
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/libressl/files/, dev-libs/libressl/

Reply via email to